Weak point (organization)
Weak points ( English vulnerability , bug ) are the organizational , procedural , personal or systemic deficiencies in organizations ( companies , authorities ) that can impair the intended goals and cause damage .
Ideally, organizations have no weak points and can therefore achieve their objective . However, in a real dynamic environment that is characterized by economic, social and technological changes, organizations must quickly remedy deficiencies that arise. Weak points are organizational deficiencies that are first identified and then remedied with the help of the weak point analysis. A DIN standard puts the weak point in the context of damage or potential damage: "Weak point is a point of damage caused by use or a point suspected of being damaged , which can be changed with technically possible and economically justifiable means so that the frequency and / or extent of damage is reduced ". From a business point of view, it is sufficient if there are insufficiently functioning organizational elements that can be eliminated with reasonable technical and economic effort .
There are primary and secondary deficiencies in an organization that can be traced back to weaknesses:
- Primary deficiencies exist when tasks are not carried out in accordance with the company's objectives, when not all of the tasks required to achieve the objectives are carried out or when tasks are carried out that do not contribute to the achievement of the objective.
- Secondary deficiencies exist if the legitimate concerns of the employees are not taken into account in the organization or if existing resources are not used adequately.
The ISO 27005 ( risk management ) counts in its "Appendix D" typical weak points in companies and divided them according to functional areas of personnel , organization , infrastructure , network , hardware and software . Frequent weak points in companies can therefore be:
- Human resources : insufficient personnel capacities ( understaffing or overcapacity ) are common causes of weaknesses. A not only temporary understaffing leads to overtime and can result in production errors , permanent overcapacities result in idle costs . Personal problems include a lack of work motivation , inadequate qualifications of employees and above-average sick leave . Personnel overstaffing in management ( flat hierarchy ) or production ( lean production ) result in unnecessary labor costs , which as a weak point the income statement charge.
- Structural and process organization : missing or inadequate coordination and / or information between interdependent offices and / or departments can result in wrong decisions , parallel work or damage .
- Process or procedural sequences : the suboptimal coordination of technically interrelated business processes can contribute to job stoppages or even operational disruptions. It is the job of business process optimization to eliminate such deficiencies.
- Production factors : the lack of adjustment or synchronization of production factors leads to bottlenecks or bottlenecks that can result in production stoppages.
Weak points mean the deviation of an organizational element from its ideal state. They can occur in all areas: in the organization , in the workflows and processes , in the personnel , in the infrastructure , in hardware and software , but also in the interaction between internal departments of an organization and external departments. Significant creative weaknesses are deficiencies in information processing, planning and organizational deficiencies, personnel deficiencies, management deficiencies or security gaps of any kind (e.g. security gaps in the software ).
The elimination of weak points is usually accompanied by gains in rationalization . This eliminates operating risks that the profitability would burden. The result of an improved earnings situation is a higher profit with the consequence of better creditworthiness , which can be reflected in an improved rating . Because the task also consists of identifying and eliminating weaknesses in a company's environment in order to achieve the best possible rating by rating agencies .
- DIN 31051: 2003-06
- Wolfgang Lück (Ed.), Lexikon der Betriebswirtschaft , 1983, p. 1030
- Hans Blohm, Organization, Information and Monitoring , 1977, p. 147
- Helmut Wittlage, Organizational Design of Medium-Sized Enterprises , 1996, p. 145
- Heinrich Kersten, Gerhard Klett, Der IT Security Manager , 2015, p. 112
- Helmut Schlicksupp, Innovation, Creativity and Idea Finding , 2004, p. 104
- Peter Preisendörfer, Responsibility in Operation , 1985, p. 24
- Stefan Wehner, On the criminal responsibility of international rating agencies in the context of the European debt crisis , 2015, p. 17