SAMINA RIZWAN, Regional Director,
Oracle Corporation, SAGE West
Apr 21 - 27, 2008

As more and more Pakistani companies participate as suppliers, contractors or customers in the global commercial hub of today's flat world, understanding of and adherence to global compliance norms has become essential for companies of all hues. Compliance to global operating standards makes good business sense too.

Today, irrespective of where a company is based, if it does business on a global scale which a lot of companies based in Pakistan now do they need to understand the best practices and measures for compliance adopted by companies spread across various geographies. It is increasingly becoming essential for them to smoothly and responsibly do business with counterparts worldwide. Whether they are component suppliers to the automobile giants, outsourced partners for retail chains or emerging manufacturers setting up projects overseas, knowledge of global compliance norms is becoming an integral part of their competitive DNA.

While compliance has become a necessity due to mandates such as Sarbanes Oxley, and the corporate governance code of the Securities and Exchange Commission of Pakistan (, it can bring about significant positive organizational changes. For instance, it can boost investor confidence and turn the company into a leaner entity, with more agile business processes and more profitable operations.

To traverse from mere compliance to active corporate performance management, businesses need to focus on strategic goal setting and alignment; planning, budgeting, forecasting and modeling; and operational analytics, reporting and consolidation.

At first instance, the number of compliance requirements of a successful global business may sound overwhelming. However, there are basic similarities between the laws. For instance, all of them require management to be accountable to stakeholders; all require companies to set up a reliable information system for reporting the organization's financial health using international standards and comply with local legislation and good corporate governance practices; and they all require company management to articulate internal controls and manage the risks of financial reporting error and loss.

To meet such variegated yet similar-intentioned compliance requirements, what companies must do is create a culture of compliance. A culture that is pervasive throughout the organization and one that is based on lasting measures rather than stopgap arrangements. And the approach to creating such a culture must be driven top down in an environment where technology tools are treated and used as facilitators rather than inhibitors.

Thinking about compliance strategically, one will find common business requirements across multiple mandates, and there are a number of information technology components that can help address these overlapping needs.


Information is fast emerging as the differentiator for businesses. It is information, culled from an organization's data banks, that is increasingly helping business managers decide where to expand, what business to focus more on and where to increase sales expenditure and where to cut marketing budget among other things.

Information is also as critical to comply by regulatory requirements. Given that the amount of data a company is required to process for meeting the compliance requirements is enormous, companies are putting in place technology and systems that are specifically tailored for such needs. Besides making their corporate governance efforts more efficient and quick, these systems give them a leg up on their competitors who lack such systems and are either slow to respond to market changes or fail to convince their bigger business partners in continuing to do business with them.

However, acquiring, assimilating and utilizing this cornucopia of compliance knowledge to their benefit puts tremendous pressure on the companies' internal information gathering and processing systems. To deal with this, they need to take a comprehensive or unified technology approach rather than view it in an ad hoc manner.

According to a market survey done in the US, it cost a company anywhere between $3.1 million and $16 million in 2004 to comply with SOX.

Quite often, it's the Finance department that looks after the challenges of compliance, but the tougher part of the challenge is in the way technology systems are designed and used.

An Ernst & Young study has found that virtually all the companies surveyed placed significant reliance on controls in some or all parts of their businesses to reduce the risk of inaccurate financial reporting. It becomes obvious, then, that if the systems supporting the company's daily transactions are not controlled properly, the resulting picture of financial performance may get distorted. For instance, companies often operate varying systems to support different parts of the business from Customer Relationship Management (CRM) to financials to manufacturing. Inaccuracies in reporting can result from data that is poorly managed as it passes through these multiple applications.

By unifying IT operations with integrated application suites, an organization can create a compliance-friendly environment that improves control, reduces overall cost and increases the assurance of data quality. A unified technology model also helps a company gain an accurate and timely picture of business data, enabling it to make better decisions and respond faster to change.