The survey, conducted for compliance software firm Serena Software by MarketShare, interviewed 148 CIOs from medium-large companies across Australia, China, Hong Kong, India, Japan, Korea, and Singapore. The survey measured the importance of regulatory compliance to APAC companies and CIOs as well as their attitude towards IT in ensuring compliance.
The survey revealed that regulatory compliance will become an important issue for APAC companies in the near future. Even though current take up of regulatory compliance programs has been low, it will increase significantly in the coming year, according to the survey. Only 21% of APAC respondents have already implemented regulatory compliance programs, but more than half (52%) are planning to by the end of this year. Other findings from the survey:
70% of APAC respondents believe that they will gain an advantage over their competitors by complying with regulatory compliance standards.
- 43% of APAC respondents feel that the reason why compliance is important is that it "allows them to do business/ trade with overseas companies".
- Nearly one third of APAC respondents feel that compliance is important because they have to comply with local regulations (current and upcoming).
- "Being listed in a foreign country and having to comply with their regulations" was another major reason why CIO respondents in APAC feel compliance is important.
The survey also showed that most APAC companies surveyed feel that Singapore is the country leading the change in meeting regulatory compliance standards (31%). Japan (20%) and Hong Kong (23%) are also seen as leaders in meeting regulatory compliance standards.
"Asia Pacific is waking up to the relevance of international compliance requirements such as Sarbanes-Oxley and Basel II to the region. Australia has yet to legislate mandatory compliance, however standards have been established, such as AS8015," said Charles Rignall, country manager, Australia and New Zealand for Serena Software. "Relevance for compliance will be driven by corporate headquarters demands and global trade requirements. If companies want to do business with a multinational corporation or trade with an overseas company - they have to meet minimum standards. Assurance must be given to customers and partners that you can work at the same level."
The survey also indicates that IT will have a major role to play in meeting regulatory compliance standards. According to the survey, more than three quarters of CIOs in APAC indicated that compliance will be one of their top IT objectives to implement and maintain regularly over the next year.
Commenting on the survey results, Australian independent advisor on corporate governance of ICT and AS8015 specialist Mark Toomey, said: "It is lamentable, but not surprising, that Australia was ranked fourth in compliance leadership, with only 10% of the nominations. This poor result joins with other indicators to confirm that Australian organisations are weak in corporate governance of information technology. Weak governance allows problem situations to develop, such as the disastrous implementation of the Australian Customs Service Imports module in October 2005, and costs the Australian economy billions of dollars every year."
Toomey went on to say: "Effective corporate governance, from the boardroom down, should include formal systems of monitoring and control for compliance. These systems should ensure that both business and technology managers are properly engaged in identifying compliance requirements and planning compliance initiatives which typically involve complementary adjustments in systems, practices, training and organisation. In the interests of efficiency and effectiveness, many organisations would benefit from adoption of software tools to underpin the ongoing monitoring and control of their compliance obligations". He warned, however, that adoption of compliance and governance tools is not a panacea, and that specific effort is required to ensure that the right people are involved in the compliance processes, and that the compliance system has effective coverage of all relevant matters.
Other key survey findings:
- Most APAC CIO respondents (88%) think that IT has a major role to play in ensuring regulatory compliance.
- Given the importance of IT to ensuring regulatory compliance, CFOs and CEOs may no longer be the only executives responsible for compliance activities. The survey revealed that 57% of APAC CIOs feel that they may be held directly accountable for compliance activities in the future.
- The survey shows that APAC respondents currently spend a low proportion of their IT budget on compliance-related activities. The majority of companies (60%) say that they currently spend "less than 5%" of their total IT budget on compliance-related activities with only 9% of companies saying that they currently spend "more than 15%".
- APAC companies surveyed will start to use more of their IT budgets on compliance-related activities over the next 2 years. 27% of companies plan to spend "over 15%" of their total IT budgets on compliance-related activities in the next 2 years (compared to 9% for current spending over 15%).
"The CIO survey shows that compliance is a major issue in APAC, not just the US and Europe. Regulatory compliance requirements are influencing companies in APAC and IT will definitely play a major role in meeting compliance standards," said Rignall. "Given that CIOs and companies in APAC are starting to realize the advantage of meeting regulatory standards, there is a demand for change governance solutions that will support these compliance initiatives."