Survey Says 87% Unhappy With Compliance Procedures
Are you dissatisfied with your credit union’s compliance procedures? You can take solace in the fact that you are not alone.
According to a new Osterman Research Report sponsored by KnowBe4, a security awareness training company based in Clearwater, Fla., a mere 13% of companies surveyed across numerous industries are happy with their current compliance procedures.
Despite the fact that 63% of companies surveyed considered regulatory compliance to be “very important,” research found typically 19% of compliance and audit time each year is spent on tracking requirements and another 31% on gathering and maintaining audit evidence.
“Much of the discontent stems from the focus on manual processes,” said Stu Sjouwerman, CEO of KnowBe4. “This is quite cumbersome and expensive.”
According to the report, compliance management is subject to a high volume of change in regulations, with the U.S. government leading the way as demonstrated by the growth of the U.S. Federal Register. This document, a daily publication that contains proposed and final regulations of U.S. federal agencies, published an average of 3,827 final rules and 2,445 proposed rules each year between 2002 and 2012. That represents an average of 14.7 final rules and 9.4 proposed rules each workday.
To understand the high cost of conventional compliance management processes, Osterman Research conducted a survey with organizations in numerous industries. Using a subset of their survey sample to eliminate outliers, they discovered that the combination of labor and expenditures on tools and services totals $523.93 per employee per year, or $43.66 per month. For a company with 500 employees, that is $261,000 per year.
One of the fundamental problems of compliance management is the fact that much of it is focused on manual processes – maintenance of spreadsheets or Word documents or home-grown software that help an organization to stay current with its compliance obligations, but that require significant effort to maintain, KnowBe4 said.
Add to this the significant amount of time that is required simply to search for the right information to populate these documents and tools. One source has estimated that up to 80% of the time spent by compliance risk professionals is focused on the search for relevant data, KnowBe4 said.
Moreover, there can be significant duplicate effort on the part of compliance management staff, particularly in large and distributed organizations because several people may be working on the same compliance issues unbeknownst to others in the organization, Sjouwerman said.
In conjunction with the manual nature of the compliance process in most organizations, this duplicate effort results in compliance management that is relatively inefficient and may actually be contradictory in some cases as different groups develop their own interpretation of how best to satisfy compliance issues, he said.
“Improving the tracking and gathering of audit evidence alone can help an organization save considerably in both time and budget,” Sjouwerman said.