The Arguments for Compliance

If there is anything to be observed with IT in 2007, it is a shift in priorities. Gartner notes that for the first time in years security is no longer number one in CIOs' priorities. So what is keeping CIOs awake these days?

Compliance!

A recent survey of 350 Asia Pacific-based CIOs shows that more companies are taking on compliance projects. K. C. Yee, Vice President of Asia-Pacific for Serena Software, notes a doubling (in percentage terms) of compliance activities for the same period compared to last year.

Banks and telcos lead the way in compliance activities. What is also notable is for the first time, the source of pressure is from overseas regulators,followed by high-tech manufacturing. Regulators are no longer the only rationale for seeking compliance measures.

"Companies are realizing that meeting standards is important to the business and that industry standards have a place in a company's survival and growth," says Yee. "If you're not ISO9000, maybe companies won't buy from you. But is it a law? No country is mandated by law to be ISO9000-compliant. It's about quality. ISO9000 is like having a badge of quality. It can be a form of compliance too," he adds.

According to Serena the reason why companies take up compliance has also changed. Previously companies engaged in compliance projects do so to deal with foreign companies -- for trading purposes. Publicly traded companies in the US are demanding their suppliers to be Sarbanes-Oxley (SOX) compliant.

Yee observes that local regulations are driving more companies in the region to embrace compliance efforts. "And companies have been made aware of this. Either their constituents or their market or their governments are asking for these things. Which I think is a great sign for compliance maturity in the region," he adds.

Three's company

CEOs and CFOs worry about regulatory compliance. When you have this specter of going to jail, you start to get this sense of accountability. What has changed this year is that CIOs have started to feel accountable as well.

When you consider that CIOs are mandated to align their organization more closely with the business, a sense of accountability follows suit. CIOs are probably feeling the heat as well. The Serena survey certainly makes it clear. Whether it is external or internal forces, a higher percentage of CIOs agree that they can be held responsible today.

Can a CIO go to jail for failure to comply? For everything there is a first time.

The road to compliance

When you buy hardware or infrastructure systems you often look at performance benchmarks like 99.9999 percent uptime. The risk becomes almost nothing. But what about applications? Many organizations are starting to realize that it's about managing systems, managing quality, managing the application life cycle process. Questions about application lifecycle management are coming into fore.

"It's about getting in and being a lot more sophisticated in understanding who's responsible and why. IT systems and application systems are key factors for compliance. And this shows in how IT budgets are being allocated," notes Yee.

In 2004, Nicholas Carr, a business writer whose work centers on strategy, innovation, and technology, wrote that IT has ceased to become of value to the business because sizeable chunks of budgets are allocated to maintenance, sacrificing innovation to save money and keep systems up.

Indeed the economic down cycles of the 1990s have seen companies focus on cost control. Innovation really took a back seat as new application developments were stopped on their tracks.

Jeremy Burton, CEO and President of Serena Software, believes that the tide is changing.

Following the Enron debacle, compliance efforts took center stage and with it governance. As companies realize you can only squeeze so much blood from a stone, innovation is being seen as perhaps the answer to growth and competition.

IT budgets are on the rise (although not as fast as the business uptake). As companies refresh their systems, maintenance is taking a backseat and companies are taking a fresh stab at developing new applications to meet current and future business opportunities.

Within the arena of application development two things are converging and resulting in a dramatic shift in how companies innovate. Service-Oriented Architecture (SOA) has been around for more than five years and companies are finally beginning to understand what it really means to IT and the business.

In its early days, SOA had a hard time to find its roots. It was perceived as pure technology with no link to the business. Indeed the original SOA messaging was around software re-use. However, according to Gartner only 20 percent of all SOA-ready applications are ever re-used.

In truth SOA is about interoperability or the ability to use small applications from different sources together for a new purpose. This is its true mission. But for SOA to thrive systems must comply with standards. Governance is therefore a requisite to SOA success while lifecycle management is key to its sustainability.

Yee predicts that in the coming years companies will need to find a way to innovate. Many of these will come as a result of new applications. In the 10 years since inception SOA has matured to where we can achieve real business benefits from its use.

"SOA is change agent enabling companies to move forward with new business initiatives without the burden of legacy systems or policies to hold them down. You have to have vision to see things through and a commitment to innovate to grow," concludes Yee.

There is finally room for innovation.