CIOs face a monumental dilemma as they find themselves caught between tough economic conditions, competitive pressures and mounting compliance demands. The mantra of the day? Contain costs while continuing to drive productivity. This is a tall order for CIOs who have slashed their 2009 IT budgets and feel the pinch from runaway compliance costs.
As new regulations continue to grow in number and complexity, never ending compliance projects divert precious staff time and operating budget away from growth supporting initiatives to reactive activities such as regulatory audits.
And the future doesn't look any brighter. With the crumbling of Wall Street, we can expect the burden of compliance to grow exponentially as the government responds to current risk management inadequacies with an onslaught of new rules and regulations.
As demands to control the bottom line increase and regulators become even more aggressive, over-investing in compliance-related programs can negatively impact a company's ability to fund future growth initiatives.
When this storm cloud passes, companies that fail to evolve may be left in the dust.
How to Beat the Budget Crunch
For CIOs that want to break out of the current inflated threat and compliance-driven spending model to develop more resilient and cost effective processes, these budget saving tips, ideas and solid practices should help:
Budget Relief Tip #1 Perform an inventory of IT and security infrastructure assets. Companies with geographically dispersed data centers and computing assets have difficulty collecting data and classifying assets. New compliance automation technologies can aggregate data across infrastructure, assets and locations, freeing up precious resources, and ultimately money, spent on manual processes.
Budget Relief Tip #2 Automate collection of "tribal knowledge". Reliance on paper-based surveys and manual data collection processes can be a slow, complex, and error-prone process. Moving to web-based surveys and workflows drives faster decision-making, more timely and cost-effective compliance, and provides the data for improved visibility across organizational boundaries.
Budget Relief Tip #3 Centralise policy management.Large IT organizations spend excessive time and resources on creating, distributing and managing IT policies. Today's IT policy automation products can help businesses keep up with this monotonous task and cut costs by offering advanced survey capabilities and highly automated tools.
Budget Relief Tip #4 Use technology to map compliance controls. Translating general statements of laws and regulations into specific and defensible controls for compliance is one of the most difficult and time-consuming challenges of compliance. Today's compliance solutions come with controls mapped out of the box-simply select the applicable regulations, policies and standards with a click of a mouse to automatically map controls.
Budget Relief Tip #5 Streamline control testing and remediation efforts. Regulatory compliance depends upon the continuous monitoring and enforcement of thousands of IT controls. IT risk and compliance solutions can help companies quickly detect and assess control violations by automating testing, correlating and communicating controls results to the owner(s) of the business risks.
Budget Relief Tip #6 Eliminate the process overlap. Large organizations typically must comply with multiple regulations each with independent processes, metrics, and audit procedures, and overlap across compliance teams is common. Compliance automation tools can help to eliminate redundancies, improve the consistency and quality of risk data, save time and reduce the demands on managers.
Budget Relief Tip #7 Focus on the most critical issues first. It can be difficult for companies to prioritize the criticality of control violations across a broad range of assets. Having a single analytic solution that correlates data across disparate infrastructure, regulations, frameworks and controls allows businesses to focus on the most critical issues first and avoid unnecessary spending.
The Secret to Thriving in Chaos: Be proactive. Act intelligently.
In every down economy there are opportunities to excel while others stand still. Companies who make the transition from the current threat and compliance-driven business climate to a performance and risk-driven business process will be more resilient when new regulations are enacted and better positioned for success when the economy rebounds.
Companies can expect a well executed IT risk and compliance program will pay dividends in lower costs, reduced risk, consistent compliance, and even better morale.
With better security, lower audit burden, improved leverage of IT resources, faster decision-making and better optimization of existing business processes, companies will find themselves well positioned to gain relief from the current budget crunch and build a strong foundation for future growth initiatives.
Sara Gates is vice-president of strategy for Agiliance Inc., a provider of IT governance, risk and compliance management products.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.