Question: Why is it that compliance costs are skyrocketing? Does the study point to specific factors?
Hagerty: The sheer number of compliance programs the average company is managing is increasing. That accounts for one aspect of skyrocketing costs. Compliance comes in many shapes and forms -- legal and regulatory compliance, policy and procedural compliance, risk-based compliance, customer-driven compliance. Most companies have become sensitized to compliance as a result of their activities with Sarbanes-Oxley (Sarbox). They now see it in many areas of the business where they may have overlooked it before. They now realize that compliance is a combination of people's time and effort; advisory work by third parties; and technology support to make it repeatable, sustainable and cost-effective in the long run.
Question: Is a particular industry sector hit harder than others? Which one(s) and why?
Hagerty: Some sectors are already heavily regulated, such as financial services firms and life sciences companies. These two industries have already established a culture of compliance. That makes incremental compliance requirements less burdensome, as they understand the implications of non-compliance and act accordingly to remove that risk from the business. But because they understand it, they don't trifle with it. And they treat compliance as part of standard operating procedure.
Question: What is the best approach to remaining compliant without breaking the bank?
Hagerty: The way I look at it, you have to spend money now to save money in the future. Compliance initiatives are usually systemic in nature, meaning they will impact business policy and procedure for the foreseeable future. In order to make compliance a repeatable and sustainable process, companies should automate as much as they can so that human-related costs can drop over time. Automation reduces people's efforts. And automation equals technology spending. Our experience is that the human cost is the largest chunk of compliance spending, regardless of rule. The goal should be to reduce that expense to the greatest extent possible.
This 3 Questions originally appeared in a weekly report from IT Business Edge.
Dig deeper on Regulatory Compliance Services