IT's Burden of Compliance

David Wagner, Managing Editor | 4/19/2012 | 9 comments

David Wagner
Compliance. I don’t know of anyone who likes to hear the word. No one really likes to comply. They might agree. They may join in. They might even approve. They seldom like to comply because it denotes a certain amount of surrender to a higher power. Compliance is a burden added to your work day by a taskmaster. Because of that, a lot of IT folks are probably going to be pleased to hear about the Dodd-Frank Burden Tracker released by opponents of Dodd-Frank in the House Financial Services Committee.

The Burden Tracker, as Committee Chairman Spencer Bachus says, “will help the public better understand how the cumulative weight of these new rules -- layered upon existing outdated, unnecessary and duplicative red tape -- hurts small businesses and financial institutions.” Of course, that’s a loaded description from a partisan opponent of the original bill.

Here’s another one from Oversight and Investigations Subcommittee Chairman Randy Neugebauer: “It will take over 24 million man hours to comply with Dodd-Frank rules per year. It took only 20 million to build the Panama Canal.”

I suspect that those of you in Financial Services IT find that argument pretty convincing. Why should so many man hours be put into something as onerous as compliance?

I won’t argue the merits of Dodd-Frank. As the press release admits, only 185 of the 400 rules required by Dodd-Frank have been written so far. We’re still figuring out what Dodd-Frank is. Until then, it is silly to argue whether it is good or bad.

Instead, I want to remind you of the heady days of Sarbanes-Oxley. In 2005, The Economist published an article asking whether the cure of SOX was worse than the disease. The article said large enterprises were wasting 70,000 man hours to SOX compliance and that the net cost to the economy of SOX was $1.4 trillion. SOX had passed 423-3 in the House and 99-0 in the Senate, and yet the whining commenced almost immediately.

But it soon became clear that man hours and cost of compliance would go down as IT applied its special brand of ingenuity to it. Even from 2004 to 2005 at the very beginning of SOX, the cost dropped 46 percent. Even that early Economist article admitted that the upfront cost was the worst. Costs and man hours continued to drop as more was automated and the process was built into daily business. According to this 2011 survey, SOX costs between $100,000 and $1 million per year for most companies, when the cost shown in the 2004 survey was $4.6 million.

There were side benefits to SOX, as well. It gave companies a better understanding of what they were doing, helped them avoid risk, and even led to new best-practices that saved money elsewhere. Of course, I’m not going to argue for the success or failure of Dodd-Frank based on SOX. I’m sure one could point to failures in SOX as well.

I merely use it as an example to show that the estimate of man hours required in Dodd-Frank is grossly exaggerated. Those figures, if accurate, will only be accurate for the first year of the process at best. The costs and labor will go down as IT applies itself to automating the process.

Burden trackers are a great idea. We need to know exactly what we’re asking the enterprise to do. But to be honest about it, they need to take into account IT’s immense skill in turning a big problem into a small one in very short order. I don’t think we know enough about Dodd-Frank to make a judgment yet, but I do know financial services CIOs will have their departments ready to respond.

View Comments: Newest First | Oldest First | Threaded View
David Wagner   IT's Burden of Compliance   4/23/2012 11:57:43 PM
Re: Reduce unemployment
@Umair- that's an ineresting point regarding the new jobs. Really, when you break it down, 11,000 new jobs across an entire country with thousands of organizaitons doesn't really seem like too much. It almost seems like a fraud to even compare it to the panama canal.

At any rate, a few new IT jobs doesn't sound so bad anyway.
Umair Ahmed   IT's Burden of Compliance   4/23/2012 9:28:46 PM
Reduce unemployment
"It will take over 24 million man hours to comply with Dodd-Frank rules per year. It took only 20 million to build the Panama Canal."

