Recouping the costs of regulations

Enterprises are spending a bundle on compliance. Is there any ROI other than avoiding trouble?

When you get put on hold by Nth Orbit — suppliers of compliance solution Certus — you don’t hear generic Muzak. Instead, you’re serenaded by a John Denver wannabe strumming a banjo and crooning, “My bottom line is falling more behind, I’ve got the Sarbanes-Oxley blues.”

There’s a good reason why enterprises are singing the blues. Companies are hemorrhaging money in an effort to comply with a raft of new federal regulations, which range from Securities and Exchange Commission mandates to the Patriot Act.

AMR Research estimates that Sarb-Ox alone will set back companies $5.5 billion in 2004; at the company level, that averages out to $1 million per $1 billion in revenue, according to John Haggerty, vice president at AMR Research.

“Everyone’s trying to figure out how much they should be spending and how best to keep costs down,” Haggerty says. But the overarching question is whether it’s possible to recoup the investment. “Companies are saying, ‘If I must comply, I want ROI,’ ” Haggerty adds.

For now, it appears that “soft ROI” is the best anyone can hope for. Executives are reluctant to divulge how much they are spending on compliance initiatives or when they anticipate a return. The mood, however, is not upbeat.

“We spend a significant amount of time benchmarking with other companies,” says Paul Brothe, vice president of corporate quality at McData. “We compare notes. When we get a [vendor] quote, we’ll go to other companies and ask what they were quoted. Meanwhile, we’re trying to use existing tools as much as possible.”

Those who view compliance as “an opportunity to streamline processes and workflows will obviously benefit the most,” concludes Brian Wood, research director at Gartner.

According to Ted Frank, CEO of Axentis and advisory chairman of The Compliance Consortium, the stringent regulations are forcing companies to reassess how they are managing a broad portfolio of business processes. Done correctly, the exercise will result in consistencies across systems and processes. He cites the potential for companies to squander the opportunity and actually underinvest in compliance solutions.

“If you look at Section 404 [of Sarbanes-Oxley], you’re documenting and assessing the risks and the processes to mitigate that risk,” Frank says. “If you have 800 business units, … imagine the benefit of discovering that the same processes are being managed differently across those units. Enterprises should look at this as a substantial opportunity to strip out costs and improve performance.”