English   Deutsch   Русский   中文    

Governance automation

What is Compliance Automation?
The right term - the right strategy
by Martin Kuppinger
mk@kuppingercole.com

Before we address Compliance Automation, we should define its position in enterprise environment. In Europe, Compliance is regarded as an important investment booster, even if the pressure arising from possible legal consequences is not comparable with the situation in the USA. But a closer look on what exactly pushes investment makes clear that it is not only Compliance, but the further reaching Governance with all its different aspects such as Compliance (observing legal, official and internal regulations) and Risk Management. This also includes a generally requested transparency, for example to prevent (legally quite relevant) corruption or simply to control enterprise risks adequately. With all these aspects in mind we easily realize at this point, that the issue of Compliance Automation is a comprehensive one, requiring quite a bit of preliminary work.

The efforts made in connection with Governance, Risk Management and Compliance aiming at building up defined processes and a system-supported management of these requirements do cost money. But they also come up with important benefits. Apart from the above mentioned aspects, these benefits include (inevitably) generated information with regard to process optimization – meaning both efficiency and process quality.

We cannot cope with the challenges of Governance and its subordinate aspects Risk Management and Compliance without automation. In branches requiring tough regulations such as banks and pharmaceutical enterprises, system-supported Compliance Management is already standard. In most of the other branches, we so far rather find a patchwork scenario consisting of different tools supporting automation. Among auditing solutions, automated configuration management and role-based access control, these include for example document management systems as well.

With a view to these tools we might use the term “Governance Automation” – but unfortunately, the mere accumulation of tools without tight integration is not able to cope with these tasks, because the overall transparency is missing. Some time ago, I set up a list of 10 requirements relating to Compliance. They make clear that a couple of isolated tools for specific tasks are not able to do the whole job. What we need are standardized cross-system approaches, which, on the one hand, must allow business requirements such as specific Compliance regulations to be transformed into IT requirements in a standardized way. On the other hand, it must be possible to aggregate and process relevant data such as audit data and events from varying systems. This includes warnings in case of deviations as well as dashboards for the top management allowing a status survey.

To my opinion, the challenges facing us with Governance Automation are connected to four different areas:

  • There is a lack of processes between the company management/board of directors, audit, law, controlling and finances department as well as other business areas on the one hand and IT on the other hand
  • There is a lack of standards for the description of business requirements and their definition as IT requirements
  • There is a lack of standards for regulations which can be used to control existing IT systems
  • There is a lack of audit standards which could help to process and aggregate information from unequal systems

To conclude, Governance Automation can be described as processes, standards and integrated IT systems aiming at a consistent approach to meet Governance demands across differing IT systems as well as result analysis. Governance Automation implies the task of developing a consistent concept from existing individual solutions, thus allowing a cross-system control and analysis of Governance, including all its different aspects.

Created: 29.06.07, modified: 11.10.07

top
KuppingerCole Select
Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.
Register now
Spotlight
Cyber Security
The reality is, regardless of size and product, your company can and will be attacked. If you are “cyber boring” you will be attacked so that the attackers can use your IT systems as a launchpad for another target. Know your attackers so you can start planning on how to best defend your organisation.
KuppingerCole Services
KuppingerCole offers clients a wide range of reports, consulting options and events enabling aimed at providing companies and organizations with a clear understanding of both technology and markets, enabling them to fine-tune their own strategies and projects avoid costly mistakes in choosing vendors and solutions.
Links
 KuppingerCole News

 KuppingerCole on Facebook

 KuppingerCole on Twitter

 KuppingerCole on Google+

 KuppingerCole on YouTube

 KuppingerCole at LinkedIn

 Our group at LinkedIn

 Our group at Xing

 GenericIAM
Imprint       General Terms and Conditions       Terms of Use       Privacy policy
© 2003-2014 KuppingerCole