January 31, 2005

According to a new study done by AMR, the next five years are going to see over $80 billion worth of e-business spending, related to regulatory compliance.

This was predictable, as companies have taken the past several quarters to get ready for Sarbanes-Oxley (SOX) and other initiatives on a process level and are now ready to layer in the technology. What's more interesting is that SOX is just one of many regulatory initiatives driving spending.

Looking at 2005, AMR sees 40 percent of the spending ($15.5 billion) going to SOX, 24 percent going to HIPAA, 15 percent to SEC and FDA regulations, and 21 percent to "other," a category that includes Basel II. The years 2006-2009 will see another $65 billion or so in compliance-related spending.

This needn't be a costly headache; AMR recommends a strategic approach, offering the past as precedent, to turn compliance into ongoing opportunity. "Like chemical companies that had to address the disposal of hazardous waste in the 1970s and early 1980s, you can figure out how best to minimize the expense of disposal or engineer as much waste out of the process as possible, therefore reducing or eliminating disposal costs and/or penalties over time."

Compliance is something that you shouldn't jump into straightaway, with AMR noting the necessity of addressing risk issues and setting up controls and monitors first. Compliance proper comes after that, and whatever form it'll take will be dictated by whether you're more interested in letter-of-the-law compliance or strategic compliance as mentioned above.

Source: Line 56