On calculation of 8 hours per day and 22 working days a months, 24 million man hours for Dodd-Frank compliance will create 11, 364 new jobs, if work force in the enterprise is completely utilized. New law seems like an effort to achieve multiple goals including the reuction in unemployment .
Umair Ahmed   IT's Burden of Compliance   4/23/2012 9:13:54 PM
Law makers should work on automation
It is shocking that 185 rules of Dodd-Frank consumed 5,320 pages i.e all 400 rule will take around more than 11,000 pages. I guess, this would be more than the total volume of Federal tax and corporate laws. No matter whether the Dodd-Frank benefits the enterprise or country, it will surely benefit the consultants as was the case in SOX.  

Instead of just the burdening the enterprises from heavy compliance requirements, lawmakers should also design the automation process and guidelines to give the enterprise some relief. 

David Wagner   IT's Burden of Compliance   4/20/2012 2:56:05 PM
Re: Solution to compliance
Funny you should ask that Sara, because I consider putting this in the article, but didn't want to talk about it too much without getting a chance to vet the product or the company. But a company just relseased yesterday a tool designed for Dodd-Frank compliance.

Let it be said that I did not in anyway investigate the product or the company so this should be taken only as an answer to the question that people are starting to address it.
Sara Peters   IT's Burden of Compliance   4/20/2012 2:49:40 PM
Re: Solution to compliance
I agree that automation is key to compliance efforts. I wonder, are any of the GRC (governance, risk, and compliance) tools out there starting to work Dodd-Frank rules into their tools?
David Wagner   IT's Burden of Compliance   4/19/2012 6:28:57 PM
Re: Solution to compliance
@H_H- Well, there are always difficult parts. With 400 new rules, I suspect some of them will be harder than others by definition.

But I would think the way you would automate something like checking that materials don't come from the wrong place is by automating the reporting of your sourcing.

Yes, it is possible that you could design a system that reported purchasing through "clean" companies that really got their materials from "dirty places" but you have to figure that the paper trail will still make it easier to find out if a company has been breaking the rules than no paper trail.
Hospice_Houngbo   IT's Burden of Compliance   4/19/2012 6:20:41 PM
Re: Solution to compliance

 "it is safe in this case."

I see. I was thinking for instance that it will be difficult to automate the tracking of the  conflit minerals from the Democratic Republic of the Congo as suggest by the Dodd-Franck Act. But this may not be impossible as you said.
David Wagner   IT's Burden of Compliance   4/19/2012 5:56:30 PM
Re: Solution to compliance
@H_H- Automation doesn't work for everything but it is especially well suited for compliance which is usually about report generating and making sure the data is kept approprately. Usually, this is about changing business practices to meet IT processes that fit within the new rules.

Particularly with Dodd-Frank which will track transactions (among many other things) automation is the only real way to go. And it is safe in this case.
Hospice_Houngbo   IT's Burden of Compliance   4/19/2012 5:17:13 PM
Solution to compliance
Will the solution to compliance burden then be automation? Of course that it a simpliest way to say it. If the man power upfront investment is eliminated, maybe that would solve most of people concerns. Unfortunatly we cannot expect machines to replace us in everything.

The blogs and comments posted on do not reflect the views of TechWeb,, or its sponsors., TechWeb, and its sponsors do not assume responsibility for any comments, claims, or opinions made by authors and bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.

