9 common risk management failures and how to avoid them

While companies have been accelerating deployments of workflow procedures and technologies to accommodate their new hybrid workforces, the controls necessary to ensure security, availability, processing integrity, confidentiality and privacy, as well as their documentation, have not kept pace.

“We rapidly pushed everyone to remote work where possible,” said Dan Zitting, CEO at governance, risk and compliance software provider Galvanize, “yet controls around user access and physical security did not change as quickly.”

As a result, many organizations are encountering control failures and compliance issues, leading to risk exposure and security breaches. Controls specified in SOC 2, Sarbanes-Oxley Act and ISO 27001 compliance standards and regulations, for example, changed as workflow processes increasingly became remote-friendly. One year later, companies are struggling to update their documentation to pass these types of security audits.