Compliance can help companies improve how they do business and prevent costly litigation, says a Canadian expert.
“Compliance needs to become part of the corporate mindset,” according to James McKeen, professor of IT strategy at the Queen’s School of Business in Kingston, Ont.
He was speaking, Tuesday, at a round table on technology and compliance sponsored by Microsoft Canada Co.
McKeen acknowledged that “some businesses see the idea as just another layer of regulations that will cost them money.”
Their hesitation, he said, is largely due to difficulty in linking compliance projects with the bottom line.
“Compliance projects do not create value in themselves and their benefits don’t aggregate as other projects do.”
Another expert echoed some of these sentiments.
Even though their reputation may be on the line, it is very difficult to sell the idea of compliance to some companies, according to Jeff Dunmall, principal of imason Inc., an information management and implementation firm in Toronto.
The firm helps businesses develop compliance tools.
“It is possible but very difficult to build a business case based on risk,” Dunmall said
He believes a compliance project needs a competent “advocate who can highlight the benefits to the user from the very beginning.”
A Microsoft executive suggested that negative perceptions have a lot to do with many Canadian businesses dragging their feet on compliance.
Many companies here struggle with compliance because they don’t know where to start, according to Wanda Yu, senior SharePoint product manager for Microsoft’s Officer Server group.
Quoting from a recent survey by Toronto-based Info-Tech Research Group, Yu said more than 45 per cent of Canadian companies see stronger regulations as unnecessary.
More than 72 per cent of large companies are also “not confident” that they are compliant.
Costs and unfamiliarity with compliance tools on the market are also key reasons for slow adoption, Yu said.
She said a 2005 Gartner report showed global companies spent more than $15.5 billion on compliance tools. Nearly $ 1 million of ever $1 billion earned was allocated for SOX compliance, she said.
There are no pure compliance tools in the market currently, according to Freedman, but many products are geared towards enhancing workflow and practices to make it easier for company’s to implement compliance policies.
He said these tools help in three ways: by automating work flow, creating electronic data repositories to speed-up information access, and improving collaboration among major stakeholders.
imason’s Dunmall said automation and collaboration functions have the potential to streamline unwieldy compliance processes that often bog down the most well-intentioned initiatives.
For instance, some tools can build compliance checklists into a transaction procedure.
Without such a tool, employees might have to manually tick-off a checklist that could be up to 40 items long, said Dunmall.
Some tools also enable users to automatically route electronic copies of a transaction to the authorities who would need to approve them.
This feature, he said, eliminates the need for employees to create multiple copies of documents that have to be sent manually to signing authorities.
Some panelists suggested that chief financial officers (CFOs) should be the ones spearheading compliance efforts across the company.
IT departments, on the other hand, must provide the underlying tools and controls to support these efforts.
“The CFO [should] own the compliance initiative because, for one thing, he’s the one going to jail if anything goes wrong,” noted Joel Freedman, vice-president and CFO for Microsoft Canada.
Apart from saving the CFOs neck, though, Freedman said abiding by industry regulations is good all around.
It helps companies avoid law suits and negative publicity, provide better customer service, and improve work practices.
Given their qualifications, Freedman said, CFOs are eminently suited to driving a company’s efforts to meet audit-related compliance regulations such as PIPEDA (the Personal Information Protection and Electronics Document Act) and SOX (the Sarbanes-Oxley Act).
“[They] are the best equipped to understand what data government and industry watchdogs will be looking for.”
PIPEDA requires firms to ensure clients’ personal information is protected, while SOX essentially requires that information used to create a company’s financial statements is accurate.
The Microsoft executive said IT departments have the regimen and expertise to make sure tools used to carry out these tasks are properly managed and monitored.
He said while legal could help identify potential legal issues on the onset of compliance policy development but that department is best left in the initial stages of the game.
“If I have to go to them at the middle of a situation, it might be too late.”
Current compliance regulations owe their genesis to clamour for more controls following financial scandals that rocked the North American business community in the last 10 years.