A new survey of CIOs reveals most New Zealand companies believe they will not gain an advantage over their rivals by meeting regulatory compliance standards. The finding is in marked contrast to a similar survey of CIOs in the Asia Pacific region, 69% of whom believe they will gain an advantage.
The main reason why companies in APAC feel compliance is important is that it allows them to do business with companies overseas. More specifically, they are usually complying with international standards such as Sarbanes Oxley, whereas New Zealand companies tend only to comply with “local” regulatory requirements such as the Resource Management Act.
Forty-three percent of APAC companies surveyed believed compliance would enable them to trade with foreign companies. Only 15% of New Zealand companies surveyed saw compliance as such an enabler.
The survey was undertaken by Activate New Zealand, which represents change governance vendor Serena. Serena was responsible for the earlier APAC survey.
Activate director Mike Lowe says that, compared with their APAC counterparts, New Zealand companies are planning to spend less on compliance-related activities.
“The majority of APAC CIOs (76%) believe that compliance is a top priority issue for the next two years, compared with 38% in New Zealand,” he says. “Surprisingly, therefore, 75% of New Zealand CIOs believe they will be held accountable [for compliance] and 90% believe they have a major role to play.”
Lowe also points out that New Zealand CIOs have less of a task than their APAC counterparts in persuading their executive teams of the important role IT has to play.
In the US, the Public Company Accounting Oversight Board, which overviews Sarbanes Oxley, recommends that IT should explore the adoption of ICT governance frameworks to assist in compliance-related issue.
In a recent corporate newsletter, the CEO of Vero New Zealand, Roger Bell, noted that corporate disasters such as Enron have prompted new legislation and a tightened regulatory environment. He says that while the compliance regime had also changed in New Zealand, good risk management was not based on bureaucracy. Rather, it was a proactive approach that took pre-emptive steps to identify risks and reduce loss.
Lowe says 80% of incidents hitting service departments are a direct result of poor change and configuration management processes. He says there is a total 40% waste in IT, more than half of which occurs at the requirements management end of the spectrum. New Zealand organisations have focused on trying to make savings by improving operational processes with things like ITIL. “But that just processes rubbish more effectively,” Lowe says.
The goals of the survey were to enhance the perception that regulatory compliance was an important issue for companies in New Zealand; that IT was a core part of compliance requirements, and that compliance presented more of an opportunity to IT rather than a threat.