There was a time when corporate management paid little attention to IT policies. But the very public fiascos that were Enron, MCI/WorldCom, to name a couple that occurred nearly 10 years ago changed all that. The advent of the Sarbanes-Oxley Act (SOX) of 2002 and subsequent regulations from the USA, Europe and UK have resulted in a much tighter ship. The prospect of fines and prison time for companies and their executives if there’s a violation has resulted in complex regulatory compliance programmes.
But what is compliance? Well search on the web and a generally accepted definition is “compliance is either a state of being in accordance with established guidelines, specifications, or legislation or the process of becoming so”.
In a regulatory context, compliance is an overriding business concern. Helped along by the ever-increasing number of regulations compounded by a prevalent lack of understanding about what is required for a company to be in compliance with new legislation.
In the financial sector, SOX was enacted in response to the high-profile financial scandals of the early 2000’s to protect shareholders and the general public from accounting errors and fraudulent practices which appeared to be rife across many an enterprise.
Many such organisations have and are executing compliance programmes. These programmes are based on the interpretation of the particular regulation or standard befitting their unique business model in order to comply with the peculiarities of the “guidance” provided. Guidance is used loosely, as regulations tend to neglect the actual implementation side and leave it to be interpreted by the organisation. A classic case is SOX.
Once the organisation knows how the particular regulation or standard impacts their business, the programme can continue to identify pertinent compliance gaps and provide practical solutions to close those gaps. Once those gaps are closed, rigorous compliance assessment must be performed on a regular basis.
Organisations face a continuing succession of regulations or standards. So the future for such programmes is plentiful.