Leadership Brief

Working for the Business, not the Auditors

Forward-thinking companies no longer see cybersecurity, governance, compliance and privacy as something they are just forced to do. Instead, a comprehensive alignment with applicable policies, regulations and laws is the basis for consistently and competitively enabling and sustainably operating digital business.

Matthias Reinwarth

mr@kuppingercole.com

1 Executive Summary

An essential, strategic challenge for every organization is the definition of adequate corporate goals. These goals ideally determine the bottom line for every decision and action of the enterprise. Every strategic decision needs to be verified by metering its cost, side effects and targeted results against the effect it has towards the achievement of the overall corporate goals.

Compliance to legal and regulatory requirements, adherence to policies and the fulfilment of necessary, generally applicable or industry-specific standards has often not been considered as part of the corporate goals. They are considered as a “must do”, imposed from outside of the organization.

According to this logic, identified deficiencies, which auditors disclose in the course of a necessary certification represent an additional challenge and an additionally necessary investment.
Consequently, this fosters a reactive culture in companies, which is primarily focused on the short-term tactical goal of satisfying the auditors.

If specific findings are identified, these must be remedied. To this end, tactical measures are taken to solve the current problems. This approach is misguided in many respects: With high personnel and financial expenditure, solutions for the actual elimination of problems that are not integrated into an overall strategy are implemented. It is not difficult to predict that the same thing will happen just a few years later at the next audit and somewhere else. Unplanned and unfocused investments are left behind, and normal operations are hindered or completely inhibited. Finally, fixing audit issues without a sustainable strategy maybe will meet the given audit requirements, but does not at all increase an organization’s security.

Organizations and their leaders need to understand that a change in focus is required. Many organizations have realized that good management and monitoring of their identities, strong cyber security, and full control over all data (not only PII, but intellectual property as well) is a mandatory requirement.

Especially well managed digital identities are boosting the digital transformation. They are a prerequisite for companies to become more competitive and position themselves as differentiators in the market.

If cybersecurity, well-managed digital identities, privacy and governance are strategic business goals, and if measures to achieve them are comprehensively implemented, then checkbox compliance becomes much easier.

This also reflects the changing expectations of the market in general and of individual customers and partners demanding for trusted partners, that are operating sustainably.

These additional goals cover the need of any organization to meet the requirements for executing their business in a cost-effective, sustainable, compliant and agile way. This in turn leads to an improvement of security and governance, a strategic maintenance of business objectives and a consistent focus on the sustainability and resilience of IT and its implemented process landscape.


Full article is available for registered users with free trial access or paid subscription.

Register and read on!

Sign up for the Professional or Specialist Subscription Packages to access the entire body of the KuppingerCole research library consisting of 700+ articles.

I have an account
Log in  
Register your account to start 30 days of free trial access
Register  
Subscribe to become a client
Choose a package