"CIOs need to think about compliance holistically"
Feb 22, 2008 1516 hrs IST

Regulatory compliance among enterprises shows a positive impact on the quality of the products and services offered by them. Shellye Archambeau, CEO of MetricStream, a provider of enterprise-wide Governance, Risk, Compliance (GRC) and quality management solutions, in an email interview with Priyanka Akhouri, talks on the Indian industry's increasing compliance requirements

Compliance is catching up among industries, what is your view on compliance in terms of the Indian market? Could you provide some statistics? Indian companies, especially in the pharma, biotech, IT and financial services domain, have drawn up aggressive overseas expansion plans and as they go abroad, compliance becomes a key issue. We believe that the market for Quality, Regulation and Compliance (QRC) business in India would see huge growth over the next couple of years. We estimate that the QRC related spending by India's top 2000 firms to be around US $1 billion, a figure that has ballooned from about US $100 million in 2002-03. On an aggregate basis, including spending by regulators like SEBI, the QRC spend in India is estimated to be around US $8 billion to US $10 billion, though in percentage terms, this is about 10% of what is incurred as QRC spending in the US. How does regulatory compliance benefit the enterprises? Let's take Sarbanes-Oxley Act (SOX) as an example. There has been strong criticism of Sarbanes-Oxley regulation for overburdening companies. While it is true that SOX may require more than is needed, it is also true that many CEOs will admit to getting some benefits from the regulation. It shouldn't be forgotten that it was ordinary shareholders who ended up being short-changed by companies whenever they broke the inherent trust of the financial markets. I believe that the Sarbanes-Oxley provisions give CEO's an internal mandate to institutionalize what most of them have always wanted, but in many cases failed to achieve real-time documentation and stronger controls on key financial and operational processes, which can boost financial performance. That is the benefit they are receiving. What are your views on SEBI introducing Clause 49 for compliance? How do you think that this will affect the various industry verticals? SEBI's objective of adding Clause 49 in the Listing Agreement between a company and the stock exchange it is listed on is to effectuate good corporate governance practices in Indian companies. The clause aims to protect the interests of the investors through improved quality and quantity of disclosures. With the increased regulatory oversight and investors' expectations for good governance, it has become imperative for companies to incorporate best practices in their business conduct and compliance programs. Companies will have to put more focus on stronger controls on key financial and operational processes, which can boost financial performance. What are your views on the compliance requirements affecting the pharmaceutical industry? Is there an increasing need of compliance among various industry verticals? There is evidence to show that regulatory compliance by enterprises results in a positive impact on the quality of the products and services that they offer. As we raise the quality of our safety processes, create better frameworks for corrective and preventive action, build an infrastructure of emergency preparedness and disciplined audits, not only are we being more compliant, we are also raising the safety of our employees and facilities worldwide, eventually resulting in better managed safety and environmental risks for corporations. These risk reduction initiatives translate ultimately into more predictable and sustainable shareholder returns. In November 2006 MetricStream had partnered with NASDAQ to launch an online community for compliance called ComplianceOnline.com. How has this helped the businesses and what has been the impact so far? The partnership with NASDAQ has helped MetricStream capture marketshare faster than it could have done independently. Several NASDAQ listed companies are now managing their Governance, Risk and Compliance (GRC) initiatives with MetricStream solutions. These companies are distributed internationally including companies in USA, Canada, Russia, Australia, and India. MetricStream has also partnered with NASDAQ to create a co-branded portal, Corporate. ComplianceOnline.com, to help serve NASDAQ listed companies with their information needs around GRC and Quality Management needs. According to you what should be the steps taken by CIOs to improve the issue of compliance in their organizations and improve productivity? Firstly, CIOs need to think about compliance wholistically and develop a framework for managing and supporting compliance initiatives. There are then several key elements required to manage compliance effectively. * Establish the necessary policies, processes, and controls for the areas of compliance that relate to your business * Also establish and maintain an enterprise view and management system to monitor these * Enable businesses within the company to administer the processes and controls and have accountability for outcomes * Establish the tools to enable regular and ideally automated auditing, monitoring and reporting * Drive continuous remediation, enforcement, and process improvement How has been the compliance growth in India been in the last three years? With the increased regulatory oversight in India and investors' expectations for good governance, it has become imperative for companies to incorporate best practices in their business conduct and compliance programs. Also, with the introduction of various compliance requirements like Clause 49 in India, compliance implementations have seen a significant increase in the last few years and this trend is expected to continue. What are India market expansion plans for the company in 2008? Are you looking for any other partnerships in the long run? We continue to grow substantially in India. We have a couple of hundred employees now and continue to hire. In addition we are selling into the India market place. We have sizeable customers ranging from Hexaware to Aurobindo Pharma. While I can't share specific numbers, we expect to triple our sales in India this year. A key partner for us in addition to NASDAQ is TCS. We are working together to grow this market by providing solutions across the GRC arena. We will continue to look for complimentary partners to aid us in our growth.