A one-person novelty T-shirt company in Chicago was recently forced to comply with 135 pages of terms and conditions because a major national retailer will carry one of its products. They’re not alone. Gartner research indicates that compliance is now one of the top three issues facing U.S.-based MSBs. Learning how to embrace the effort required to meet compliance demands is an economic, legal, and business imperative. With the proper planning, it saves money, reduces risk, and ensures that deadlines are met.

Take a lesson from Y2K
Through 2009, as compliance requests increase and become more burdensome, midsize businesses will continue to under fund compliance effort budgets by almost 50 percent, leading to violations, trading partner incompatibilities and other wasted opportunities. (.8 probability)

Many midsize business CIOs are intimidated by the very thought of tackling a compliance project like Sarbanes-Oxley. Ironically, most have already lived through an equally if not more daunting project and don’t realize it -- the “mother of all compliance projects – Year 2000 (Y2K). With this thought in mind, CIOs should approach compliance projects as they would any other major enterprise endeavor.

Put an end to fire drills
Most midsize businesses are taking on compliance projects ad hoc, addressing requirements as they emerge and treating them as one-time, just-in-time projects. Compliance projects are not fire drills. This approach is not only more expensive, but it puts the enterprise in jeopardy of violating compliance requirements or failing to meet trading partner specifications. An enterprise not meeting Sarbanes-Oxley levels of transparency can find its audit fees, borrowing costs, and director and officer insurance premiums significantly higher.

Establish a process architecture
Midsize businesses should look at developing a compliance management architecture that uses the business's established assets and tools to work for emerging compliance mandates. They must adopt the philosophy that compliance is synonymous with corporate performance management and create an explicit link between compliance, performance management, and value.

MSBs must understand that non-compliance can be expensive: there are both the hard financial costs (i.e. fines, higher insurance costs) as well as the intangible expenses (i.e. negative publicity, loss of investor confidence, strained business partner relationships) which may be more damaging. At the same time, Gartner Public Policy Analyst John Bace suggests specific strategies for turning this otherwise unwelcome imposition into benefit for the enterprise (see sidebar).

Compliance starts at the top
A better approach is to view compliance as a process that improves management, lowers cost and enhances quality. Sarbanes-Oxley is only the latest of many compliance challenges. As we await the next initiative that will demand corporate attention, we must prepare for a regulatory environment that will grow more onerous, and not less. Compliance should embrace enterprise-wide processes; it should be managed and supported by owners, well-designed systems and appropriate technology. The real goal of compliance efforts should be to help the company do better business.