Spending on technology to grapple with Sarbanes-Oxley and other compliance obligations is consuming voracious amounts of corporate IT budgets, as companies double or even triple their expenditures, according to a new survey.
The Gartner Group says preliminary results from its 2005 financial compliance survey show companies will increase their IT spending on financial compliance management to as much as 15 percent of the total IT budget in 2006, a huge jump from 5 percent or less only two years earlier.
Bloodworth
Phil Bloodworth, a partner with PricewaterhouseCoopers in charge of the firm’s IT effectiveness practice, says Gartner’s estimate of 10 to 15 percent may even be low. “There’s a lot of remediation going on right now,” he says. “Some companies are completely automating certain functions to help with internal controls compliance.”
Bloodworth says he expects the portion of IT budgets attributed to compliance to level off into single digits once companies surpass the learning and implementation curves for SOX-related issues.
Caldwell
French Caldwell, vice president for Gartner, said companies in the past few years have canceled or delayed IT projects not related to Sarbanes-Oxley efforts. But by late 2005 companies were increasing their spending on new IT solutions that would facilitate SOX compliance.
While Bloodworth doesn’t doubt the survey’s findings, he wonders how carefully companies classify IT expenditures as related to SOX compliance; IT solutions that achieve SOX-related objectives provide other business benefits as well.
“The increasing cost in IT results in benefits elsewhere in the business, either as a reduction in cost or an increase in efficiency,” Bloodworth said. “It’s not a one-to-one relationship where a direct increase in IT cost is a reallocation of cost from somewhere else.”
Leech
Tim Leech, a consultant with Paisley Consulting, says companies attach so many variables to their definitions of “compliance” that he would find it difficult to identify comparable figures across different companies’ IT budgets. And most companies, including several contacted for this story, decline to comment on precisely how they allocate their IT budget dollars.
“The biggest problem is determining whether purchases and enhancements are truly ‘compliance’ spending, or fixes for poorly controlled systems that were previously implemented,” Leech says. Additional variables include whether the company considers its investment in risk-management related to compliance and whether the company is subject to European reporting requirements.
Leech said his firm observed a lot of companies creating “home-grown” solutions to meet documentation requirements, typically using Microsoft programs like Excel or Word. “Some of these (companies) are now recognizing that it is difficult to realize the benefits of the assessment work and drive down consulting and internal labor costs without effective technology,” he claims.
As companies begin seeking sustainable, long-term compliance solutions, Gartner says companies’ IT dollars will be best spent looking for systems that support multiple regulations and multiple business units in a comprehensive, programmatic approach. Companies that continue the piecemeal approach—choosing individuals solutions for individual compliance challenges, as was common during the early rush to comply with new SOX rules and deadlines—will spend 10 times more on IT solutions than their peer companies by 2007, Gartner predicts.
Eid
Companies are at a pivotal point in their IT evolution, according Tom Eid, vice president at Gartner. “Expanding compliance and operational risk demands offer an opportunity for IT to build long-lasting value for the firm or face the threat of becoming a scapegoat for operational and legal deficiency,” he says.
“IT organizations need to implement IT controls for compliance management without increasing architectural complexity,” Eid continues. That requires IT staff to work closely with financial, legal and operations staff to manage operational risk, he says.
No comments yet