As more and more businesses have moved their operations to support remote access by their employees in response to the COVID-19 pandemic, one very important area that has been impacted is governance, risk, and compliance (GRC). The threats companies are now dealing with vary in many ways from those they faced only a few months ago, but they are still threats.
To Adapt or Not to Adapt - Is it Even a Question?
Businesses can take meaningful steps now to adapt. In fact, the pandemic—if there is a silver lining to it—can be viewed as an opportunity to accelerate a company’s adoption of better security from both an IT and an audit perspective.
From the IT systems perspective, the focus centers on security and access. While this has always been a concern of IT, once businesses moved away from on-premises to remote access to their systems, there has been an increase in penetration and hacking activity. The inherent risk to applications connected to the internet has forced businesses to monitor who is accessing their business systems and what these individuals are doing with that access.
This shift has caused businesses to become more focused on Privileged Access Management (PAM), which involves recording the interactions and activities of someone who has access to something that is privileged. Boards and company management teams are, by necessity, paying more attention to PAM and taking steps to mitigate the risk, such as implementing software solutions (like Fastpath) to automatically monitor IT systems for security and compliance events.
The Impact on Audits and Automated Tools
From the audit perspective, the COVID-19 pandemic has forced businesses to accelerate their adoption of automated audit tools.
In the past, businesses were reluctant to automate these tasks, largely because they can depend on the accuracy of results based on “the way it has always been done,” and they would prefer trust in the information rather than efficiency. But now, looking at the audit space of GRC, businesses are wanting to automate audit-related tasks such as access certifications and identity provisioning.
Audit and IT security are often underfunded because it is difficult for organizations to fund something they cannot see. Audit costs are not typically seen as strategic spending, rather, they’re usually viewed as a cost center.
Too often, when risk management and compliance professionals talk about their area of responsibility, they use insider language. To gain traction, they must learn to speak in terms and concepts that speak to the organization’s values and how the tools and strategies they are proposing will result in tangible business benefits. In other words, don’t fall into the habit that gets software companies into trouble—stating the case in the context of “features” rather than benefits”.
Now is an opportunity for risk management professionals to insert themselves into the conversation and talk about the strategic goals for the company as a whole. Download our free eBook, Automated Access Controls Across Multiple Business Systems, to find out how Fastpath can help your company increase ROI and reduce internal fraud, SoD risk, and compliance violations.