Companies question the benefit of compliance regulations, aren't wholly comfortable with where they stand on compliance, and are using a hodgepodge of tools to try to cope.
Those were some of the findings of a recent compliance-progress study by ControlPath, a supplier of automated compliance-management tools. While ControlPath obviously has an agenda with this research, the findings are interesting because they offer a detailed view into what everyone knows anyway - that compliance is still a struggle.
More than 60 percent of the 132 executives surveyed said they strongly agree or somewhat agree that the new regulations provide little benefit to the company. And almost 80 percent said they strongly agree or somewhat agree that the regulations are imposed with little thought about what compliance costs.
Asked if they were confident their organizations are in full compliance with relevant regulations, only 28 percent said they strongly agreed. The bulk -- 50 percent -- said they somewhat agreed, while 18 percent somewhat disagreed and 4 percent strongly disagreed.
Not surprisingly, few companies have been able to automate the compliance process fully. Only 3 percent said they have achieved that nirvana, while 19 percent said it is still a completely manual process, 55 percent said it is more manual than automated, and 23 percent said it is more automated than manual.
Few companies seem to have succeeded in making compliance a science. Only 25 percent have a single process for complying with multiple regulations, while 58 percent said they use "multiple, individual projects to achieve compliance with multiple regulations." The balance said the question wasn't applicable, possibly because they don't have to deal with multiple regulations.
On average, though each organization that participated in the survey has to deal with 1.8 regulations. More than half (55 percent) have to comply with the Sarbanes-Oxley Act, 47 percent have to meet the Health Insurance Portability and Accountability Act, 29 percent have to support the Payment Card Industry Data Security Standard, 22 percent have to meet the Federal Information Security Management Act, and 17 percent have to comply with the Gramm-Leach-Bliley Act.
For those organizations that said they didn't feel they were in full compliance, the following were cited as barriers: not enough education about compliance mandates (47 percent); limited budget (42 percent); lack of tools (37 percent); lack of detail in compliance regulations (32 percent); and lack of accountability for compliance within the organization (27 percent).
In terms of working the work out of compliance, clearly there is much left to do.