More Blogs from David Wagner
David Wagner   5/30/2014   21 comments
For almost three and a half years I have had the pleasure and real privilege to write the Geekend for you every Friday. Fortunately, that privilege isn't ending, it is just moving to our ...
David Wagner   5/23/2014   69 comments
Most of us have gone through the pain of losing a beloved pet. Maybe you lived a long and happy life together, and it died peacefully. Maybe it was tragically struck down by a car or a ...
David Wagner   5/22/2014   47 comments
It is a rare thing when you find me advocating for the government to get more involved in regulating technology, but when it comes to the Internet of Things, that is what I'm advocating. ...
David Wagner   5/21/2014   13 comments
E2 has long trumpeted the days when 3D printers would sit on our desks and print prototypes, consumer goods, and even body parts right from our desk, but a new cloud manufacturing company ...
David Wagner   5/16/2014   40 comments
With Disney's success with the Avengers franchise, geeks everywhere are being treated to an outrageously large number of TV shows and movies based on comic book superhero characters. For ...
Latest Archived Broadcast
We talk with Bernard Golden about accelerating application delivery in the cloud.
On-demand Video with Chat
Register for this video discussion to learn how tablets can provide true business usability and productivity.
E2 IT Migration Zones
IT Migration Zone - UK
Why PowerShell Is Important
Reduce the Windows 8 Footprint for VDI
Rethinking Storage Management
IT Migration Zone - FR
SQL Server : 240 To de mémoire flash pour votre data warehouse
Quand Office vient booster les revenus Cloud et Android de Microsoft
Windows Phone : Nokia veut davantage d'applications (et les utilisateurs aussi)
IT Migration Zone - DE
Cloud Computing: Warum Unternehmen trotz NSA auf die „private“ Wolke setzen sollten
Cloud Computing bleibt Wachstumsmarkt – Windows Azure ist Vorreiter
Like Us on Facebook
Twitter Feed
Enterprise Efficiency Twitter Feed
Site Moderators Wanted
Enterprise Efficiency is looking for engaged readers to moderate the message boards on this site. Engage in high-IQ conversations with IT industry leaders; earn kudos and perks. Interested? E-mail:
Dell's Efficiency Modeling Tool
The major problem facing the CIO is how to measure the effectiveness of the IT department. Learn how Dell’s Efficiency Modeling Tool gives the CIO two clear, powerful numbers: Efficiency Quotient and Impact Quotient. These numbers can be transforma¬tive not only to the department, but to the entire enterprise.

Read the full report
The State of Enterprise Efficiency in the Virtual Era: Virtualization – Smart Approaches to Maximize Gains
Virtualization is a presence in nearly all enterprise data centers. But not all companies are using it to its best effect. Learn the common characteristics of success, what barriers companies face, and how to get the most from your efforts.

Read the full report
Informed CIO: Dollars & Sense: Virtual Desktop Infrastructure
Cut through the VDI hype and get the full picture -- including ROI and the impact on your Data Center -- to make an informed decision about your virtual desktop infrastructure deployments.

Read the full report
A Video Case Study – Translational Genomics Research Institute
e2 Video

On the Case
TGen IT: Where We're Going Next

7|11|12   |   08:12   |   10 comments

Now that TGen has broken new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions, the company discusses what will come next for it and for personalized medicine.
On the Case
Better Care Through Better Communications

6|6|12   |   02:24   |   11 comments

The achievements of the TGen/Dell project could improve how all people receive healthcare, because they are creating ways to improve end-to-end communication of medical data.
On the Case
TGen IT: Where We Are Now

5|15|12   |   06:58   |   6 comments

TGen is breaking new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions.
On the Case
TGen IT: Where We Were

4|27|12   |   06:45   |   10 comments

The Translational Genomics Research Institute wanted to save lives, but its efforts were hobbled by immense computing challenges related to collecting, processing, sharing, and storing enormous amounts of data.
On the Case
1,200% Faster

4|18|12   |   02:27   |   12 comments

Through their partnership, Dell and TGen have increased the speed of TGen’s medical research by 1,200 percent.
On the Case
IT May Improve Children's Chances of Survival

4|17|12   |   02:12   |   8 comments

IT is helping medical researchers reach breakthroughs in a way and pace never seen before.
On the Case
Medical Advances in the Cloud

4|10|12   |   1:25   |   5 comments

TGen and Dell are pushing the boundaries of computing, and harnessing the power of the cloud to improve healthcare.
On the Case
TGen: Living the Mission

4|9|12   |   2:25   |   3 comments

TGen's CIO puts the organizational mission at the heart of everything the IT staff does.
On the Case
TGen Speeding Up Biomedical Research to Save More Lives

4|5|12   |   1:59   |   6 comments

The Translational Genomics Research Institute is revamping its computing to improve speed, storage, and collaboration – and, most importantly, to save lives.
On the Case
Computing Power Helping to Save Children's Lives

