PQM DIALOGUE 2025: THE CHALLENGES OF IT COMPLIANCE

Digitalisation and increasing regulatory requirements are presenting companies with ever greater challenges in the area of IT compliance. Compliance with new legal requirements such as the EU-AI Act, the Cyber Resiliance Act or DORA is essential in order to avoid data protection breaches, security risks and high fines. To achieve this, risks, CIP activities and compliance requirements must be linked to operational processes and managed sustainably.

Initiated by the ERP Systems & Business Process Management degree programme, experts from local companies and applied science discussed relevant issues - such as which specific measures help to identify security risks at an early stage and prevent data loss. The discussion also focussed on the problem of how companies can efficiently implement IT compliance processes and anchor them sustainably in their operations, as well as the question of how SMEs can efficiently deal with the ever-increasing number of regulations.

HIGH-CALIBRE SPEAKERS AND LIVELY DISCUSSIONS

After the welcoming address by Prof. (FH) Dr Martin Adam, Head of the ERP Systems & Business Process Management programme, Dr Nico Deistler, holder of the ERP endowed professorship at the Kufstein University of Applied Sciences, kicked off the event with his presentation on IT compliance in SMEs - a method for the adapted use of frameworks. He demonstrated ways of adapting frameworks such as COBIT, ITIL and ISO 27001 so that even small and medium-sized companies can apply them with reasonable effort.

Georg Eder, graduate in business administration, authorised signatory and responsible for digital process compliance at KPMG in Munich, then spoke about the EU AI Act and the handling of artificial intelligence. It became clear that many elements of the new regulation are already mapped in existing frameworks. In the next presentation, Carina Allmann, MA and Eduard Obernauer MA, both working in Risk Assurance at PwC Salzburg, gave an overview of possible forms of cloud services, for example from co-location to SaaS. They emphasised the continued responsibility of the client and the need to establish their own controls - despite outsourcing to third-party providers.

FRESH IMPULSES FROM EXPERTS

After a short networking break, the programme continued with David Winkler, Managing Director of Strong-IT from Innsbruck. Under the motto No more ransom: 10 attack methods and their solution, he gave the participants clear practical examples of how companies can best protect themselves against cyber attacks and how greater resilience can help. Jan-Peter Eberle, Director Risk Assurance, Internal Audit & GRC at PwC Salzburg, followed up with his presentation on the Digital Operational Resilience Act (DORA), a new EU framework for the financial sector. Prof. (FH) Dr Patrick Stoll, CIO of OSG GmbH from Iserlohn, concluded the 23rd PQM Dialogue with the topic of Criminal Consulting for CIO. In a humorous way, he pointed out possible misconduct by IT managers, which is not only dangerous for companies, but could also lead to criminal prosecution for those responsible.

"Every year, the PQM dialogue is the ideal opportunity to exchange ideas with top experts from science and business," says Prof. (FH) Dr Martin Adam. "We are delighted to have attracted such impressive speakers again in 2025 and are already looking forward to the thematic focus we will be setting next year."

Links:

• ERP Systems & Business Process Management | pt

PRESENTATIONS

• Carina Allmann, Eduard Obernauer - Cloud (*PDF)
• Jan Eberle - DORA (*PDF)