|
|
|
Features
< Back
Sarbanes Oxley : Technology : Meta Data
Complying with Confidence
Ensuring regulatory compliance requires an integration-centric approach
By
James Markarian
|
|
James Markarian
Informatica
Informatica
|
Compliance with regulatory statutes has emerged as one of the decade?s major business challenges. For example, AMR Research estimates that companies will spend this year, in aggregate, $5.5B on meeting Sarbanes-Oxley Act (SOX) requirements (Compliance Costs Expected to Rise in 2005, May, 28, 2004). Along with fine-tuning how employees think and work, businesses understand that IT holds the key to successful compliance. IT professionals, meanwhile, know that compliance is an information and business process management issue, with a particular emphasis on data integration and visibility.
Without an integrated view of business data that is comprehensive, accurate and timely, you can?t ensure compliance. The question is, how are you going to effectively handle data integration and provide visibility?
Whether it is Sarbanes-Oxley, Basel II, International Accounting Standards (IAS), HIPAA, or the U.S. Patriot Act, integrating information in support of compliance is not a one-off proposition. Compliance requires ongoing and constant enforcement. It?s never a matter of simply checking a box and then moving to another project. Companies typically dedicate one or two people solely to compliance projects. Compliance-driven requirements are usually phased in, evolve constantly, and invariably become more complex and stringent over time. Witness Sarbanes-Oxley Section 404, which took hold this November. It mandated that management include in its annual report an assessment of the company's internal controls over financial reporting and a description of the framework used to evaluate the effectiveness of these internal controls. Thus not only are you legally bound to show all you know, but also how you know it and why you have confidence in your knowledge.
Mandate issues aside, compliance represents an opportunity for IT to get enterprise-wide integration and visibility ?right.? Compliance in general is helping to drive data integration and reporting excellence. It represents a perfect time to get your company to optimize IT efficiencies?or perhaps clean up its act?in this strategic arena. The dividends will be realized far into the future and include enhanced business agility, operational efficiency and competitiveness.
Without an integrated view of business data, you can?t ensure compliance. The question is, how are you going to effectively handle data integration and provide visibility?
Inclusiveness, metadata and real-time visibility
To ensure compliance, integrated business views must be complete, accurate and timely. This requires the ability to integrate and leverage all pertinent data sources with confidence throughout the enterprise?from mainframes to spreadsheets. This in turn requires a combination of metadata and real-time visibility technologies.
Integrating and tracking metadata is as crucial to compliance as integrating and tracking ?regular? business data. Metadata provides audit capabilities that are critical to compliance initiatives. It ensures that you are dealing with common definitions. And it enables a cohesive systematic view of data lineage. Through metadata tracking, items can be tied back to their ?owners,? and you gain a clear picture of who changed what data and when, why they did it, and what happened downstream when the change was effected.
Real-time visibility into the entire integration process is equally important. You need visibility into information flows in order to ensure the consistency of your data. And of course visibility at the consolidated view level is mandatory and encompasses comprehensive financial and other reporting, dashboard views, and real-time compliance alerting.
Adaptability: integration-centric vs. non-integration-centric approach
While compliance is ongoing, its functional requirements grow, morph and sometimes appear with little warning. Who could have envisioned Sarbanes-Oxley just a few years ago? Or the Patriot Act? And who knows exactly what compliance issues will emerge in the next few years?
What you do know is that you are going to need to anticipate new and unforeseeable compliance challenges. Without a doubt, you are going to have to meet those new challenges within short time frames, in as low risk and low cost a fashion as feasible. This strongly argues for implementing an integration-centric approach to compliance, as part of comprehensive compliance- management architecture.
An integration-centric approach enhances the flexibility, and thus the value, of such an architecture because you can design the data integration capabilities necessary to meet whatever happens regulation wise. You have a supple, adaptable and (over time) familiar framework for integrating new data and types of data in new ways. In contrast, a non-integration-centric approach means having to recollect data for each new compliance mandate that comes along.
An integration-centric compliance-management architecture can help you avoid having to ?hard wire? data connections and hand code data transformations and consolidations. It can also help ensure the immense scalability required by many compliance initiatives. The requirement for integrating and storing huge volumes of data?10 years or more in some cases?is driving the immediate need for scalability. Again, who knows what tomorrow?s needs will look like?
Integration Competency Centers
Integration centricity wasn?t born out of the need for ensuring compliance. An increasing number of companies are launching Integration Competency Centers (ICCs), or centers of integration excellence, in order to promote unified data integration standards, processes and practices and the continual leveraging of integration knowledge and efforts across numerous integration projects. Many are now finding that their ICC can play an important role in implementing a compliance management architecture and ensuring the success of compliance initiatives. Similarly, a compliance initiative can be the perfect launching point for an enterprise ICC.
The organizational analog to an integration architecture, an ICC can help drive extensive reuse of data integration resources and a more consistent approach to integration. Companies with ICCs have been able to dramatically speed the deployment and reduce the costs of strategic integration projects such as compliance related projects. In fact, through an ICC approach to data integration, a 35 percent reuse of development work across 10 projects can save almost $2 million in costs and a thousand person-days of effort.
Stars are aligned
If there is such a thing as a compliance mandate mantra, this is it: Capture, integrate and retain it all. Look into all details?clearly, with confidence, and at every step of the process. Be prepared to change on a dime and to grow the enabling infrastructure to immense size. Be ready for any new statute or ruling that comes down the road.
All this points to the need for an architected, integration-centric approach to compliance. An approach that comprises a unified platform for the technology side of the equation, coupled with a unified process and set of standards on the organizational side. This is not pertinent merely to compliance, but to integration in general.
What IT does to meet compliance requirements can easily resonate throughout the enterprise for other strategic purposes, including business intelligence, CRM, strategic sourcing and much more. Hence IT needs to look at integration as both a mandate and an opportunity. From the mandate point of view, it is necessary to do everything possible to ensure compliance and to never get caught short. From the opportunity point of view, IT will never be in a better position to get data integration and business visibility ?right? across the entire business. The stars are in alignment and everyone in the organization, literally, has a stake in your efforts.
James Markarian
Informatica
Informatica
James Markarian is the CTO of Informatica, where he leads their product strategy, defining the key technologies and themes that are instrumental for Informatica?s industry-leading data integration platform.
|
|
|
|
|
