No SOX please, we’re CIOs!

23 Oct 2008

Half of European companies are not in compliance with Sarbanes-Oxley (SOX), and the same number again are struggling with the cost of complying with SOX.

The study by CA showed nearly 45pc of the companies surveyed reported an increase in the time and monetary resources required to ensure compliance with 13 regulations and industry standards found in countries around the world. 

The study surveyed nearly 575 IT directors in Europe, North America, Asia Pacific and Central/South America,.

The report included 253 European respondents and revealed that in many instances, North American organisations are more likely to be in compliance with applicable regulations than organisations in other countries. 

In the case of SOX, whose significant fines and potential prison sentences reach the executive suite, almost a half (46pc) of European companies said they are not in compliance, compared to just 11pc in North America. 

Similarly for Basel II, over a third (36pc) of European companies said they are not in compliance, compared to 17pc in North America.

The shifting nature of regulations is a factor in the escalating costs of compliance. In Europe, some 40pc of companies report the introduction of new regulations as a reason for increasing the time and monetary resources dedicated to compliance.

Changes to existing regulations are reported to be a factor by 34pc of European companies, while 27pc of European organisations report that senior management’s growing concern about compliance has been a factor in rising costs. 

Despite the growing burden, costs and complexity of regulatory compliance, efforts to comply are still often being carried out manually. 

“The lower levels of compliance in Europe are of particular concern as it could affect global business as time passes,” warned Frank Kennedy, country manager, CA Ireland.

“As the trend towards regulatory compliance continues to grow in Ireland and globally, it is time for businesses to carefully examine their existing compliance management strategies.

“With some European countries having to comply with more than 20 regulations, it is time to start automating processes that support proof-of-compliance and streamline those efforts for more comprehensive compliance management.

“Organisations are subject to significant business and cost risks when they adopt an ad-hoc approach to compliance,” Kennedy said.

By John Kennedy

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com