Study Finds Companies Lacking in Compliance Readiness

A new thought leadership initiative co-sponsored by Chief Executive magazine confirms that CEO attention to compliance issues has measurably increased [...]

October 12 2006 by Chief Executive


A new thought leadership initiative co-sponsored by Chief Executive magazine confirms that CEO attention to compliance issues has measurably increased in the past six years, but the message isn’t always getting through. In fact, less than half the IT executives surveyed say they consider compliance to be a “critical initiative with full management support.” At the same time, nearly 40% say their company’s IT executives don’t understand current regulations well enough to effectively implement compliance technologies and policies.

The study, titled “CEE the Future: The Compliance-Enabled Enterprise,” was conducted by the Business Performance Management (BPM) Forum and sponsored by AXS-One Inc., a provider of records compliance management software solutions, along with the IT Compliance Institute and Chief Executive magazine. The project was designed to audit corporate America‘s level of compliance readiness and offer a series of recommendations for improvement. 

While compliance issues around regulations such as Sarbanes-Oxley and related legal complexities are commonly regarded as a boardroom priority, the realty is that many companies are still a long way from developing the IT infrastructure, policies and processes needed to align with compliance objectives. As a result, these companies remain seriously unprepared for a lawsuit, audit or request from a regulator.

The report paints a vivid picture of a business environment with a troubling disconnect: On the one hand, dogged by images of high-profile companies and their marquee executives facing serious legal and financial sanctions, many in upper management clearly take the issue of compliance seriously, and say they’ve allocated considerable resources to this function. But it’s a different story in the trenches where the arduous work is being done-implementing the right technologies to ensure that companies have complete control of their electronic records, developing policies that employees can adhere to, and building in enforcement processes to match the policies.

Among the findings:

Close to half, or 47.3%, of all senior executives are concerned that their companies’ failure to effectively archive and manage all of their electronic content represents a critical liability for their organization.

In a further sign of the ambiguity that surrounds compliance activities, 35% of the respondents remain in the dark as to how much of their IT budget is tied to compliance.

Fully a third of the respondents, 33%, say they have no corporate policy covering electronic records management. In fact, nearly 20% don’t know whether they even have a policy.

Barely 40% of the respondents feel their companies are effectively enforcing the electronic records management policies that actually are in place.

While lawsuits supposedly represent a constant threat, more than a third of the respondents, 36.4%, say their companies have no technologies or policies whatsoever in place to manage a legal discovery order involving electronic records.

Almost 41% of the respondents say it would take several days to a week or more to retrieve e-mails related to a particular transaction.

The full report – “CEE the Future: Building the Compliance-Enabled Enterprise” – is available by visiting www.bpmforum.org  or www.axsone.com