Compliance Methods Are Costly and Cumbersome

Current regulatory compliance methods are costly and cumbersome. As a result, many organizations have a low satisfaction level with these methods, according to new research from Osterman Research.

The study, sponsored by security awareness training company KnowBe4, shows that only 13 percent of the organizations surveyed are very satisfied with the current methods they use to manage compliance. This is despite the fact that 63 percent consider regulatory compliance to be “very important.”

The report indicates that compliance management is subject to a high volume of change in government regulations. For example, the “U.S. Federal Register,” a daily publication that describes proposed and final regulations of federal agencies, published an average of more than 3,800 final rules each year between 2002 and 2012. That represents an average of about 15 final rules each workday, and managing this level of change with manual compliance processes can be extremely difficult, if not impossible.

“Much of the discontent [with compliance methods] stems from the focus on manual processes,” KnowBe4 CEO Stu Sjouwerman stated, adding that they are “quite cumbersome and expensive. Improving the tracking and gathering of audit evidence alone can help an organization save considerably in both time and budget.”

Tools such as spreadsheets, documents and home-grown software can help organizations stay current with compliance obligations, the study notes, but these methods require major efforts to maintain. In addition, a significant amount of time and labor resources is needed to search for the right information to populate these documents.

Using a subset of the survey sample to eliminate outliers, Osterman Research found that organizations spend $524 per employee annually to manage their compliance processes. In an organization with 500 employees, that would cost $262,000 annually.

There also can be a significant amount of duplicate efforts on the part of compliance management teams, particularly in large and distributed organizations. Any number of people might be working on the same compliance issues without realizing that others in the enterprise are working on the same things.

These duplicate efforts—along with the manual nature of much of the compliance process—can lead to inefficient compliance management. And, in some cases, they might actually be contradictory because various groups develop their own interpretation of how to address compliance issues.

The findings of this research are noteworthy because many organizations have to deal with some type of compliance obligation—whether that involves minimal requirements to protect certain types of records or enterprisewide mandates to retain and safeguard many types of information for a long period of time.

Businesses in some of the more regulated industries, such as health care, financial services, insurance, energy and education, are grappling with a large and growing number of regulations. These are at the federal, state and local level, as well as within the industries themselves. Global enterprises also need to cope with international regulations.

Failure to comply with many of these regulations can result in significant fines and other penalties.