Value from compliance at first appears to be an oxymoron. To a large extent, there is a sound basis for this view. After all, delivering compliant technology is non-trivial. There is the need for documentation, stringent processes, and audits to ensure compliance to these established processes. These all add up resulting in 20-40% of the overall costs.
Unfortunately, there are no short-cuts. Toolsets, templates and reuse help reduce the overhead burden, but the cost and schedule impact of compliance is felt. Small to Mid-Sized Businesses (SMBs) feel this pinch even more due to lack of established governance practices. In some cases, SMBs may actually forgo compliance entailing significant risks or give lip-service to compliance. These strategies seldom work. A better approach is to accept compliance (like taxes) as a given and get the most out of these expenditures. Adopting these practices and customizing them to match the specific organizations technology environment will significantly reduce risk and improve quality. An example of getting more out of compliance investments is developing process and project metrics. These metrics provide a sound base for planning future IT investments.
Even if an organization adopts compliant practices, older systems may not be compliant. One solution is to train the maintenance team in reverse engineering the system to document the core business rules and risks. This will help develop designs that mitigate the risks and construct validation protocols to verify proper functionality of the system. Reverse engineering is a sound technique to help improve product quality. With the maintenance requirements fluctuating, it also helps optimal use of IT resources.