Skip to main content

Boardroom Conflict Predicted As IT Depts Lose Control Of Compliance Systems Budget

A survey carried out by Critical Research for GRC (Governance and Regulatory Compliance) systems group Achiever Business Solutions, reveals that it is predominantly new regulatory compliance divisions that are controlling spend on GRC Technology and that this is frequently outside of the control of IT executives.

One hundred completed surveys, chosen randomly, from a population of 775 executives responsible for regulatory compliance in major organisations, across the financial, industry standards, health and safety and quality areas, found that only 39% of the spend on GRC systems comes from the IT budget.

The rest was under the control of new compliance divisions emerging within the organisation. The average compliance budget across the population surveyed was £87,000 with a further £33,000 allowed for support and maintenance costs.

Overall, 8 out of 10 companies thought that the regulatory burden would increase over the next two years and 9 out 10 felt that enterprise-wide GRC systems would ease the burden. Over half expected GRC system budgets to increase; with the total budget of those included in the survey running at just over £70million. Of those not using enterprise-wide GRC systems, 80% of them expected to be doing so within a year.

Eighteen months ago, it was hard to find compliance officers let alone GRC departments. Now, with the extended reach of Sarbanes Oxley, and the threat of legal action and adverse publicity, boardrooms are worried about the potential impact on share prices and the P&L. There is, therefore, a huge momentum behind a new breed of executives who have been catapulted straight into the boardroom with the budget and authority to get what they need. These executives are compliance specialists and therefore are often not IT people.

Thus, in some cases, monies that would previously have fallen under IT executives’ control are diverted into these new GRC divisions with decisions about the compliance systems chosen and the platforms used falling outside existing IT policies. This could lead to tensions in the boardroom as boundaries are re-defined and room at the top is made for the new kids on the corporate block.

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.