 |
|
|
Pull Your SOX Up:
Corporate Compliance Looms, But Content Plays the Tune |
|
|
|
|
|
|
|
15 December
2003 |
|
|
|
|
In the oncoming rush towards compliance
with the
Sarbanes-Oxley Act of 2002 corporate governance
regulations, many content technology vendors seem to be
applying some of the same fear-driven tactics that drove
deadline-oriented millennium compliance investments. But
many companies aren't buying the fear pitch - in large part
because the publishing and storage technologies being
pitched for compliance are part of a much broader set of
competitive requirements that are driving institutions
towards being more effective creators and consumers of
content. Compliance is crucial and its benefits
substantial, but it's organizations learning how to
leverage content profitably that's really calling the
investment tune. |
|
The drumbeat of corporate
compliance requirements beats louder and louder as deadlines
for conforming to U.S. regulations under the
Sarbanes-Oxley Act of 2002 (SOX) begin to loom into the
foreground for corporations in the U.S. and beyond. Major U.S.
corporations have until 15 June 2004 to meet the financial
reporting and certification requirements of SOX, while smaller
U.S. and foreign firms have until 15 April of 2005 to pass
muster. As with the earlier millennium compliance frenzy, the
big winners in this push for document retention and
auditability have been the major consulting and accounting
firms providing services to ensure that required procedures and
systems are in place, followed closely by storage vendors that
have been able to position more flexible solutions to the
creation and retention lifecycle of corporate content. The fear
factor, as we outlined in
our April review of compliance issues, seems to have
forced some companies to step up to a new generation of content
management and creation capabilities and is placing new and
improved business processes in place to take advantage of those
capabilities.
But even though businesses can expect a
"war benefit" from this struggle to modernize their content
capabilities, some vendors may miss out on the opportunities to
cash in on this trend.
As pointed out by Line56.com, recent research is indicating
that many firms are not taking the bait of quickly packaged and
repackaged technology products that have tried to position
themselves as SOX compliance solutions, either because they
have already implemented content management solutions anyway or
because they have been concentrating mostly on getting their
staffs to comply with or without new technology capabilities to
support them. In other words compliance is a human issue and a
content issue far more than it is a technology issue in many
respects, with many subtle, shifting and interlinking
requirements that are not easily encompassed in any
legislation-specific software. Those that implement content
management solutions and content-addressable storage
capabilities will be positioning themselves well for the future
in general, but it will take more than just the bits and bytes
of the matter to make compliance come to life. A few things to
bear in mind for those trying to position compliance products
and solutions are:
- Compliance is a by-product, not a
product. With the exception of those that feed off of the
compliance industry with their products and services, nobody
goes into business to create compliance. It's a "must-have",
but not the main business driver for most companies. People
had to throw money at millennium compliance solutions, but
there was never the intimation that they were going to make
businesses fundamentally better in any sustained manner by
doing so. This time around, many vendors seem to be of the
mind that just about any content technology can be labeled a
compliance solution, when in fact the purpose, scope and
capabilities of those packages may encompass many other
factors that need to be weighed carefully in and of their own
right. If people are going to solve business problems, they
are going to want to do so in a manner that will be aimed at
helping them to keep focused on their main responsibility:
helping their companies to make money. There's no
fundamentally sound ROI argument for compliance that can
justify compliance solutions alone.
- Compliance is part of a
multi-layered business problem.
As pointed out recently by WhatPC, many firms in Europe
doing business that requires conformance with new U.S.
compliance laws have been notably slower in approaching the
implementation of SOX-compliant solutions - in part because
of the later deadline, but also in part because even when
it's required it's part of a broader range of business
requirements that include conformance with local regulations
as well. In specific industries such as pharmaceuticals that
are subject to other kinds of government regulation and
scrutiny, additional ranges of reporting requirements
are also likely to come to the fore that will be at least as
important as regulations specific to corporate governance.
Just because there's a new rule book in town doesn't mean
that companies haven't been trying to play by many existing
rules - including their own internal policies and procedures.
- Compliance requires informed
decision making as much as it does appropriate workflow.
A lot of compliance talk falls on deaf ears because some
vendors are coming in as if business process improvement was
something fresh out of the box. While workflow management may
be something new to many content providers and technologists,
it's been around since the beginning of the industrial era
within the walls of many of the companies that they serve.
What's often missed in all of this workflow talk is the need
for people to have the right content at hand to make the
right decisions in using these compliance tools. Throwing
expensive consultants at a business problem is fine as a
short-term solution, but an integral part of that solution
has to be providing its users the ability to do the right
thing on an ongoing basis. The opportunities for content
providers to leverage into this environment are fairly
significant, but are hampered by a lack of software providers
that have provided adequate "hooks" for premium content on
compliance-related matters to make its way into the hands of
people who need this information updated in a highly
contextual training and workflow setting.
While the significance of corporate
governance compliance requirements cannot be overlooked it's
just as important to recognize that the broader "war benefits"
that are surfacing for most companies from the compliance
movement are related to battles far more central to their core
purposes. More efficient and effective management of internal
and external content had already been emerging as a key
competitive factor anyway, so for the most part SOX and its
regulatory brethren are simply acting as an accelerator for a
content revolution that will have much broader impact over the
long run. Businesses fear the government to some degree, but
they fear their competitors far more on a daily basis. Keep
your eyes on the right enemies - and the right solutions.
-
John Blossom
To top of page
 |