3|28|12   |   2:13   |   3 comments

The Translational Genomics Institute’s partnership with Dell is enabling them to treat kids with neuroblastoma more quickly and save more lives.
Tom Nolle
The Big Reason to Use Office

3|18|14   |   02:24   |   46 comments

Office and personal productivity tools come in a first-class and coach flavor set, but what makes the difference is primarily little things that most users won't encounter. What's the big issue in using something other than Office, and can you get around it?
E2 Editors
SPONSORED: Mobile Security — A Use Case

3|4|14   |   04:27   |   16 comments

New mobile security solutions can accommodate a wide array of needs, including those of a complex university environment.
Tom Nolle
Killing Net Neutrality Might Save You Money

1|16|14   |   2:13   |   16 comments

The DC Court of Appeals voided most of the Neutrality Order, and whatever it might mean for the Internet overall, it might mean better and cheaper Internet VPNs for businesses.
Tom Nolle
The Internet of Everythinguseful

1|10|14   |   2:18   |   19 comments

We really don't want an "Internet of Everything" but even building an Internet of Everythinguseful means setting some ground rules to insure there's value in the process and that costs and risks are minimized.
Tom Nolle
Maturing Google Chrome

12|30|13   |   2.18   |   25 comments

Google's Chrome OS has a lot of potential value and a lot of recent press, but it still needs something to make it more than a thin client. It needs cloud integration, it needs extended APIs via web services, and it needs to suck it up and support a hard drive.
Sara Peters
No More Cookie-Cutter IT

12|23|13   |   03.58   |   21 comments

Creating the right combination of technology, people, and processes for your IT organization is a lot like baking Christmas cookies.
Sara Peters
Smart Wigs Not a Smart Idea

12|5|13   |   3:01   |   46 comments

Sony is seeking a patent for wigs that contain computing devices.
Tom Nolle
Cloud in the Wild

12|4|13   |   02:23   |   15 comments

On a recent African trip I saw examples of the value of the cloud in developing nations, for educational and community development programs. We could build on this, but not only in developing economies, because these same programs are often under-supported even in first-world countries.
E2 Editors
SPONSORED: Is Malware Evading Your IPS?

11|18|13   |   03:16   |   4 comments

Intrusion prevention software is supposed to detect and block malware intrusions, but clever malware authors can evade your IPS in these five main ways.
Sara Peters
Where Have All the Mentors Gone?

9|27|13   |   3:15   |   38 comments

A good professional mentor can change your life for the better... but where do you find one?
Tom Nolle
SDN Wars & You Could Win

9|17|13   |   2:10   |   5 comments

VMware's debate with Cisco on SDN might finally create a fusion between an SDN view that's all about software and another that's all about network equipment. That would be good for every enterprise considering the cloud and SDN.
Ivan Schneider
The Future of the Smart Watch

9|12|13   |   3:19   |   39 comments

Wearing a bulky, oversized watch is good training for the next phase in wristwatches: the Internet-enabled, connected watch. Why the smartphone-tethered connected watch makes sense, plus Ivan demos an entirely new concept for the "smart watch."
Tom Nolle
Cutting Your Cloud Storage Costs

9|4|13   |   2:06   |   3 comments

Cloud storage costs are determined primarily by the rate at which files are changed and the possibility of concurrent access/update. If you can structure your storage use to optimize these factors you can cut costs, perhaps to zero.
Sara Peters
Do CIOs Need an IT Background?

8|29|13   |   2:11   |   23 comments

Most of the CIOs interviewed in the How to Become a CIO series did not start their careers as IT professionals. So is an IT background essential?
Ivan Schneider
The Internet Loves Birthdays

8|27|13   |   3:25   |   69 comments

The Internet has evolved into a machine for drumming up a chorus of "Happy Birthday" messages, from family, friends, friends of friends who you added on Facebook, random people that you circled on G+, and increasingly, automated bots. Enough already.