Taking a stand on compliance issues can earn an IT director a seat in the boardroom if he or she doesn't already have one, says Joe Vanden Plas at Wisconsin Technology Network. The trick is to sell the executive suite on the business benefits of compliance rather than focusing on the cost burden it can be.
Gartner's compliance, governance and risk practice lead, French Caldwell, says "enlightened" companies see compliance as an opportunity to improve their business by implementing better internal controls and improving business processes. And those that aren't enlightened must at least admit that compliance -- be it Sarbox, Gramm-Leach-Blilely or HIPAA -- produces good results. Caldwell says it's like a kid who realizes he can actually find his toys after he cleans his room:
I would say, initially, most of them take the approach that this is some other requirement that I have to meet, but by going through the rigor of compliance with Sarbanes Oxley and other "onerous" regulations, they realize they got some process improvement out of it.
According to attorney Dan Welytok, a proactive approach to compliance will also, among other things:
Attract better board members because there is less opportunity for internal fraud, which will lower insurance premiums for directors.
Reassure vendors, whose pressure also plays a role in achieving compliance even with privately held companies that are not subject to all of Sarbanes-Oxley's provisions.
Improve the company's profile as an acquisition partner.
Compliance itself may not be an advantage, but "taking a proactive approach" probably is, according to Caldwell. His theory seems to have been borne out by biotech firm Invitrogen, about which I wrote last week.