Scott Mitchell, president and CEO of the
Open Compliance and Ethics Group (OCEG), spoke on Tuesday at CA World 2008 to a group of invited customers and partners.
Scott began the presentation with an alarming statistic:
In OCEG's research of typical enterprises, 5-15% of revenues were spent to manage compliance.
And, given current economic trends, he expects that to remain steady or grow as the number and scope of regulations increase. In fact, Scott mentioned that at any given point, OCEG sees approximately 4,000 pending business regulations in the legislative "pipeline."
He shared a few key recommendations to tackle this challenge:
- Think "big" and build a backbone of people, process, technology and expertise to tackle the broad issues of compliance.
- Think "small" and address incremental compliance issues on that backbone; for example, tackle PCI compliance"¦and then learn and expand to other compliance areas based on that experience. Even when deploying against that goal, deploy an expandable solution/tool/playbook.
- Experiment"¦there is no silver bullet
- Synchronize and work within the existing rhythm of the business
- Gain commitment, but not necessarily just from executives and boards of directors; get commitment from your peers and colleagues, and don't wait around for executive approval.
You can learn more about OCEG
here and by checking out the GRC 360 blog
here.