The benefits and drawbacks of regulatory compliance automation

Regulatory compliance processes can be a huge burden on company resources as mandates and IT threats evolve. To streamline data management and curb costs as they strive for compliance, some businesses have turned to automated processes.

But, while there are definitely potential benefits to compliance automation, these tools are certainly not "set it and forget it" types of solutions. Human input is still needed during the implementation process to ensure that automated tools are working properly and that processes are doing what they should to keep the company compliant with regulations. And of course, even the best automation solutions still have the potential for error, which could result in regulatory compliance violations.

In the latest SearchCompliance #GRCChat, we asked participants their opinions on the business benefits of compliance automation, as well as its potential drawbacks:

Q1 What are the benefits of automating regulatory #compliance #datamanagement processes? #GRCChat #GRC

— SearchCompliance.com (@ITCompliance) July 24, 2014

Many participants agreed that compliance automation was a great way to combine redundant processes, cut down data management costs and even improve governance, risk and compliance (GRC) strategy. Conducting complicated information governance under compliance rules can be difficult, but automated tools may reduce the likelihood of human error.

A1 Automating #compliance potentially reduces data management errors common in manual processes, also centralizes audit info #GRCChat

— Ben Cole (@BenjaminCole11) July 24, 2014

A1 Could also save $ - consolidating several redundant compliance processes streamlines GRC-related data management #GRCChat

— Ben Cole (@BenjaminCole11) July 24, 2014

A1 Less staff needed to run daily #compliance tasks; existing staff can dedicate time to more strategic initiatives. #GRCchat #automation

— RachelTT (@RachelatTT) July 24, 2014

@ITCompliance #grcchat A1: Automation at build time and collection/reporting time can save an awful lot at audit time. (1/2)

— Forvalaka41 (@Forvalaka41) July 24, 2014

@ITCompliance #grcchat A1: Automation can also make planning remediations a lot easier. (2/2)

— Forvalaka41 (@Forvalaka41) July 24, 2014

#GRCChat participants were also quick to point out the potential drawbacks of compliance automation. Companies must ensure the automation tool is properly set up to meet the business' unique regulatory compliance process needs, for example. And despite the automation trend, the human element (and potential for error) will never be completely removed from compliance strategy.

A2 Still must ensure automated controls work properly- w/out thorough implementation strategy automation does no good whatsoever #GRCChat

— Ben Cole (@BenjaminCole11) July 24, 2014

A2 have to make sure automated controls/processes do exactly what is needed- or face the regulatory consequences #GRCChat

— Ben Cole (@BenjaminCole11) July 24, 2014

@ITCompliance #grcchat A2: Having to store data you wouldn't normally store and/or write down rules/algorithms for creating passwords. (1/2)

— Forvalaka41 (@Forvalaka41) July 24, 2014

@ITCompliance #grcchat Q2: A report of IDs with unchanged, default passwords is a hacker's dream come true. Protect GRC outputs! (2/2)

— Forvalaka41 (@Forvalaka41) July 24, 2014

A2 human input still needed in automation as well - and no automation tool is completely infallible either #GRCCHat

— Ben Cole (@BenjaminCole11) July 24, 2014

#GRCChat participants were also asked if any particular regulatory compliance mandates would be better suited to automation than others. The best candidates? Compliance regulations with precise records management processes, which clearly outline how data must be maintained, as well as how long the organization must keep it. 

@ITCompliance #grcchat Q3: Almost anything with prescriptive rules: SOX, PCI, GLBA, HIPPA, etc. Automation also provides benefits (1/2)

— Forvalaka41 (@Forvalaka41) July 24, 2014

@ITCompliance #grcchat Q3: to any framework or maturity model that mandates "repeatable" processes. (2/2)

— Forvalaka41 (@Forvalaka41) July 24, 2014

A3 SOX and other regs targeting finance industry are good candidates- usually require strict, complicated ERM processes #GRCChat

— Ben Cole (@BenjaminCole11) July 24, 2014

A3 #RecordsManagment processes could see some benefits from #compliance #automation -- w/ caution that human oversight still needed #GRCchat

— RachelTT (@RachelatTT) July 24, 2014

What do you think are the potential benefits and associated risks of compliance automation? Join the discussion by adding your two cents here, or by using the #GRCChat hashtag on Twitter.

For more coverage of this month's #GRCChat, follow @ITCompliance on Twitter and read our recaps on how automation is changing regulatory compliance processes.