Survey: Compliance costs IT dear

gallery

European IT organisations are struggling to pay for, resource and keep pace with growing corporate regulation, a new survey has found.

A poll has revealed that US organisations are more likely to be compliant with regulations than their European counterparts, even though they tracked the most numbers of regulations globally. But the UK came a close second, tracking compliance with 48 regulations from around the world, compared to 50 for the US and a global average of 45.

Notably, almost half (46 per cent) of European IT directors said their firms were not Sarbanes-Oxley (SOX) compliant, compared to just 11 per cent in America. Similarly for Basel II, over a third (36 per cent) of European companies were not in compliance, compared to 17 per cent in the US.

Europe was not alone in feeling the affects of the increased burden of compliance, however. Nearly 45 per cent of all those surveyed reported an increase in the time and monetary resources required to comply with the 13 various regulations included in the survey from around the world.

But 40 per cent of IT directors in Europe reported the introduction of new regulations as a reason for increasing the time and monetary resources dedicated to compliance. A third (34 per cent) said changes to existing regulations were a particular factor, while 27 per cent said senior management’s growing concern about compliance has been a factor in rising costs.

Despite the growing cost of compliance reported across the region, efforts to comply are still often being carried out manually. At least half of the respondents said their companies do not have central repositories to help identify the regulations and controls that directly impact them.

More than two-thirds reported that they maintained the information about the status of their IT compliance controls in multiple spreadsheets and often with different organisational units. And over 75 per cent said that the operation, testing, monitoring and reporting of IT controls were, at best, a combination of automated and manual processes.

Chris Miller, UK and Ireland senior vice president and area manager for the survey sponsor CA, said: “It is time to start automating processes that support proof-of-compliance and streamline those efforts for more comprehensive compliance management. Organisations are subject to significant business and cost risks when they adopt an ad-hoc approach to compliance.”

Independent research company GMG Insights questioned 575 IT directors from large and mid-size enterprises in the US, Europe, Asia Pacific and Central/South America, including 253 European respondents, about their efforts to comply with regulations like Sarbanes-Oxley (SOX) and Basel II that threaten executives with criminal penalties.

Email to a friend

Print this page