PALO ALTO, Calif. -- While the majority of chief executives confirm their attention on compliance issues has measurably increased in the past six years, less than half of IT executives consider compliance to be a critical initiative with full management support. Meanwhile, nearly 40% say their companys IT execs dont understand current regulations well enough to effectively implement compliance technologies and policies.
Those are just a few of the key findings in a comprehensive report issued today by the Business Performance Management Forum (BPM Forum) and AXS-One Inc. (AMEX: AXO), a leading provider of high performance records compliance management software solutions. The report, developed in partnership with Chief Executive Magazine and the IT Compliance Institute, is titled Compliance Enabled Enterprise (CEE) the Future: Building the Compliance-Enabled Enterprise, and it takes the closest look yet at an issue that has assumed mission-critical status within corporate America: While compliance issues around regulations such as Sarbanes-Oxley and related legal complexities have become a top management priority, many companies are still a long way from developing the IT infrastructure, policies and processes needed to align with compliance objectives. As a result, these companies remain seriously unprepared for a lawsuit, audit or request from a regulator.
The new report builds on qualitative interviews with senior executives and subject matter experts; a quantitative survey conducted in partnership with the IT Compliance Institute; and a related survey conducted by Chief Executive magazine, the only magazine written strictly for CEOs and their peers. It paints a vivid picture of a business environment in which compliance is definitely a management concern, policies and procedures are yet to take hold, enforcement is a loose concept, and managements familiarity with the realities of information management is painfully lacking.
This issue clearly represents a serious threat to corporate America: More than just a matter of building appropriate IT infrastructures and managing information, it represents the potential failure of top management to do the heavy lifting needed to achieve true compliance: locate resources, implement the right technologies, develop viable policies and procedures, ensure enforcement, said Donovan Neale-May, executive director of the BPM Forum. In recent years, courts and regulatory agencies alike have been willing to impose harsh penalties on enterprises that are not up to par. This study indicates that the apparent corporate focus on compliance has not translated into strategic and tactical initiatives that have an impact on business operations, and this leaves many companies vulnerable.