The results of new study by META Group run contrary to other surveys on the topic of compliance budgeting.
According to the study, 64 percent of companies have budgets dedicated to financial regulatory compliance, with the average budget projected to be $7.2 million in 2005.
However, that information runs counter to two recent and separate studies by ACL Services and PricewaterhouseCoopers, both of which noted that most companies are not tracking the money being spent on Sarbanes-Oxley related costs, making it difficult to understand the costs and value associated with the process (see box at right).
style="margin-top:6px">
clear="all">Will
"Most companies have no annual budget for ongoing compliance," ACL Services president and CEO Harald Will told Compliance Week in late July. According to Will, that's because most companies are focused on the initial attestation requirements. "Companies are busy 'doing' and not really worrying or planning about certain long-term issues," says Will.
Similar sentiments were made by Dan DiFilippo, PwC's U.S. leader for governance risk and compliance, when asked why companies weren't tracking compliance costs. "I think it's partly because they're focused on just 'getting this done,' which is typically the reaction to new regulations," he said.
In addition, DiFilippo told Compliance Week that tracking and budgeting compliance costs is made more difficult by the fact that most of the compliance expenditures are 'soft' costs. "The cost is not specifically identified because it's not contained to the cost of compliance people," noted DiFilippo. "It includes some portion of other people, systems, support costs, etc. It's not a number you can easily get to."
Muddier Survey
The difference in the results between META's survey and those from ACL and PricewaterhouseCoopers lies in the fact that META's methodology, target, questions and respondents were less focused than the others.
“SOX has had a significant impact on how regulatory compliance has been viewed and managed,” said Jon Van Decker, vice president with META Group’s Enterprise Application Strategies.
But only 40 percent of the respondents in META's survey were from U.S. public companies. The rest were private companies, non-profits, or public entities. That fact alone raises questions about the results.
In addition, much of the budget allocation data is for non-SOX related compliance issues, including HIPAA, Patriot Act, and industry-specific compliance issues like SEC Rule 17a-4, which regulates how certain financial institutions must store electronic data.
Lost on most of the press that covered the META Group study was the fact that the firm provides research for IT professionals. As a result, the survey was targeted at CIOs, and was aimed at empowering them to "understand the impact of various regulations on their organization and take steps to collaborate with CCOs, risk managers, and general counsel."
According to some, the survey is partially a response to the fact that CIOs have been slightly marginalized post-Sarbanes-Oxley, and that they don't wield the power they did during the stock market run-up in the late 90s.
To wit, the survey seemed surprised and concerned that "only 14 percent of CCOs report into the CIO position."
Mark Kugel, a vice president with Ventana Research, recently told Compliance Week editors that "there's been a general misconception" about the power the CIO has in a variety of decisions.
As a result, Compliance Week editors warn subscribers to view the META survey "with a grain of salt," when it comes to understanding real trends within the industry. The complete report is available from the box above, right.
No comments yet