Non-compliance is a costly business: easily calculate your avoidable costs
In our recent articles about the cost of compliance, we’ve been looking at how increasing compliance requirements are continuing to drive a corresponding increase in compliance costs.
Compliance functions within organisations are therefore seeking to look to technology for solutions to help enable compliance at scale.
But, as noted, tools can seem expensive, and organisations need a thoughtful, defensible business case to support procuring regulatory technology.
Kainos’ Nick Stone, a former Auditor of over 20 years, looks at how you can articulate tech as an investment, not simply a cost - and introduces a simple calculator tool to work out how much you could be saving and/or avoiding in non-compliance costs each year.
Calculating the cost of non-compliance
To evaluate the potential benefit of compliance technology, organizations naturally compare costs of compliance with the impact of non-compliance.
But the cost of non-compliance is unknown and can only be approximated via regulatory trends, lessons learned and perceived control maturity.
At Kainos we’ve created an ROI Calculator to provide a first step to calculating the impact of compliance risk.
The calculator is designed to tally up a realistic benefit related to avoided costs of non-compliance and related cost savings. Only costs that can be supported and reasonably defended are factored into the calculation.
Let’s look at some of the costs that are covered:
Fines: This relates to prevailing data privacy regulations such as GDPR and Protected Health Information (PHI). Regulatory fines and disgorgements such as SEC, OCC and FINRA are not presented since they are relatively rare.
Costs of control deficiencies: These costs reflect the time and fees incurred to validate, manage, audit, remediate and communicate internal control deficiencies irrespective of significance.
Fraud loss: Universal ACFE metrics are used, but are applied very conservatively.
Audit fees: Organizations that automate at least 25% of their internal controls paid at least 25% lower audit fees on average. The calculator approach models a certain level of expected control automation through application of compliance technology.
Internal audit: This represents the opportunity to decrease effort associated with internal audits by allowing auditors to rely on automated compliance processes. This factor can also be used to model efficiencies in audit support activities incurred by management.
Streamlined Audit Process: Increased compliance requirements also mean an increased audit burden. By using compliance technology, organizations can decrease the amount of audit preparation and support effort required to respond to recurring audit requests. If implemented well, compliance technology can even be relied upon by audit teams. Reliance means that auditors use the control processes executed by management to meet their audit objectives – and that means significantly less audit disruption.
Workday Administrator Productivity: Workday administrators are generally responsible for executing key internal controls over Workday. Most of these controls over security, configuration control, segregation of duties and privacy are manual, time intensive and prone to error. Using automation can help Workday administration teams perform better controls in significantly less time.
Simply fill out a few questions about your risk and compliance landscape, and you will instantly find out how much you could be saving and avoiding in non-compliance costs annually.
Understanding these costs is a critical first step in helping you to define a business case for compliance tech - and demonstrate the return on your investment into automated auditing solutions.
Why not try it for yourself?