• About
  • Subscribe
  • Contact
Tuesday, August 5, 2025
    Login
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
No Result
View All Result
Home Technology Business Applications & Databases

PodChats for FutureCIO: Strategies for LCNC audit workflow builders in 2026

Allan Tan by Allan Tan
August 5, 2025
PodChats for FutureCIO: Strategies for LCNC audit workflow builders in 2026

PodChats for FutureCIO: Strategies for LCNC audit workflow builders in 2026

In 2025, the Asia-Pacific region witnessed a pivotal shift in the adoption of low-code/no-code (LCNC) solutions. No longer seen as mere prototyping tools, low-code platforms have become the backbone of digital transformation across industries.

Gartner predicts that by 2026, developers outside formal IT departments will account for at least 80% of the user base for low-code development tools.

While citizen developers boost agility, decentralised creation brings new risks in the form of shadow IT, fragmented systems, data silo sprawl, and data exposure, as well as compliance gaps.

Relentless digitisation pressures and a chronic shortage of skilled developers drive this trend. IDC predicts that 25% of APAC enterprises now prioritise integrating AI with low-code platforms, using them to modernise legacy systems before layering on intelligent automation.

As Leonard Tan, regional director for OutSystems in Singapore, Malaysia, Brunei, and Greater China, observes: "The synergy lies in using low-code first to automate and streamline processes, creating the foundation for smarter AI adoption."

Sectors such as maritime, logistics, real estate, and government are leading the charge, deploying audit workflow builders to digitise compliance cycles, risk assessments, and internal controls.

What was once managed via spreadsheets and siloed tools is now being reimagined as dynamic, scalable applications — built not just by IT, but by domain experts with deep procedural knowledge.

Democratising audit with visual design

Leonard Tan

"Low-code audit workflow builders use visual platforms to design, automate, and scale audit, risk, and compliance processes without needing deep coding expertise." Leonard Tan

These builders are visual development environments that empower audit professionals to model, automate, and manage end-to-end compliance processes, eliminating the need for hand-coding and enabling legal, risk, and compliance teams to co-design workflows with IT.

In Asia, many organisations still rely on legacy systems or disconnected spreadsheets, resulting in fragmented and error-prone audit trails. "The challenge is compounded by limited in-house resources and fragmented vendor solutions," says Tan.

Low-code platforms address this by allowing subject matter experts—such as legal officers or internal auditors—to collaborate directly with IT, ensuring workflows align with real-world governance requirements.

Equipped with enterprise-grade features like role-based access, integration controls, and secure data handling, these platforms enable audit teams to deploy custom applications rapidly—from risk registers to control testing trackers—without accumulating technical debt.

"It's a more future-proof approach," Tan adds.

Governance embedded in the platform

"Strong governance becomes critical, especially when workflows are created outside central IT." Leonard Tan

As citizen development scales, so do the risks: shadow IT, data silos, and non-compliant processes. Tan argues that the solution lies in a platform-first governance model, where controls are embedded into the development environment from the outset.

"Governance is embedded directly into the platform itself from day one," he explains. Key mechanisms include role-based access controls to restrict sensitive modifications, version control for full audit trails, lifecycle management for reviewing, updating, and retiring workflows, and data integration standards to prevent siloed systems.

This approach aligns technology, process, and people, replacing reactive policy enforcement with automated safeguards. "Embedding these safeguards ensures decentralised development can happen securely and sustainably," confirms Tan.

Compliance across fragmented regulations

"Many companies choose to deploy the platform in their environment to isolate data in line with regulations like GDPR or PDPA." Leonard Tan

Asia's regulatory landscape is complex, with the PDPA in Singapore, PIPL in China, and PDPA in Thailand, as well as evolving frameworks in Indonesia and India, requiring low-code platforms to support multi-jurisdictional compliance. Tan highlights two key strategies: infrastructure flexibility and inherent platform controls. Organisations can deploy platforms on-premises or in private clouds to meet data residency requirements. Platforms like OutSystems, which are SOC 2 attested, provide built-in safeguards for data lifecycle management and access control.

"It's not one-size-fits-all, but the flexibility allows alignment with internal controls and security standards," Tan notes. This hybrid compliance model ensures audit workflows remain compliant whether processing financial data in Shanghai or personal records in Kuala Lumpur.

Oversight through central platform ownership

"Oversight must sit with a platform owner from IT... to maintain a single source of truth," posits Tan.

With workflows developed across departments, maintaining an up-to-date inventory is crucial. The solution lies in reusability and microservices, designed by default. Shared modules — such as CRM or ERP integrations — become standard components, ensuring that every workflow built on them inherits consistency, security, and traceability. "Using microservices ensures scalability and visibility," says Tan.

Low-code platforms provide automated version control, audit logging, and change tracking, allowing for a live, searchable inventory without relying on manual reporting. However, Tan stresses that ownership must rest with IT. "A platform owner from IT ensures governance, avoids shadow IT, and maintains a single source of truth for compliance."

This model supports decentralised innovation while upholding central oversight — a balance essential for audit readiness and organisational control.

Orchestration layer for enterprise systems

"Low-code platforms sit at the orchestration layer, connecting systems and users while ensuring consistency, compliance, and rapid delivery." Leonard Tan

Integration remains a significant challenge, as audit workflows must pull data from core systems, such as ERP (e.g., SAP) and GRC, as well as data lakes (e.g., Azure), and then deliver reports through BI tools like Power BI.

To address this, Tan advocates a platform-first integration approach, where APIs and prebuilt connectors are embedded directly into the low-code environment. "This enables seamless data sharing and end-to-end auditability."

