Portfolio Expert
4 Steps to Compliance
What business executives, IT professionals and developers need to consider to stay compliant.
Compliance. The word can strike dread in the hearts of business executives, IT professionals and developers alike. The laundry list of compliance initiatives is long, complex and ever-shifting -- bedeviled by dynamic content and legislative wrangling. The problem goes beyond well-known compliance initiatives like Sarbanes-Oxley and Basel II. Any company doing business internationally must also build software that addresses a raft of local compliance issues, ranging from accounting and auditing to business practices, local laws and tariffs.
New meaning for ROI
When it comes to legislated compliance, the stakes are high. The term ROI takes on an entirely new meaning when executives must contemplate Risk of Incarceration, but it's the fines, financial costs and battered corporate reputations that provide the most incentive to comply. The cost of not complying is simply prohibitive. No company wants its name smeared on the front page of the Wall Street Journal.
No surprise, then, that executives demand action, requiring IT staff and developers to contort themselves to comply.
Common Sense
Before you groan, there is a silver lining in all of this: Legislated compliance can translate into common-sense rigor. Auditing mandates improve discipline for change management and yield better quality control for software development. The result is better development practices and higher-quality applications.
Savvy IT organizations can leverage compliance funding to underwrite best-practice approaches for application lifecycle management (ALM). Until compliance initiatives opened up the funding floodgates, ALM process improvements got delayed like a 5 p.m. flight out of O'Hare in a snowstorm. Continuous process improvement was not the norm. Instead, postponement typified IT approaches to improving the software development and ALM processes.
Changing Culture
The legislative imperative to audit, change, manage and validate business practices and financials flows directly to the software that manages those areas. Organizations with fractured change management and poor-quality approaches now can justify buying automated tools that focus on standardization (rather than a multi-tool/any-tool approach).
They also have the mandate to shift organizational structure and demand changes in staff behavior. Human beings change with great reluctance, but compliance initiatives help change culture because executives on both the IT and the business side for once are joined by a visceral, common fear and common goal. And there's sufficient funding -- almost -- to help make change happen.
A major financial services organization, for instance, took a Sarbanes-Oxley compliance initiative and drove standardization for testing, software change and configuration, and IT project/program portfolio management (IT PPM) tools. Initially, the company had multiple products for the first two areas and a nascent approach to IT PPM. The compliance program enabled the company to invest in consolidation of lifecycle tools and target "softer" areas of best-practice adoption of rigorous change and quality management. In addition, this organization was able to focus its program and portfolio management efforts to adopt technology that they later leveraged to prioritize their overall business/IT portfolio of software initiatives (beyond SOX).
Leveraging Compliance
So what key steps are required to leverage a compliance initiative in your shop?
| 1. |
Evaluate/baseline your company's current levels of process and organizational maturity for lifecycle management (requirements, change, quality and program/portfolio management) and map them to compliance demands. |
| 2. |
Assess current tools commitments, redundancies and gaps for ALM. |
| 3. |
Establish and invest in a compliance strategy to move the company to ALM best practices and consolidate or augment the existing tools portfolio using appropriate automated technology for change management, test and project/program portfolio management to meet compliance mandates. |
| 4. |
Post-implementation, the company should measure and market efficiencies and cost savings resulting from change management, quality and prioritization improvements resulting from more rigorous ALM and IT project portfolio approaches. |
The next time you groan in despair at the latest slippery shift in the compliance effort you are managing, take a moment to appreciate the opportunity. Seize the chance to finance effective approaches to software development. And who knows? It just might improve the delivery speed, quality and relevance of other software development initiatives.
About the Author
Melinda-Carol Ballou is program director for IDC's Application Life-Cycle Management research, where she focuses on software life-cycle process configuration and management, software quality and IT governance software. Prior to joining IDC, she ran Ballou IT Strategies, an independent consulting company specializing in PPM and ALM, and served as senior program director at META Group.