Data Management Corporate compliance tutorial:
Corporate compliance tutorial
Two words come to mind when the conversation turns to compliance: costly and confusing. But, let this tutorial be your corporate compliance resource, whether you want to learn about Sarbanes-Oxley compliance, healthcare (HIPAA), regulatory compliance or auditing. This tutorial covers corporate compliance issues from beginning to end.
New in this guide
- SearchSecurity.com's SOX Security School (Compliance Best Practices)
- Governance, risk and compliance software trends and best practices (Compliance Best Practices)
- Playing the blame-game with regulatory compliance issues (Auditors in the Enterprise)
IT auditor Matt Zerega defines the auditor's role in the enterprise. "In the simplest terms, IT auditors provide executive management with our independent assessment of the effectiveness of controls put into place to protect information, hard assets and people from potential damage. We help determine what areas of IT might need attention to reduce risk to levels that management finds acceptable. We don't, however, recommend how to fix any flaws we discover."
Why has regulatory compliance become such a prevalent concern for the enterprise? WhatIs.com has an interesting take. "Perhaps because of an ever-increasing number of regulations and a fairly widespread lack of understanding about what is required for a company to be in compliance with new legislation. "
In April 2005, HIPAA Title II took effect. While some in the healthcare industry have been dealing with HIPAA since its passing in 1996, Title II brought the majority of the industry into the fold, including many of smaller and midsized enterprises Because of this, healthcare compliance spending on HIPAA is expected to exceed $3.7 billion for 2005, and account for 24% of total spending, according to a survey conducted by AMR Research last year. On average, companies that claim HIPAA compliance is there largest spending category will spend $2.2 million.
Spending on Sarbanes-Oxley compliance will top $6 billion in 2006, on par with the $6.1 billion spent in 2005, according to a 2005 report from AMR Research Inc. But the emphasis is shifting, the Boston-based consulting firm found, with a greater percentage of the budget going to technology, as companies seek to automate and monitor the many controls required to comply with the 2002 federal act.
Sarbanes-Oxley compliance is everyone's problem. According to WhatIs.com, Sarbanes-Oxley is not a set of business practices and does not specify how a business should store records; rather, it defines which records are to be stored and for how long. And because the consequences for noncompliance are fines, imprisonment, or both, this legislation affects not only IT, but the financial and business sides as well, making it an enterprise-wide concern.