Making compliance work requires end-user buy-in

Published: March 20th, 2008

While compliance may be at its core about following legally-proscribed rules and regulations, one partner says a compliance sales pitch based around fear isn’t going to get the channel anywhere.

Toronto’s imason Inc., an Internet consulting firm and Microsoft Gold Partner founded in 1999, has built a practice around helping clients with compliance issues. Jeff Dunmall, a principal with imason, says it’s undeniable that personal and reputational risk is a motivating factor behind compliance.

“It’s not just about staying out of jail; it’s about keeping your company out of the newspaper. We really see that as a driving risk with these regulations,” said Dunmall.

That’s echoed by Microsoft Canada CFO Joel Freedman, who notes Microsoft (NASDAQ: MSFT) spent tens of millions of dollars in year one to comply with Sarbanes-Oxley. Complying with current regulations as well as being ready for new ones has become one of the daunting tasks for today’s CFOs, says Fredman.

“IT plays an important task in ensuring compliance and, what’s important to me, is keeping CFOs out of jail as well,” said Freedman.

However, while CFOs are concerned about staying out of the pen, imason’s Dunmall says a business case built on fear isn’t going to fly. After all, how do you put a dollar value on risk, he asks.

“And a business case built on fear its one that’s tough to take through to completion,” said Dunmall.

As well, even if a business case could be built, on fear without end-user buy-in it won’t be a success. In its compliance projects, Dunmall says imason tries to help clients see how the end-users will use the system and benefit from it, and how it will increase productivity. It’s key to have an end user advocate on the project from the start, he says, to ensure their perspective is kept in mind and the system that results will actually make their jobs easier.

If the new system makes it easier for end-users to do their job, and it gives the company the record-keeping and standards they need for compliance, then everyone wins, he says.

There’s not really such a thing as a compliance solution though, says Dunmall. In most cases, it’s an existing business process that can benefit from workflow automation and provide productivity benefits, in a way that’s compliant with regulations.

While Microsoft touts its SharePoint Server as a tool with features that can help businesses work in a compliant way, such as sharing documents with a record of who made what changes and when, Freeman agrees compliance isn’t a tool in and of itself.

“There’s no tool today that you can buy that will take you magically from out of compliance to in compliance, but there are tools that will help you get there,” said Freedman.

And the key to getting there says Wanda Yu, senior SharePoint product manager at Microsoft Canada, is building an IT infrastructure that is flexible and agile enough to adapt to the changing compliance landscape.

“The landscape is always shifting. It’s always shifting and it never stays still,” said Yu. “The organization needs to be agile enough to respond to that change in focus.”