For instance, an audit team can build a risk and control tracker on OutSystems that pulls financial controls from SAP via REST API, syncs policy compliance status from ServiceNow GRC, archives logs in Azure Data Lake, and delivers real-time dashboards via embedded Power BI.

"The platform acts as the bridge between audit users and enterprise systems," Tan explains. In today's blended IT environments, where off-the-shelf, custom, and cloud systems coexist, this orchestration role is indispensable for ensuring agility, traceability, and compliance.

Empowering citizen developers responsibly

"Organisations need a structured model combining training, governance, and collaboration." Leonard Tan

To empower non-IT users, Tan emphasises the importance of a Centre of Excellence (CoE), reusable assets, and role-based training. "You can't succeed in a low-code environment without proper training or guardrails."

Petronas in Malaysia exemplifies this approach. Through a CoE, they have enabled audit teams to co-develop enterprise-grade applications with IT oversight, resulting in faster deployment, reduced manual effort, and increased audit coverage.

"Tailored training, certifications, and a strong community deepen both business and technical skills," Tan adds. This model of structured decentralisation ensures that innovation proceeds without compromising compliance.

Auditing the audit workflows themselves

"Security and compliance must be embedded throughout the development lifecycle," notes Tan.

Even audit workflows need to be audited. Tan dismisses the myth that low-code sacrifices security for speed, stating: "Modern platforms come with built-in protections like controlled environments and automated security checks."

For high-risk workflows, oversight should be led by internal audit, risk, or compliance functions, which are responsible for enforcing platform-wide policies, monitoring integrity, reporting, and conducting periodic reviews.

"Role-based access, versioning, and logging help enforce this," Tan says. When these controls are standardised, automated compliance reporting becomes achievable and reliable.

Measuring success with KPIs

"Success is typically measured across three areas: effectiveness, efficiency, and governance," Leonard Tan

Tan recommends tracking:

  • Effectiveness: Time to deployment, audit plan completion rates
  • Efficiency: Manual effort saved, team productivity gains
  • Governance: Audit log compliance, policy enforcement, technical debt

Platforms like OutSystems even scan for technical debt, providing proactive recommendations to help mitigate it. "These metrics form a healthy feedback loop, helping teams scale with confidence."

Click on the PodChats player to hear OutSystems' Tan elaborate on the above topics.
  1. Briefly describe the state of low-code/no-code (LCNC) adoption in Asia as of 2025.
  2. What are LCNC Audit Workflow Builders? What are the strategic objectives for adopting these?
  3. What governance models and policies must be enforced to effectively manage what we earlier alluded to as a decentralised citizen development of audit workflows?
  4. How do these LCNC platforms ensure compliance with diverse regional data privacy regulations and regulatory frameworks across Asia?
  5. How do organisations maintain an up-to-date inventory and ensure consistent oversight of all low-code audit workflows developed centrally and departmentally? Who should be in charge of this?
  6. Could you share one proven way LC audit tools are adequately integrated with core enterprise systems (ERP, GRC, data lakes) for seamless data sharing, reporting, and end-to-end auditability of critical processes?
  7. What specific training, support frameworks, and guardrails must be provided to non-IT users to empower them to build compliant and effective audit workflows?
  8. How can leaders regularly assess and mitigate risks (including auditing the audit workflows themselves for integrity and accuracy) stemming from rapid, decentralised development, and ensure automated compliance reporting? Who should be leading/doing this?
  9. What key metrics and KPIs should organisations use to track and measure the efficiency, compliance and overall success of their low-code audit workflow initiatives?
Related:  PodChats for FutureCIO: Considerations for digital infrastructure
Tags: citizen developmentgovernanceLCNClow code platformsOutSystemsPodchats
Allan Tan

Allan Tan

Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events. Previous Roles He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role. He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications. He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippines. Other sales roles include Encore Computer and First International Computer. He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific. He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific. He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.

No Result
View All Result

Recent Posts

  • PodChats for FutureCIO: Strategies for LCNC audit workflow builders in 2026
  • APAC logs fastest growth in the global mental health technology market
  • HubSpot launches first CRM connector for Anthropic's Claude
  • APAC travellers lead in AI adoption, reveals report
  • Over 60% of Asia/Pacific enterprises see regulatory disruption to IT operations, IDC finds

Live Poll

Categories

  • Big Data, Analytics & Intelligence
  • Business Applications & Databases
  • Business-IT Alignment
  • Careers
  • Case Studies
  • CISO
  • CISO strategies
  • Cloud, Virtualization, Operating Environments and Middleware
  • Computer, Storage, Networks, Connectivity
  • Corporate Social Responsibility
  • Customer Experience / Engagement
  • Cyber risk management
  • Cyberattacks and data breaches
  • Cybersecurity careers
  • Cybersecurity operations
  • Education
  • Education
  • Finance
  • Finance & Insurance
  • FutureCISO
  • General
  • Governance, Risk and Compliance
  • Government and Public Services
  • Growth Strategies
  • Hospitality & Tourism
  • HR, education and Training
  • Industry Verticals
  • Infrastructure & Platforms
  • Insider threats
  • Latest Stories
  • Logistics & Transportation
  • Management Leadership
  • Manufacturing
  • Media and Telecommunications
  • News Stories
  • Operations
  • Opinion
  • Opinions
  • People
  • Process
  • Remote work
  • Retail & Wholesale
  • Sales & Marketing
  • Security
  • Tactics and Strategies
  • Technology
  • Utilities
  • Videos
  • Vulnerabilities and threats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCIO is about enabling the CIO, his team, the leadership and the enterprise through shared expertise, know-how and experience - through a community of shared interests and goals. It is also about discovering unknown best practices that will help realize new business models.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe