Practical advice for CIOs wrestling with compliance issues

Overview This chapter from the upcoming book CIO Wisdom II delves into useful strategies for CIOs who don't have a dedicated department to take care of all their compliance concerns.

Most large companies have a compliance team and in-house lawyers to keep on top of the regulations. This team may also include someone from IT, so the CIO doesn't carry the entire burden of ensuring compliance. However, in smaller companies, compliance is often an extra responsibility given to representatives from different business units. In this setting, it is imperative that the CIO be involved with all compliance issues.In this sample chapter from CIO Wisdom II: More Best Practices, author John Supplee, in conjunction with the Enterprise Computing Institute, examines a number of key aspects of managing compliance. His recommendations include:

• Structure the compliance staff in such a way that it will not inhibit the discovery and correction of issues.
• Know each of the individuals involved in the compliance process.
• Create a comprehensive risk assessment for the organization and each function.
• Talk about the issues with upper management and the board and train employees so that you create a culture of compliance.
• Talk to outside vendors and auditors when looking for solutions.
• Try to use each new regulation as an opportunity to create business value.

Title: CIO Wisdom II: More Best Practices
ISBN: 0131855891
Published: November 2005; Prentice Hall Professional Technical Reference
Authors: Phil Laplante and Thomas Costello
Chapter: Compliance for the CIO (chapter author: John Supplee, in conjunction with the Enterprise Computing Institute.)

Join the