“More than 100,000 international laws and regulations are potentially relevant to Forbes Global 1000 companies—ranging from financial disclosure requirements to standards for data retention and privacy. Additionally, many of these regulations are evolving and often vary or even contradict one another across borders and jurisdictions.”
Lorrie Luellig is of counsel, Ryley Carlock & Applewhite, PC
The above is an eye popping statement. The implications are not only for IT, who are somehow supposed to help make compliance happen, but the business issues surrounding the implications of non-compliance and the associated organizational costs. It’s a no win situation, even just to keep on top of the most pressing compliance challenges. Unfortunately, it’s not a choice.
In a white paper prepared by Grant Thornton, LLP, entitled, “Adding internal audit value: Strategically leveraging compliance activities”, that consolidated the results of their fourth annual Chief Audit Executive Survey 2014, highlighted the dilemma of burgeoning compliance requirements and the impact across organizations.
One of the key premises of the white paper was, if “internal audit departments are using a disproportionate amount of resources on compliance activities, there could be significant lost opportunities for value-add governance, operational, strategic, and IT audits”.
On the brighter side, the good news is that internal audit departments are speeding technology adoption, specifically GRC and internal audit technology tools. This is one area where raising the bar on enterprise metadata management, capture, and use can become an important differentiator. Using a framework of tools, the internal audit function can proactively address compliance as a first step as opposed to a last step.