Why do we hate compliance requirements?

Wikipedia’s definition of compliance describes it as being (mechanical science) as inverse of stiffness (my favorite), than there are words like adherence, measure and regulation. The first reaction is oooopfh with a slight groan. It is a natural reaction. Information tecnology leaders today have to deal with HIPPA, PCI, Sarbanes-Oxley (SOX), and many others depending on your industry and whether you are a public or privately held company.

So, after the oooopfh, what to do next. Well, let’s look a the first definition listed by first, inverse of stiffness. Compliant, pliable, flexible – hmmm, those almost sound like being agile. Hold there cowboy (oh by the way Go Giants), are you soft in the head thinking that having to achieve compliance makes you agile. When SOX came out, article after article of the impact on technology projects, never mind negative impact on profitability for the company as a whole. Just after the Y2K focus for 2 years, now just a mere 3 years after that IT organizations had to scrape plans for many other key growth/profit driven projects to take on the SOX compliance initiative.


“The first and most obvious benefit of PCI compliance is a simple matter of trust.”

It seemed a bit to easy for IT organizations to make that leap when the panicked senior management from the CEO to the CFO seemed to have simply nodded acknowledgements when IT said they need to focus on this and this will be a good amount of IT’s budget for two years or more. Okay, I am judging here – which is worse, as I was not in a public company at that time.

The point is not to treat a compliance activity as a negative. IT has to be agile due to customer demands, market changes, economic conditions (or have you forgotten), new emerging markets and so on. What is so different from a new compliance requirement? Let’s compare it to a new customer demand. Customer A calls up and tells your VP of Sales that they now want to receive hourly updates via instant messenger on changes to their order status. Why you ask, well your competitor is doing it and if you want our business you have to do it too.

After looking at our VP of Sales in disbelief and asking exactly how much does this customer contribute to revenue over that past three years and reply a number that makes you go Okidoki, you will either first start thinking of how you can accomplish it or what will be pushed back to get this done. After you start digging into it you should find yourself starting to consider other possibilities, ways to replace other parts of the CRM process with this communication and what else this IM’ing communication could be used for to expand the customer potential.


“One can think of SOX as perhaps the largest quality improvement initiative ever undertaken by corporate America.”

Let’s look at compliance in the same thought process. A new regulation is passed and your business needs to gain compliance or face fines, possible even have to shutdown. So, the compliance requires IT to develop a new system or modify an existing system to automate the process of achieving compliance.

Seems simpler than a customer demand or competitive game changing scenario. The opportunity here is to look at the compliance as chance to look at those processes that are causing the non-compliance for process improvement impacting your bottom line in a positive manner and/or developing a process and system that improve your company’s marketability.

Compliance is the inverse of stiffness. If your company and your technology is compliant (aka flexible aka agile) than handling a customer demand, a competitive pressure or a compliance challenge is the same thing.