English   Deutsch   Русский   中文    

Governance automation

What is Compliance Automation?
The right term - the right strategy
by Martin Kuppinger
mk@kuppingercole.com

Before we address Compliance Automation, we should define its position in enterprise environment. In Europe, Compliance is regarded as an important investment booster, even if the pressure arising from possible legal consequences is not comparable with the situation in the USA. But a closer look on what exactly pushes investment makes clear that it is not only Compliance, but the further reaching Governance with all its different aspects such as Compliance (observing legal, official and internal regulations) and Risk Management. This also includes a generally requested transparency, for example to prevent (legally quite relevant) corruption or simply to control enterprise risks adequately. With all these aspects in mind we easily realize at this point, that the issue of Compliance Automation is a comprehensive one, requiring quite a bit of preliminary work.

The efforts made in connection with Governance, Risk Management and Compliance aiming at building up defined processes and a system-supported management of these requirements do cost money. But they also come up with important benefits. Apart from the above mentioned aspects, these benefits include (inevitably) generated information with regard to process optimization – meaning both efficiency and process quality.

We cannot cope with the challenges of Governance and its subordinate aspects Risk Management and Compliance without automation. In branches requiring tough regulations such as banks and pharmaceutical enterprises, system-supported Compliance Management is already standard. In most of the other branches, we so far rather find a patchwork scenario consisting of different tools supporting automation. Among auditing solutions, automated configuration management and role-based access control, these include for example document management systems as well.

With a view to these tools we might use the term “Governance Automation” – but unfortunately, the mere accumulation of tools without tight integration is not able to cope with these tasks, because the overall transparency is missing. Some time ago, I set up a list of 10 requirements relating to Compliance. They make clear that a couple of isolated tools for specific tasks are not able to do the whole job. What we need are standardized cross-system approaches, which, on the one hand, must allow business requirements such as specific Compliance regulations to be transformed into IT requirements in a standardized way. On the other hand, it must be possible to aggregate and process relevant data such as audit data and events from varying systems. This includes warnings in case of deviations as well as dashboards for the top management allowing a status survey.

To my opinion, the challenges facing us with Governance Automation are connected to four different areas:

  • There is a lack of processes between the company management/board of directors, audit, law, controlling and finances department as well as other business areas on the one hand and IT on the other hand
  • There is a lack of standards for the description of business requirements and their definition as IT requirements
  • There is a lack of standards for regulations which can be used to control existing IT systems
  • There is a lack of audit standards which could help to process and aggregate information from unequal systems

To conclude, Governance Automation can be described as processes, standards and integrated IT systems aiming at a consistent approach to meet Governance demands across differing IT systems as well as result analysis. Governance Automation implies the task of developing a consistent concept from existing individual solutions, thus allowing a cross-system control and analysis of Governance, including all its different aspects.

Created: 29.06.07, modified: 11.10.07

top
KuppingerCole Select
Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.
Register now
Spotlight
Connected Enterprise
The digitalization of businesses has created an imperative for change that cannot be resisted. IT has to support fundamental organizational change. IT must become a business enabler, rather than obstructing change. The new ABC is simple: Agile Businesses – Connected to their customers, partners and associates.
Business Agility and Information Security for your Extended Enterprise
KC EXTEND shows how the integration of new external partners and clients in your IAM can be done while at the same time the support of the operational business is ensured.
Links
 KuppingerCole News

 KuppingerCole on Facebook

 KuppingerCole on Twitter

 KuppingerCole on Google+

 KuppingerCole on YouTube

 KuppingerCole at LinkedIn

 Our group at LinkedIn

 Our group at Xing

 GenericIAM
Imprint       General Terms and Conditions       Terms of Use       Privacy policy
© 2003-2014 KuppingerCole