The True Cost of Compliance
Survey reveals that doing the bare minimum is roughly the equivalent of an invitation to financial disaster.
I've read a number of security-related surveys this year, and there seems to be a general theme running through them, albeit most likely unintentionally: Enterprises are woefully lacking in the tools needed to provide better security. Or, in the case of a new survey from LockPath, to provide better risk management.
LockPath recently surveyed 175 compliance and risk practitioners and found that 83.6 percent consider their organization's risk level to be moderate-to-high. Seventy-eight percent said that regulations requiring compliance are increasing and, yet, 26 percent of respondent have no tools or procedures in place to remain current on federal and state compliance regulations.
Below are some of the other figures from the survey, according to LockPath:
Overall, attaining one consolidated view of risks and staying on top of new regulations are viewed as the most challenging compliance tasks. Among respondents, 80 percent say that the ability to "consolidate, centralize and mine business-critical risk and compliance data" is the most important feature of a compliance solution, yet 46 percent say their current solution/process needs improvement in this area. Similarly, 63 percent say that the ability to "automatically generate assessments" is very important, but 43 percent say their current solution/process is insufficient in this area. It also appears that despite the well-known risks that come with third parties, the majority of respondents ( 63.2 percent) cannot ensure that their vendors and partners are in compliance with their policies. Interestingly, two-thirds do not track costs associated with compliance.
This is not a problem unique to American companies. A survey released earlier this month by Thomson Reuters interviewed 500 compliance professionals at financial services companies around the world. According to Corporate Compliance Insights:
Eighty-four percent of compliance professionals surveyed expect to handle more regulatory information from regulators and exchanges this year, with nearly half expecting the level to be significantly higher.
While regulatory requirements continue to grow, compliance teams are showing signs of resource constraints limiting their ability to perform vital compliance functions. More than a third of compliance professionals say they spend more than an entire working day each week in simply staying up to date with regulatory changes and assessing their impact on the business.
The survey also says the vast majority of compliance teams aren't reporting back to executive boards on a regular basis, which raises the question of whether or not people at the top of the corporate ladder are getting enough information on compliance issues.
Chris Caldwell, CEO, LockPath, said what may be the understatement of the year:
It is crystal clear that, despite what some see as the maturing of risk management programs in the past several years, an alarming number of businesses remain overwhelmed by the number of regulations with which they must comply. The results of this survey indicate a strong need for a governance, risk and compliance solution that can help companies of all sizes get a grip on compliance with a platform that delivers integrated risk and regulatory intelligence.
Without the tools (or the budgets to implement the tools) risks are going to increase. As the lack of tools and resources is a common theme in the first quarter of 2012, perhaps it is time enterprises take a closer look at why they don't have the resources to provide better security and risk management and what the cost could be if things don't improve.