Global Journal of Management and Business Research, A: Administration and Management, Volume 23 Issue 10

Sustainable Compliance Programs in Complex Organizations Global Journal of Management and Business Research ( A ) XXIII Issue X Version I Year 2023 7 © 2023 Global Journals to be a common theme on how organizations should structure their IT investments, to move to a sustainable compliance program. The key theme repeated in these industry journals relates to the need for the IT infrastructure re-usability in supporting the requirements of various regulatory requirements, the starting point for which would be for organizations to evaluate the common requirements amongst these IT audit programs. In this context, the compliance IT audit programs looked at by this paper have the following key IT considerations, (a) Identity Management & Access Control (b) Content & Records Management (c) Risk & Reporting Management (d) Data & Process Manage- ment. In addition, having an IT infrastructure that provides for a ‘consolidated’ ERP system with ‘ business continuity ’ provisions is considered crucial for sustainability. Boards in most firms have historically not considered IT as a key enabler in growth and transformation (blaming the high failure rate of IT projects, and the lack of measurement techniques to measure IT’s value to the organization), pushing the topic (IT) out of the strategic picture for the firm. This view seems to have changed recently with the ITGI paper 3 providing evidence of the growing shift away from the above opinion. The survey of the Fortune 500 companies on the board’s view on the importance of IT and their need to govern IT, suggests a trend of boards taking a more active role in the IT Governance program of the organization. The move has also been quickened in banks that are subject to the Basel II requirements, which hold the board member to be accountable for IT operational failures 4 3 IT Governance Institute (ITGI), “ IT Governance Executive Summary” ( “seven of eight boards are at least regularly informed about IT issues, while six of 10 boards approve IT strategy, half of them having an IT strategy Committee”). 4 Kennan, Paddy, (2003),Computer Weekly 9/16/2003, p40-40 . The above predictions clearly point to the critical role played by IT within organizations in their drive to comply with different regulatory requirements. In addition, they refer to the identification of the common IT considerations for the compliance IT audit programs as a key step in building the underlying IT infrastructure. In selecting and implementing these solutions, the IT management plays a critical role. While there seems to be a growing trend in the board’s involvement in providing increased oversight on IT strategy, majority of the firms still have their IT strategy driven by the executive management. While there are multiple IT Governance frameworks available in the market, studies point to the trend that favours combining these frameworks when implementing these within organizations. b) Compliance Management Implications on Compliance IT Audit Programs The prior analysis suggests that high level information management issues, organisational design, people management and corporate governance and internal control effectiveness can influence expenditure as well as compliance management. Given the underlying need of these compliance programs there is an implicit requirement imposed to having an effective underlying information management infrastructure – including availability of adequate controls in the infrastructure to prevent any misuse. Due to the increased usage of information systems in a firm’s operations, the (impact of the) risks related to infrastructure failure has become a key component in the organization’s overall risk and compliance programs. To manage this risk introduced by the information systems component, organizations have been looking to reduce the complexity surrounding these systems, thereby creating the need for an effective information governance platform 5 c) Risk Management Implications on Compliance Programs . Recent corporate innovations in risk management and insurance products for capital raising by financial and non financial firms have effectively bypassed those required in accounting rules by permitting firms to transfer capital at risk from retained to transferable sources. The risk management process of any firm will be targeted at those decision variables that affect at least one dimension of the firm’s financial condition. However these choices are also endogenous with the regulatory structure. Our analysis of the effectiveness of organisational compliance business unit programs indicates that a firm is likely to be subject to a range of differing corporate governance control and/or industry environments. Culp (2001, 188) proposes that despite the interconnections between a firms’ value, earnings and cash flows, these three alternative measures of a firm’s financial condition can be quite different when viewed as strategic variables. Theories that explain why the value of the firms can be increased by risk management depend on whether the focus of compliance is on value, cash flows on earnings. Several of the theories of risk management presuppose that the risk management process of a firm is aimed at controlling the value of the firm, or more specifically, the market value of its assets and liabilities. Jensen and Meckling (1976) argue that value risk manager is then concerned about the value of the firm, either at a specific point of time, or over regular intervals. By contrast, a cash flow risk manager is concerned with the cash flows whenever they might occur. The Froot et 5 Information Systems Audit and Control Association (ISACA), “ IS Auditing Guideline (Document g18”), 2002, http://www.isaca.org/ ContentManagement/ContentDisplay.cfm?ContentID=18562