Compliance is often a journey filled with angst, IT directors tell me.
"The whole business of choosing the best way to manage identities, access and security gives me a pain," said another. He also mentioned the pain was not in his head, but in a lower part of his anatomy.
Never-the-less, in today's economy, managing security and risk is top priority.
There is a collective rush, says one local contact, for companies to meet regulatory compliance deadlines.
There seems to be shortsighted focus on immediate regulatory requirements -- such as Sarbanes-Oxley -- when what is needed is to take a long-term view of all the required compliance demands further along the road.
For example, January 2008 was the date required by Bank Negara Malaysia for the first phase of the banking industry's Base II compliance.
Unfortunately, the messages coming to me are that Malaysian companies have not quite managed the first step - making out business cases that would bring in funds for required changes to IT setups.
Build the right infrastructure
One analyst told me that the average organisation has more than 80 per cent of its IT budget tied up in maintenance costs.
The main culprit for causing this high proportion is the result of reliance on legacy systems. Flexibility is the missing ingredient, said the analyst.
"The best run companies use IT for competitive advantage as well as streamlined cost control," he said.
It seems that to take the pain out of compliance, you need to look far ahead, make the case for investment at the top level in your organisation, and be transparent about implementation plans.
Business structure should guide the design and building of the right IT infrastructure, said one US company representative here in Malaysia.
"Unless you have business and IT aligned, you can get security and compliance violations that could lead to disaster," she warned. Sound advice.
AvantiKumar is the Malaysia correspondent for Fairfax tech brands and deputy editor of Computerworld Malaysia.
Sign up for CIO Asia eNewsletters.