How can small-to-medium sized businesses handle more stringent audit and compliance regulations?
A couple big things came out at the last CIO Innovation Insider meetings. It’s coming down stream right now from audit and compliance departments in small-to-medium businesses. I knew this was coming, but I just want you all to be aware of this different strategy and how you can handle audit and compliance.
When I’m talking small-to-medium sized businesses – I’m talking 100 to 2,000 employees. This is where I’m seeing that the audit committee is wanting proof and they are wanting more of a governance style approach to security. This is happening with two companies that I just met with this morning where governance is being required of the IT group.
There are ways to do this, and there are ways to do it successfully
- You have to be able to look at width across the organization – you can’t be Silo-ed.
- You as the CIO are at a disadvantage because you don’t have the same structure that finance has. Finance has the advantage of accounting systems and of everyone knowing what makes up that system. So they have an advantage there.
- You are going to have to communicate in such a way that gives someone the ability to see the health and transparency of your organization without having the advantage of an accounting system.