Corporates adopt IT for compliance

Font Size

Print

Feedback

Email

Discuss

: Compliance is the latest corporate mantra. It has never been as important as it is today and has almost become a survival issue for the corporate world. It means following the rules and more importantly, being able to prove it that you are following the rules. These rules could originate from various sources including government regulations, corporate governance requirements, and internal company policies, among others. Fines and other penalties, worst of all, loss of reputation for noncompliance are driving companies to take compliance seriously.

Almost all the corporate regulatory bodies,have been stressing to introduce mechanisms which will force the business houses to commit to better corporate governance, especially post-Enron debacle and other similar financial malfeasance. Enron, WorldCom, CA-major corporate disasters that have achieved notoriety for fraudulent accounting practices. Former WorldCom CEO Bernard Ebbers received the stiffest sentence yet in the recent spate of corporate scandals. But this sort of thing does not happen in India. Or doesn’t it? The burning example is data theft by Karan Bahree and arrest of Baazi.com CEO Avnish Bajaj.

Let’s peep into the compliance issue scenario facing us today. Sarbanes Oxley (SOX) was passed largely in response to several high-profile cases of corporate malfeasance. All the Indian companies doing business with Nasdaq-listed companies fall under the purview of SOX. There are several other regulations knocking at the door of companies in India. IT Act 2000 is being reviewed to prevent any such data security and other lapses. Sebi has recently issued a circular to the stock exchanges in India on corporate governance in listed companies.

Most of these regulations require the information to be validated and verified. This increased accountability has, in turn, pushed the CIO into the hot seat concerning the compliance issues and he/she needs to delve deeper into the issues and understand its overall impact on his/her organisation.

So, what should a CIO’s main focus be in relation to compliance? A CIO should ask himself the following questions:

• Does the company have a recode retention policy in place? Does the policy all records, types of media including e-mail, financial records, voice and video?

• How quickly can you find and retrieve documents as part of the discovery process or in response to regulatory agency requests? Do you track your company's costs for legal discovery and litigation support?