Though an average company will spend approximately $500,000, leading businesses are using these mandates as an opportunity to identify and transform business areas that need improvement.
"Compliance is an all-encompassing set of activities that cross business and IT groups," said John Hagerty, vice president of research at AMR. "Companies that see the big picture will put these mandates to work for them and use them as a catalyst to improve or even rethink many parts of their organizations."
And, in order to ensure efficient operations, businesses are moving towards a more structured compliance initiative.
"In 2005, over 80% of companies expect to have an executive-level compliance officer," said Hagerty. "Centralization of compliance issues under an executive will unify an approach to compliance."
Companies are also rethinking how to fund compliance. The study found that in 2004, 35% of companies had a specific budget for compliance initiatives, but almost two-thirds had to pull from other areas to fund these projects. In 2005, more companies (40%) will have a specific budget for compliance.
Although technology spending is a major part of compliance investment, ranging from 28% of overall SOX spending to 42% of overall HIPAA spending, investment on internal staff is the largest budget item in compliance.
SOX remains the most expensive initiative, accounting for 39% of all compliance spending.
The study, Spending in an Age of Compliance, 2005, is based on a survey of over 225 business and IT leaders on their compliance spending priorities.