Compliance is a common theme heard in nearly every boardroom today. Determining whether business processes comply with the Health Insurance Portability and Accountability Act, Graham-Leach-Bliley, Sarbanes-Oxley or other regulatory demands imposes enormous cost.

For years, the impact of compliance on information technology has been projected. In early 2005, as the Sarbox Section 404 deadlines began to kick in, Qualcomm reported 67,000 man hours and over $7 million to achieve compliance.

Bernie Donnelly, vice-president of quality assurance and control at the Philadelphia Stock Exchange explains how execution of financial compliance is a function of information technology: “When [Sarbanes-Oxley] first came out, everybody was thinking about finances and the accuracy of year-end reports. But it starts to take on a life of its own. Because when you ask that one question-’Is this number accurate?’ - then you have to ensure its accuracy. On the IT side, all these other things have to happen to answer that one question.”

In the case of Sarbanes-Oxley, cost assessment metrics are emerging. In the InformationWeek article “Sarbox Isn’t Just for the Big Guys” the accepted rule of thumb for Sarbanes-Oxley compliance is $1 million for every $1 billion in revenue.

Smaller companies face these costs, too. Often, as a supplier to a public company bound to offer transparency about dealings with vendors, smaller businesses find themselves in the ripple effect of regulatory compliance.

A PricewaterhouseCoopers survey of CEOs reports the bad news that most companies consider the benefits of compliance efforts unlikely to match these costs. Given the high adoption rate of smaller, private companies to regulatory compliance concerns and the known lack of ROI on these efforts, seasoned technology executives are looking to early software quality as an opportunity to achieve their corporate financial goals.

In the Stelligent whitepaper “The Business Case for Engineered Software Quality” the benefits of improved quality — especially early in the development lifecycle — are documented. Countering the explicit costs of regulatory compliance with the intrinsic benefits of improved quality yields a compelling financial argument for technology executives to contemplate.

The information technology component of compliance is ultimately about making sure the processes that collect, manipulate and maintain data all work as expected. There is great overlap between this mission and the mission of early software quality.

Early software quality has its own established business case. Regulatory compliance fails to meet ROI evaluations, but is required by government entities or strategic business pressures.

By creating a strategy that couples the two initiatives, savvy technology executives can leverage the huge savings of early quality techniques to absorb the costs of required compliance.