Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

The Word is--Compliance

A Real Opportunity

But to those still resisting: Get with the program. Compliance isn't Y2K all over again. Y2K was a one-off remediation effort. It fixed a clearly defined date-field problem in computer systems and applications. Once we proved that the fixes worked, we moved on.

To prove compliance with SOX, HIPAA and other regulations, we must show how everything works and why the way it works is the correct way. And because compliance efforts cut across multiple organizational processes, from data collection to financial reporting, and because they're meant to change behavior rather than just clean up a technical glitch, they present a more compelling reason to align business and IT processes than Y2K remediation ever did.

Compliance is an opportunity to finally embrace IT governance--methodologies like ITIL (IT service management), CMM (software development) and COBIT (security and project management). "We talk smack all the time in IT about best practices," one IT executive told me recently, "but COBIT and other methodologies actually force you to measure your maturity level in many IT areas."

Compliance is also different from Y2K in that it's an ongoing effort subject to ongoing tests, audits and adjustments. It ain't going away. For instance, the first deadline for public companies to comply with the SOX financial reporting regulations is their first 10-K report after Nov. 15, 2004, but regular audits of their compliance will follow. As such, most organizations will incur ongoing compliance costs--eating as much as 10 percent of IT budgets for the foreseeable future, according to one estimate, as they improve storage, content and data management, security, business-process management, business intelligence, disaster recovery and other disciplines.

  • 1