Business/IT Issues

Getting ROI from Compliance

On the cover of any trade magazine, you'll find compliance articles ranging from UCCnet, EDI, RFID, Sarbanes-Oxley, GLBA, CFR Part 11, and HIPAA. There's more than enough information on each subject to raise awareness and set the direction for compliance. What's missing is how these compliance initiatives should be used to make business better.

Current compliance initiatives include:

  • Electronic Data Interchange (EDI). Over the last 20 years, the results have been huge reductions in time, inventory, and people. However, many firms aren't receiving the same cost savings benefits that come from business process integration. They missed the point. EDI is supposed to save everyone in the supply chain-not just a dictated means of doing business.

  • UCCnet. Introduced last year as the retail industry's next initiative to reduce waste resulting from bad product data, UCCnet is following in the footsteps of EDI as the latest compliancy requirement. Although initially focusing on data synchronization, UCCnet is intended to become a key part of reducing product lifecycle time and cost while bringing new products to market. There's no choice about complying.

  • Radio Frequency identification (RFID). Just taking hold, RFID may be the most wide-sweeping vendor requirement since the introduction of bar coding. RFID will be driven by both business and regulatory initiatives. Compliance will not only be required to meet business-driven supply chain efficiency objectives, but also for tracking the movement of goods. As the investment in this falls, vendors will look at RFID as a key technology for improving their distribution productivity.

  • Sarbanes-Oxley. Formally known as the Public Company Accounting Reform and Investor Protection Act, Sarbanes is about establishing internal controls and real-time reporting of information that winds up in the financial statements of public enterprises. The focus seems to be on the CFO, but it's really on the company's business process.

  • Healthcare Insurance Portability and Accountability Act (HIPAA). Originally conceived to reduce the exorbitant administrative cost of the $1.3 trillion health care industry, HIPAA's focus has been diverted to the emerging need to protect personal information and privacy, thus resulting in additional expense.

Reversing the Paradigm

The common denominator for all constituencies is the need for easy and accurate access to the data. The problem is, as we address each compliance requirement one at a time, we end up with multiple processes that are not only redundant but, more often than not, in natural conflict. Instead, focus on the information, identify the customers of the information, and create compliance architecture. Properly done, the result will not only improve the bottom line, but it will speed your time to compliance.

This approach has many benefits. The information management architecture can be rules-based so it can become business requirement- and regulatory compliance-independent. Information can be consolidated in one place for ease of maintenance, consistency across requirements, and universal availability. In other words, get your information house in order first.

In the end game, according to Jack Brennan Chairman of the Vanguard Group, "better governed businesses perform better." Use compliancy as a catalyst, not as an adversary. Along the way, the ROI for compliance will be there, as your better-governed business will perform even better. IBI