Regulatory compliance management (RCM) still isn’t a mature process despite its enterprise-wide impact, says French Caldwell, chief evangelist at MetricStream.
In fact, many companies even still rely on spreadsheets like Excel to manage regulatory compliance.
The company’s recent change management survey highlights the difficulty organizations and companies have keeping up with the multitude of legal requirements and rule changes.
According to the U.S. Congressional Research Service, the number of final rules from U.S. federal agencies alone ranges between 2,500 and 4,500 annually.
Caldwell says compliance teams must scan multiple sources to keep track of new or changed regulations, conduct business impact and risk assessments, implement relevant changes to policies, processes, systems, and controls, and finally, carry out the testing, monitoring, and audit processes to ensure that their enterprises are up to date.
The MetricStream survey analyzed existing processes at dozens of organizations, the number of employees dedicated to regulation compliance and the departments in charge of RCM at those organizations.
The results indicate that many businesses are still unaware of or are unable to invest in appropriate technology and tools.
The MetricStream survey found that most companies are dedicating a growing number of employees to the RCM process.
- Mid-size enterprises (1,000 – 10,000 employees) have three to 10 people dedicated to RCM
- Large enterprises (more than 10,000 employees) have at least 21 people on RCM
The survey also found that RCM maturity is low across enterprises.
- Nearly half (48 percent) of organizations still rely on manual processes and basic office productivity software such as Excel spreadsheets to track regulatory changes
- The next most common methods are knowledge management software (19.5 percent) and in-house development tools (17.9 percent) – proving high tech tools are widely under utilized
- The department most commonly tasked with managing and implementing RCM is compliance (61 percent), followed by legal (16 percent) and operations (7 percent)
- Organizations rely on a number of sources to keep up-to-date with regulatory developments, the top being regulatory agencies’ press releases (84 percent) and then industry bodies and trade associations’ announcements (70 percent)
The full survey can be viewed here.