Print

Comment

Email

Digg

Del.icio.us

Reddit

Twitter

Even as the race for acquiring the defamed Satyam is underway, the scam that unfolded in January 2009 is anything but forgotten. Quite the contrary in fact, when one takes into consideration the things that have emerged as the fore-runner priorities for Indian companies now. The list indeed is quite different from what it was last year and presumably boasts of customer trust, information security, and regulatory compliance at the top slots.

While these things were never really in the shadows, they are now certainly in the limelight. And though the Satyam saga might have its contributions there, another phenomenon that has made an impact happens to be the global meltdown. In the face of recession, businesses are increasingly realizing that their survival depends on customer trust. And well, they are leaving no stone unturned to ensure that the customer has no fingers to point when it comes to matters like compliance, environment friendliness, and information security.

The Indian businesses are certainly going the extra mile, given the recent shock wave that hit us in the form of Ramalinga Rajus resignation letter. There have been big lapses, and perhaps there will be more in the future, but fortunately they arent leaving without imparting their lessons.

The recession was a setback and Satyam was a lapse, but both these events have driven home the need for stronger security and compliance. The solution, as always, is expected to emerge from some intellectual corner in the IT department.

Complying India
The world is globalized and the businesses are localized. The challenges are global but the solutions are local. Similarly, compliance is global while regulations are local. If that seems a little complex, lets try to simplify it with an example. Lets take the case of a large IT services firm headquartered in India, listed in the US and doing business in various parts of the world including Europe. In this case, the company would need to adhere (at least) to the following laws:

• Clause 49 (locally mandated by SEBI)
• Sarbanes Oxley (as it is listed in the US)
• California Data Privacy Act
• EU Data Privacy Act

Besides, this enterprise will have to use a framework like COBIT/COSO for SOX implementation. That not only looks complex but is tedious to manage as well.

Moreover, in India, where the emphasis is on outsourcing, the natural onus lies on elements of information security and quality control. The role of all the entities involved in the information lifecycle comes under scrutiny here. The company, investors, business partners, auditors, and regulators are all expected to ensure transparency and compliance in their operations.

According to Pramod Reddy, director, AppLabs, In this globalized world, one has to comply with laws, irrespective of the country you are based in. And recession is only increasing this need, given the adverse conditions and the necessity to retain customers. No wonder then that there is a lot of enthusiasm around compliance, and a lot of businesses are seeing it as a huge opportunity.

For long, CIOs have not paid enough attention to compliance technologies and solutions, but with market conditions going bad, CIOs have to invest in these solutions to gain the confidence of shareholders, said Sanjay Deshmukh, country manager, India/SAARC, SAP Business Objects Division. He was speaking on Winning in the New Reality with SAP Business Objects at C-Change 2009.

Deshmukh added that in the present climate, due to adverse market conditions, regulations and scrutiny have increased, and this makes it pertinent for CIOs to invest in these solutions before it gets too late. It doesnt matter whether you implement Sarbanes Oxley or any other complaint solutionschoose what is best for you and do it at the earliest. Thus, not only the shareholders, even CEOs and CFOs will be confident that the numbers they are presenting to the public are authentic ,as they have been correctly audited, he said.

IT Helps
As per Vishal Dhupar, MD, Symantec India, the solutions for managing compliance effectively are becoming more and more IT dependent: Increasingly, IT management is being called on to align the business objectives amidst shrinking budgets. Business executives are asking IT to achieve compliance for internal and external mandates while managing the delicate risk versus return balance.

Not surprisingly then, IT is being increasingly summoned for help in efficiently managing the increasing demands of governance, risk and compliance (GRC). In fact, compliance is seeing a marked shift from being manually supervised to being technologically monitored.

Says Shree Parthasarthy, director, Deloitte Touche Tohmatsu India, Previously, everything was in terms of manual compilation, but over the last couple of years there is a lot of dependency on IT for managing compliance. And the reasons for this are quite obviousif businesses are being run electronically, compliance cant possibly be a manual process. Although at the end of the day, people are still required to man the systems, compliance without the help of IT is now almost an impossibility.

Reddy adds that if a company is now going to market for a compliance solution, it will certainly find one, irrespective of its size, range, vertical, and investment. This statement to some extent does show the maturity that the IT compliance market has achieved over the years. There is a vast assortment of products available now and most vendors provide need-based customizations.

IT tools can now help an organization manage compliance issues, provide updates on regulatory content, record data access details, send alerts in case of deficiencies, and suggest possible remedies. Control Compliance Suite, for instance, lets customers implement end-to-end coverage of the IT compliance life cycle, strengthening its IT GRC practicesfrom defining appropriate policies based on regulatory mandates to assessing IT controls to remediation deficiencies and finally generating detailed reports.

Many big names like SAP, Symantec and Microsoft are already in this area and newcomers like Solix Technologies are making an entry with innovative products.

But maturity of the market apart, IT compliance as a concept still hasnt gained momentum in India. According to an industry survey conducted in 2008, companies in India are lagging behind the rest of Asia Pacific with regard to the implementation of regulatory compliance programs. It found that less than a fifth (18%) of companies in India have implemented regulatory compliance programs, compared to the current Asia Pacific average of 42%.

To a certain extent, this figure reflects the low levels of IT expenditure in the country. Although the compliance landscape is changing, we are yet to see how soon this figure undergoes a significant change.

The Market
The IT Policy Compliance Group has revealed in its latest benchmark research report that 68% of firms are under-spending on information security, relative to the financial risks and losses they are experiencing. Yet, incremental increases toward the funding of best practices are responsible for financial returns ranging from 200% to more than 100,000% for the average organization.

This elucidates the huge potential that this segment holds. In todays global economy, the livelihood of any organization is linked to how well the IT function manages the availability, integrity, and confidence of the information and the IT systems that are used to operate core business procedures. Whether it is protecting information or meeting legal and regulatory requirements, the challenge confronting IT managers in an increasingly interconnected world means managing business opportunity and risk simultaneously.

There are studies to prove that organizations with mature IT GRC practices such as frequent auditing of their IT environment against company policies and standards often benefit from increased revenue, higher customer satisfaction, less data loss, and lower compliance costs. Research conducted by the IT Policy Compliance Group shows that improvement to data protection and compliance are paying big dividends among firms with the most mature governance, risk management, and compliance management practices.

Vinod Ganesh Ram, COO and director of CDC, CRM Solutions points out, For compliance solutions vendors, this seems to be a highly opportune time to establish themselves and the market for their solutions. Some of the specific areas have taken significant strides in the international markets. India seems to be also catching up to this trend of increased investments in compliance-related solutions.

As per IDC, spending on just the hardware, software, and computer services to develop an IT infrastructure to support compliance initiatives is expected to double in 2006-10 to $21.4 bn worldwide.

Amidst instability introduced by the ongoing slowdown, there is an echoing need for more stringent regulations worldwide. All this certainly spells good news for the IT compliance market, more so in India, given the huge untapped section here.

Mehak Chawla
mehakc@cybermedia.co.in

Page(s)   1