SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
Compliance Services: Get What You Pay For
Compliance Services: Get What You Pay For There's a lot of compliance help out there, but it's not all helpful
July 12, 2005
4 Min Read
When it comes to compliance, few companies are equipped to go it alone. Instead, most phone for help from a range of professionals, consultants, and service providers. But what they get in return isn't always what they expect.
The headlines are littered with cautionary examples of companies, big and small, that apparently didnt hire, or didn't listen to, the right compliance advisors. BakBone Software Inc., Brocade Communications Systems Inc. (Nasdaq: BRCD), and Veritas Software Corp. (Nasdaq: VRTS), to name a few, all wound up restating their earnings in recent months (see BakBone Still Out of Whack, SEC Gets Formal With Brocade, and Veritas Misses 10K Deadline).
It's not that there's a lack of qualified help. Compliance services are available from the big accounting firms and IT consultancies, as well as various vendors of IT products, including storage equipment. So what's the problem?
The complexity of maintaining regulatory compliance in most industries is certainly making it tough to ensure consistent value from services – and a lack of standards about what constitutes best practices doesn't help either.
The primary issues appear to be objectivity and specificity. On the first count, the vested interest that many companies have in compliance can be a hindrance, at least on the surface. The eternal question applies: Qui bono? Obviously, if a software or hardware vendor is offering to help, they're likely doing so as another channel for pitching their wares."It's important to be sure that whoever is doing an audit is objective. I would not recommend a software vendor. Clearly, they have a vested interest in the outcome," says Diane Carlisle, director of professional resources at ARMA International Inc., a not-for-profit association for professional records managers.
Vendors, of course, maintain that their help is a boon, particularly for existing customers that turn to them to get IT and storage gear in line with compliance policies. "My organization is not compensated on product revenue or sales, but on customer satisfaction," says Derrell James, SVP of technology solutions at EMC. He insists that EMC's expertise – not only in its own products, but in those it resells – streamlines the compliance process.
The other major issue with compliance services has to do with the quality of information. Even the world's biggest accounting firms appear to fall short from time to time. This includes the "Big Four" firms – Deloitte Touche Tohmatsu, Ernst & Young International, KPMG International, and PricewaterhouseCoopers International Ltd.
According to the Professional Oversight Board for Accountancy (POBA), a group charged with ensuring that auditors hired by public companies in the U.K. act in accordance with regulatory guidelines, big accounting firms have some homework to do. In a recent report, POBA says it found "recurring issues" requiring improvement after its Audit Inspection Unit scoped out major firms from June 2004 through the end of March 2005:
Not knowing what to look for. POBA found cases in which audit firms were guilty of "insufficient identification of the relevant laws and regulations affecting the client's business and/or procedures to identify possible or actual non-compliance therewith."
Not following up. Sometimes firms didn't properly monitor their compliance audits to make sure that new procedures, once put in place, were followed through.
Poor use of technology. At least some of the problems were related directly to the technology used to create compliance audits. POBA found cases in which items in an archived audit were finalized after the date the audit was signed, because auditors didn't pay attention to how the software worked. There were also problems with the wrong information being including in an electronic audit system: "At one firm, the use of an electronic database of audit procedures led to the inclusion of planned procedures in the audit programme without sufficient tailoring or consideration of their appropriateness."
Given all this, how can organizations ensure they don't get taken to the corporate cleaners? That's the topic we explore in this month's Byte and Switch Insider report, Compliance Services: Help or Hindrance?
Basically, the answer lies in preparation. Companies that start with a comprehensive list of what they need to do in order to meet regulatory strictures can use a range of criteria to ensure they get help from the right sources.
Expertise, cost, and objectivity are all factors to consider. It's also vital to know what can be done in-house: Sometimes, with a bit of training, a records manager can become a compliance officer, overseeing a strategy that blends help from inside and outside the company.Bottom line? Compliance services aren't a job for the uninformed. Getting the best value requires an organization to resist asking outsiders to tell it what to do. Instead, a company must educate itself about what's needed before asking for help.
— Mary Jander, Site Editor, Byte and Switch
This report, Compliance Services: Help or Hindrance?, is available as part of an annual subscription (12 monthly issues) to Byte and Switch Insider, priced at $1,350. Individual reports are available for $900. For more information, or to subscribe, please visit: www.byteandswitch.com/insider
Read more about:
2005You May Also Like
More Insights
