While COVID-19 was a tectonic shift for businesses, compliance programs were largely unimpacted, according to a report by A-LIGN. In fact, cybersecurity teams have compelling opportunities to consolidate audit operations and leverage technology to accelerate the compliance process.
“As new threats evolved to take advantage of the pandemic, the need for companies to demonstrate they were protecting the data entrusted to them was as important as ever,” said Patrick Sullivan, author of the report and Director of Customer Success at A-LIGN.
“This report confirms how critical SOC 2, ISO 27001, and other attestations are to business relationships, while also revealing some significant ways organizations can save time and resources when conducting them.”
- Companies have experienced minimal disruptions to their compliance programs during the pandemic. 85% of companies completed their audits as planned or with an extension, and 60% had no change to audit timing. Additionally, 71% continued with their audits and assessments remotely instead of in-person.
- Organizations conduct multiple audits as disjointed, redundant projects. 85% of respondents conduct more than one audit a year, yet only 14% consolidate audits into a single annual event. Consolidation is weakest in healthcare (only 6%) and highest among technology companies (still remarkably low at 26%).
- Compliance helps win new business. The survey found that although there were many different drivers of compliance projects, 64% have found a common benefit from conducting audits: winning new business.
- Audit automation isn’t automatic yet. Only 25% of respondents stated that they are using a software solution to prepare for audits and assessments such as an automated security, compliance, or governance risk compliance (GRC) solution.
Streamlining audit programs
Although companies experienced minimal disruptions to their compliance programs in the last year, they had opportunities to streamline their audit programs to make audits more efficient and strategic:
- Create a master audit plan. Organizations should consolidate audits and auditors into a master audit plan, making the process a single annual event. For organizations pursuing multiple audits, it’s likely that much of the data and evidence will overlap. Working with different auditors across multiple audits can also lead to inefficiencies, added costs, and disparate processes.
- Establish strong communication and collaboration. Organizations can make auditing easier by building a clear process, defining roles, and coordinating communication.
- Invest in technology for efficiency. Technology remains a significant opportunity for saving time, effort, and money. With technology that includes workflow management and collaboration tools organizations can put in place processes to accelerate their audit and complete it smoothly.