You can pay me now... Or, pay me later!

A study was released this week that examines worldwide regulatory compliance efforts and implementations in large organizations.  The results of this study are surprising, if not alarming, given the current state of the worldwide economy.  Sponsored by CA and conducted by GMG Insights, the study found that many organizations in Europe and the Asia/Pacific Region are not fully compliant with many regulations even though they are required to be.  For example, 46% of European companies and 50% of Asia/Pacific companies anonymously reported that they are not fully compliant with the Sarbanes-Oxley Act.  To be sure, these companies do not have very mature risk and control programs.  The researchers conducting the study concluded the following.

"The conclusion we come to, is that in-spite of the rising costs associated with compliance and the severe penalties that can come from non-compliance, organizations are still managing down to a “just enough to get by” strategy. In our opinion this strategy cannot be sustained. Organizations face exponential growth of regulations and systems affected by those regulations must be monitored. Managing compliance with an ad hoc approach subjects organizations to significant risks. Recognition of the organizational risk and the growing costs will ultimately drive the adoption of broader, enterprisewide compliance management solutions."

These companies and many others may believe they are saving money by addressing compliance in this fashion.  However, most will ultimately find that this short-term, ad hoc approach will not only lead to greater risk of potential non-compliance, but also to greater cost due to fragmented and duplicate activities.  As the mechanic says to his customer in the oil filter commercial, "you can pay me now..... or pay me later".