Nobody ever said following the rules was cheap. In 2005 organizations will spend nearly $15.5 billion on compliance-related activities, according to a study by AMR Research ( www.amrresearch.com ). The amount could grow to $80 billion over the next five years.
Not surprisingly, the largest line item
(for complying with rules ranging from the Sarbanes-Oxley Act of 2002
and Food and Drug Administration regulations to the Health Insurance
Portability and Accountability Act of 1996 and document and record
retention requirements) was internal staff costs. Technology spending
was second; it represented some 42% of HIPAA compliance expenditures.
The most expensive initiative? Sarbanes-Oxley, which eats up 39% of
all compliance spending.
The high costs have caught some companies by surprise. In 2004 almost two-thirds had to pull money from other areas to help fund compliance projects.