Welcome!

SOA & WOA Authors: Imran Akbar, Sharon Barkai, Elizabeth White, Michael Bushong, Pat Romanski

Related Topics: Java, SOA & WOA

Java: Article

Compliance Issues Represent Pieces of a Puzzle

IBM's Rational Focuses on Business-Driven Development

Imagine trying to solve a puzzle without being certain what the end result should look like, much less how the pieces fit together. Now imagine trying to build the puzzle pieces themselves. Bit of a challenge? To say the least! But this is exactly the situation facing many business and IT executives when it comes to complying with the increasing number of standards and regulations in their industries today.

Why the recent surge of interest in regulatory and standards compliance? With the health and welfare of their citizens and local businesses in mind, global governments are requiring more accountability from organizations that do business within or across their borders. Since 1999, new legislation has passed in the United States that subjects business, IT, and even the software development process itself to audits. Some of the better known legislative acts, such as Sarbanes-Oxley, Basel II and the Health Insurance Portability & Accountability Act (HIPAA), have placed financial services and health care providers directly in the spotlight. These industries are spending money on ensuring compliance, but with mixed results so far. In the United States, for example, an estimated $2.5 billion will be spent annually by Fortune 1000 companies on compliance-related projects.

It doesn’t help that compliance requirements are often a puzzle in and of themselves. They are mandatory, but the steps to achieve compliance are not always outlined. In section 404 of the Sarbanes-Oxley act, for example, it says a company must have “good controls,” but it doesn’t clearly state what they are or how to achieve that. Regulatory requirements are also ever-changing, yet businesses are required to constantly demonstrate compliance. So for many businesses, well intended compliance requirements involve risk without clear guidelines for managing that risk.

Complying with regulations and standards is all about encapsulating business processes. It’s about clarifying and formalizing the way you do business – everything from taking an order to preparing goods for shipment, shipping and taking payment, and then allowing for scenarios like credit returns, faulty products or discounting – and appropriately recording that information.

Many companies have automated these processes by buying off-the-shelf IT packages and customizing them or, in many cases, by building their own custom-made applications. In either case, the modifications or new applications introduce yet another dimension to the puzzle: new pieces that must be shown to fit. This is the stage where compliance can become an even greater challenge.

In custom systems there can be a lot of people working on the development of the applications and errors can creep in, things can change. To withstand an audit – whether internal or external – a business has to be able to prove that the software system it has said it was going to build is the one it actually built, and that the software it built is the one it ultimately deployed – two separate processes. In essence, to achieve true compliance, businesses must be able to demonstrate the reliability and accuracy of any business process and show transparency throughout their development process.

It’s possible to demonstrate business process reliability and accuracy and have a transparent development process by manually compiling information at the time of an audit, but as you might imagine there is a high degree of overhead and risk associated with this reactive approach. There is a direct cost as well as the staff distraction and lost opportunity costs.

Establishing an effective governance framework for software delivery, what IBM Rational Software calls “Business Driven Development,” is a better choice. IBM Rational’s Software Development Platform provides guidance to customers with regard to best practices in developing software. Rational’s portfolio, requirements, testing, and software configuration management products provide a wide range of tools that capture information about what’s going on and what changes were made, what tests were done, what the design documents were and so on. It’s an ongoing process, so businesses can continuously capture information and maintain compliance. Using Rational’s automated workflow system for software delivery, a number of people in various locations can sign off on changes and allocate work.  Instead of one hour per day spent on compliance issues, an hour-long conference call per week may be all that is required.

As an example, various companies in the financial services industry have chosen to work with IBM Rational to strengthen their testing and requirements practices to improve traceability and compliance with regulations like Sarbanes-Oxley. One such customer, a leading provider of data processing and information management services solutions, replaced a competitive testing solution with tools from Rational to improve its application testing processes, resulting in streamlined IT governance and regulatory compliance capabilities.   

Aside from the assurance that comes from knowing the business is compliant, organizations can benefit from reduced risk and lowered costs in the long-term, improved infrastructure and project ownership, as well as better governance and understanding of business processes. With the right software delivery governance framework in place, the regulatory and standards compliance puzzle will look a lot more solvable.  

More Stories By Roger Oberg

Roger Oberg leads IBM Rational’s marketing team, including Rational’s strategy and planning, product and solution marketing, technical marketing, marketing programs, marketing operations and business partner marketing efforts.

Prior to joining IBM as director of market management in February 2003, when IBM acquired Rational Software, Roger was Rational's vice president of product marketing. He was vice president and general manager, visual modeling products from 1999 until 2002 and vice president and general manager, requirements management products from 1997 to 1999, overseeing 100%+ growth in both businesses. Roger joined Rational when Requisite Software was acquired in 1997, where he was vice president, marketing and sales. He was executive director for AIN at USWest, held vice president of engineering and marketing positions at XVT Software before that and spent nearly 10 years in sales, sales training, sales management and marketing positions for NBI, an office automation software and systems company. He has also served on the boards of two start-up software companies.

Comments (1) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Most Recent Comments
JDJ News Desk 08/09/06 12:29:42 PM EDT

Imagine trying to solve a puzzle without being certain what the end result should look like, much less how the pieces fit together. Now imagine trying to build the puzzle pieces themselves. Bit of a challenge? To say the least! But this is exactly the situation facing many business and IT executives when it comes to complying with the increasing number of standards and regulations in their industries today.