From a CIO's perspective, legislative compliance plays a large role in governance and IT/business alignment. To achieve compliance, IT must implement a large body of controls that mitigate risk. Small to mid-sized enterprises (SMEs) are at a disadvantage due to resource constraints, but can still comply with the law by focusing only on the most relevant IT controls.
The SME Squeeze
An earlier McLean Report research note, “SarbOx for SMEs Now an Absolute Certainty,” demonstrated how new compliance deadlines are forcing SMEs to quickly identify requirements and turn them into real-world IT controls in order to meet auditor demands. The situation becomes even more critical from a cost perspective, given the average SME pays out disproportionately higher costs to meet first-year compliance requirements (about 1% of annual revenue) than do larger enterprises (0.1% of revenue).