Companies that have deployed new systems to comply with government regulations such as the Sarbanes-Oxley Act are finding these investments can do double duty by helping them to improve business processes, according to a survey of 332 companies by AMR Research. Nearly 75 percent of respondents plan to use their compliance investments to support other activities, such as streamlining business processes.John Hagerty, vice president of research with AMR, says regulatory mandates have put a new spotlight on IT as a means to mitigate business risk. Prior to these mandates, risk management didn’t get executive attention. CEOs and boards were reluctant to invest in technology to combat risk, he says. But Sarbanes-Oxley especially has made them more attuned to the technology underpinnings that compliance requires. “So you see the board open its wallet to fund some of these programs,” says Hagerty. One area where compliance mandates have prompted support is for security and identity management. Sarbanes-Oxley, for example, requires appropriate access controls to corporate systems so that an employee cannot change data unless he is authorized to do so. And so, CIOs have permission to deploy access management systems and procedures that they may have been unable to justify previously.Meanwhile, Hagerty adds, the emphasis of Sarbanes-Oxley on process controls fosters greater awareness of quality assurance. The required reviews prompt companies to examine processes that are not working well or controls that are failing. Sarbanes-Oxley has also provided support for business process management (BPM). Sarbanes-Oxley compliance depends on standardizing processes so that points of failure are minimized. BPM technology supports this standardization across a company. Best Practices:Compliance comes first. Focus on what is absolutely required to satisfy the regulatory mandate. Determine what types of training, new business processes and software you will need to meet the requirements.Indentify double-duty investments. CIOs have a global view of the company that other business leaders do not, says Hagerty. Use that knowledge to target compliance investments toward processes that need improvement. Because other business leaders will likely view compliance spending as an expense, explaining the business benefits can help make the case for investment in new technology.Watch for overlap. Many regulations have common business requirements, such as managing documents and records, standardizing business processes, creating reports, managing risks, and implementing security and audit controls. You may be able to use the same applications to comply with multiple regulations. Related content opinion Website spoofing: risks, threats, and mitigation strategies for CIOs In this article, we take a look at how CIOs can tackle website spoofing attacks and the best ways to prevent them. By Yash Mehta Dec 01, 2023 5 mins CIO Cyberattacks Security brandpost Sponsored by Catchpoint Systems Inc. Gain full visibility across the Internet Stack with IPM (Internet Performance Monitoring) Today’s IT systems have more points of failure than ever before. Internet Performance Monitoring provides visibility over external networks and services to mitigate outages. By Neal Weinberg Dec 01, 2023 3 mins IT Operations brandpost Sponsored by Zscaler How customers can save money during periods of economic uncertainty Now is the time to overcome the challenges of perimeter-based architectures and reduce costs with zero trust. By Zscaler Dec 01, 2023 4 mins Security feature LexisNexis rises to the generative AI challenge With generative AI, the legal information services giant faces its most formidable disruptor yet. That’s why CTO Jeff Reihl is embracing and enhancing the technology swiftly to keep in front of the competition. By Paula Rooney Dec 01, 2023 6 mins Generative AI Digital Transformation Cloud Computing Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe