The list of corporate compliance laws is long and growing: Sarbanes-Oxley, Basel II, SEC Rule 17a, the U.K. Data Protection Act, the European Access Control Directive and others.

The underlying functions required by all these laws are the same. Therefore, it makes no sense to separate processes and acquire separate software packages for each one. This approach is self-defeating almost by definition, because it hampers efforts to create an integrated system for real-time monitoring, altering and proactive responsiveness.

Instead, what's required is a single framework for all compliance regulations that enable the user to:

-Identify processes—known as "control points" in Sarbanes-Oxely—to provide reasonable assurance that business objectives are being met and required information is disclosed.

-Monitor control points based on a set of rules. Implement portfolio management to track the compliance analysis and documentation process .

-Test repeatedly to makes sure everything is working the way it is supposed to and (for Sarbanes-Oxley) report any non-compliance to "the street" within 48 hours.

-Keep records of testing.

-Respond to audit requests for specific tests with unimpeachable results.