Weak point (organization)

from Wikipedia, the free encyclopedia

Weak points ( English vulnerability , bug ) are the organizational , procedural , personal or systemic deficiencies in organizations ( companies , authorities ) that can impair the intended goals and cause damage .


Ideally, organizations have no weak points and can therefore achieve their objective . However, in a real dynamic environment that is characterized by economic, social and technological changes, organizations must quickly remedy deficiencies that arise. Weak points are organizational deficiencies that are first identified and then remedied with the help of the weak point analysis. A DIN standard puts the weak point in the context of damage or potential damage: "Weak point is a point of damage caused by use or a point suspected of being damaged , which can be changed with technically possible and economically justifiable means so that the frequency and / or extent of damage is reduced ". From a business point of view, it is sufficient if there are insufficiently functioning organizational elements that can be eliminated with reasonable technical and economic effort .


There are primary and secondary deficiencies in an organization that can be traced back to weaknesses:

  • Primary deficiencies exist when tasks are not carried out in accordance with the company's objectives, when not all of the tasks required to achieve the objectives are carried out or when tasks are carried out that do not contribute to the achievement of the objective.
  • Secondary deficiencies exist if the legitimate concerns of the employees are not taken into account in the organization or if existing resources are not used adequately.

Primary and secondary deficiencies can either lead to a (surmountable) obstacle to work ( “job stopper” ) or, in extreme cases, to an operational disruption with loss of production.

The ISO 27005 ( risk management ) counts in its "Appendix D" typical weak points in companies and divided them according to functional areas of personnel , organization , infrastructure , network , hardware and software . Frequent weak points in companies can therefore be:

A weak point can be a single agency , but also an entire business area within a divisional organization .


Weak points mean the deviation of an organizational element from its ideal state. They can occur in all areas: in the organization , in the workflows and processes , in the personnel , in the infrastructure , in hardware and software , but also in the interaction between internal departments of an organization and external departments. Significant creative weaknesses are deficiencies in information processing, planning and organizational deficiencies, personnel deficiencies, management deficiencies or security gaps of any kind (e.g. security gaps in the software ).

The detection of weak points is the responsibility of the departments responsible for this ( organization , process analysis and revision ), but also of every employee ( questionnaire ).


The elimination of weak points is usually accompanied by gains in rationalization . This eliminates operating risks that the profitability would burden. The result of an improved earnings situation is a higher profit with the consequence of better creditworthiness , which can be reflected in an improved rating . Because the task also consists of identifying and eliminating weaknesses in a company's environment in order to achieve the best possible rating by rating agencies .

Web links

Wiktionary: weak point  - explanations of meanings, word origins, synonyms, translations

Individual evidence

  1. DIN 31051: 2003-06
  2. Wolfgang Lück (Ed.), Lexikon der Betriebswirtschaft , 1983, p. 1030
  3. Hans Blohm, Organization, Information and Monitoring , 1977, p. 147
  4. ^ Helmut Wittlage, Organizational Design of Medium-Sized Enterprises , 1996, p. 145
  5. Heinrich Kersten, Gerhard Klett, Der IT Security Manager , 2015, p. 112
  6. Helmut Schlicksupp, Innovation, Creativity and Idea Finding , 2004, p. 104
  7. Peter Preisendörfer, Responsibility in Operation , 1985, p. 24
  8. Stefan Wehner, On the criminal responsibility of international rating agencies in the context of the European debt crisis , 2015, p. 17