In order to conduct business in today's global economy, organizations have to comply with country-specific regulations and adapt when existing regulations change or are interpreted differently over time, said the report.
Nearly 45 percent of the companies surveyed reported an increase in the time and monetary resources required to ensure compliance with 13 regulations and industry standards found in countries around the world.
The study surveyed nearly 575 IT directors or above from large and mid-sized enterprises representing companies headquartered in North America, Europe, Asia Pacific and Central and South America.
The study revealed that the shifting nature of regulations is a factor in the escalating costs. Fifty five percent of Asia Pacific organizations (where J-SOX was recently enacted), as well as 41 percent of North American and 40 percent of European organizations, have reported the introduction of new regulations as a reason for increasing compliance expenses.
Changes to existing regulations were also reported to be a factor by 39 percent of Asia Pacific businesses, and by 49 percent of North American and Central/South American organizations, and by 34 percent of European organizations.
Manual processes, more work
The study also showed that most of the respondents relied on manual processes to achieve compliance, although manual processes and a lack of centralized control are contributing to spiralling costs in an increasingly regulated environment.
More than two-thirds of the companies surveyed reported that they maintained information about the status of their IT compliance controls in multiple spreadsheets and often within different organizational units.
More than 75 percent of respondents said that the operation, testing, monitoring and reporting of IT controls were at best a combination of automated and manual processes.
"This survey verifies what we regularly hear from customers -- that compliance remains a big challenge for them in both direct cost and impact to business processes, and the issue grows with every regulatory change or addition," Lina Liberti, Vice President, CA Security Management, said. "Automation of compliance processes and centralization of controls is a key ingredient for how businesses can bring efficiency to their compliance processes."
Of the 13 common standards and regulations evaluated, the study showed that Sarbanes-Oxley Act of 2002 (SOX) had the biggest impact on cost, IT and the overall business. SOX was followed in cost by CLERP-9, an Australian corporate accountability regulation, and in impact on the IT organization by Basel II, a global standard that governs the capital adequacy of international banks.