Logo
PDF Print E-mail

Addressing Multiple Compliance Regulations
 BY ALEX ZADROZNY,
President and CEO, Zmen Systems, LLC


Now more than ever, organizations of all sizes struggle to comply with multiple regulatory guidelines and manage the risks and penalties of failing to operate within the rules. Establishing, maintaining and proving compliance demands money and time executives and shareholders would rather invest in business growth. The complexity of the procedures, tasks and behaviors that involve compliance can be overwhelming. Organ-izations that master managing all these activities—and demonstrate their completion—operate more efficiently and compete more effectively.

Most companies acknowledge the cost and risks of fragmented governance, risk and compliance (GRC) efforts, yet few have taken action. In the 2007 GRC Strategy Survey, conducted by the Open Compliance and Ethics Group:

  • Eighty-four percent of respondents reported fragmentation of compliance activities and processes.
  • Sixty-five percent claimed fragmented compliance caused serious business problems through duplication of efforts, redundant solutions, higher costs and increased risk.
  • Seventy-five percent indicated they would scrap their current programs and start over, if possible.
  • Seventy-one percent that acted on integration opportunities indicated they realized benefits that met or exceeded company expectations.

It is critical for senior management to consider creating a compliance framework that integrates the risk and control objectives from multiple regulatory guidelines. The reduction in complexity of multiple frameworks through an integrated approach will yield savings and speed adoption. The controls and processes established from an integrated compliance framework also allow multiple parties to adopt a common assessment, monitoring and reporting approach.

Compliance Convergence

It is not uncommon for an IT organization to be undergoing multiple audits at any given moment. But how do you manage the requirements and objectives of each set of regulations and external examiners? These days, IT management can be tasked with any of the following compliance frameworks: Control Objectives for Information and related Technology (CobiT), International Organization for Standardization (ISO) standards, the Gramm-Leach-Bliley Act, Payment Card Industry Data Security Standard and the National Institute of Standards and Technology standards. If you are part of an international company (and who isn't?), there also is Basel II. Each framework has unique compliance requirements, but the fact is most of the regulatory requirements of these frameworks are redundant.

 
 
TCA Home | ARTICLES | WEBINARS | SIGN UP | EVENTS | SPONSORS | PARTNERS | EXPERTS | ABOUT | CONTACT | PRIVACY POLICY | UNSUBSCRIBE | TCA RSS Feed

Copyright ©2009 The Compliance Authority, Inc.