Audit Ready – Create globally, Control centrally

Companies are increasingly being driven to provide proof of compliance with various legal requirements or quality standards by external as well as internal influencing factors. In addition, more and more companies are adapting their culture to conform to standards or guidelines in order to deal with company-critical issues in a timely and future-oriented manner and thus to prepare themselves ideally for the future. Compliance with such standards or norms often leads to increases in efficiency and quality as well as competitive advantages over competitors and positive PR. The products of the BOC Management Office contain all the necessary properties to prepare and carry out audits. Let us convince you!

Key facts:

Transparent, historization, versioned
Smart checks to guarantee consistency
Powerful analysis & reporting

Audit-Readiness: A must-have for:

  • Business Process Management
  • IT Management
  • Internal Control Systems
  • Risk Management
  • Compliance Management
  • Internal Revision

... to meet standards such as:

  • ISO9001 for Quality Management
  • ISO14001 for Environmental Management
  • ISO20000 for IT Service Management
  • ISO22301 for Business Continuity Management
  • ISO27001 for Information Security Management
  • and many more

Get Audit-Ready - With ADONIS and ADOIT
you can control your audit-related tasks

Success factors that save your sleep

Business Process Management (BPM), Enterprise Architecture (EA) and Governance, Risk & Compliance (GRC) are three disciplines that are the focus of interest in the context of regulated scenarios. The relevant analyses and reports are not only relevant internally for corporate management, but can or must be reported to external stakeholders in various audits.

More frequently, companies are required to conduct internal and external audits.

The background to this can be very different:

 

  • Audit by internal auditors
  • Audit in the framework of the final examination or the ICS examination
  • Audit by external supervisory bodies, such as the financial market supervision
  • Certifications based on standards (ISO 9000, ISO 27000, etc.)
  • Audits by business partners (e.g. supplier audits or risk audits for insurance contracts)

 

For the preparation and execution of such audits as well post-audit activities such as evidencing improvement in the course of re-certification, companies are investing a lot of time and effort. In order to be prepared for such a situation, several requirements (audit-readiness factors) have to be fulfilled:

 

  • The relevant documentation and reporting must be methodically correct and consistent.
  • It must be understandable how the documentation has been created and how the above-mentioned documentation has been approved.

In order to master the challenge of getting "audit-ready", we have identified the following approaches and success factors:

1

Integration of management areas and disciplines

 

Without integrating management systems, individual stakeholders may work side-by-side, yet isolated from each other. This often leads to duplicate work, many requests to specialist areas and, regrettably, to incomplete presentations and reports. The wheel is reinvented again and again and those limits in users’ heads prevent them from reusing and complementing existing documentation. On the other hand, when a company has integrated documentation, it allows not only more efficient work, but also to better understand large contexts.

2

Reuse and extension of existing documentation

 

The integration of management systems also has potential for reuse and expansion of existing documentation. If you don’t have to invest extra time gathering information from other disciplines, you can not only work more efficiently, but you can also achieve higher reliability in data quality. Finally, all experts contribute to the overall picture directly and personally.

3

Strong functional support with a suitable tool set

 

In order to meet necessary obligations, strict criteria have to be met. Some of them should be supported by a suitable tool set that help you to get your job done. BPM and EA tools such as ADONIS and ADOIT as well as the GRC module have always had their strengths in the integrative view of corporate management. They feature a variety of functions that clearly meet essential criteria such as traceability, historization, versioning or compliance with audit rules. The use of our products has long gone beyond a simple graphical modelling of process flows or IT landscapes. The use of basic documentation or specific evaluations for audit-relevant requirements is becoming more and more relevant.

4

Reference models from audit-relevant departments

 

Reference models not only help you to get started with the necessary documentation tasks, but also create additional confidence regarding completeness and plausibility. The BOC Group has a variety of reference models from a wide range of disciplines, from a first orientation to the establishment of audit-relevant test area: maturity level assessments in the context of ISO 9001: 2015 and EFQM, reference process descriptions from ISO / IEC 27001, COBIT 5.0 or ITIL, or risk and control catalogs based on Basel II / Basel III, Solvency II and many more.

5

A strong and experienced partner who can advise

 

The requirements, both internal and external, are demanding. But the good news is, you are not alone. Benefit from the experience of others and let yourself be supported by experts when preparing for your next audit. Whether tool-based or independent, proven techniques and methods can make life much easier for you.


Audit-readiness: The most essential features

Preparation of audit-relevant documentation

The efficient use of important tools is crucial in the preparation of audit-relevant documentation. ADONIS, ADOIT and the GRC module provide a browser-based modelling platform, which can be prefilled or continuously updated using a variety of interfaces. Through a very specific allocation of rights to user groups and individual roles within the company, the corresponding assets can be specifically created and maintained in your documentation, and can also be reused for graphical modelling and evaluation.

Validation using predefined, customizable checking rules

The release of content is often subject to specific requirements and checks. By automating these checking rules to ensure quality, you can accelerate the release of content and at the same time ensure 100% coverage of your quality requirements.

Controlled and workflow-based release of content

Your documentation is a living entity. Therefore, changes must be subject to a comprehensible procedure, in order to ensure accuracy of the content and the changes by authorized stakeholders. To ensure reliable quality assurance through a stable, defined and, above all, transparent workflow, ensure that the 4 or 6-eye principle is maintained and clearly documented before new models or objects are released. Thereby, the system manages versioning, historicization and archiving, but also resubmission and prolongation.

Publishing and feedback mechanisms

The released documentation should be available in the company (only that which you wish to publish) in a transparent manner. This is ensured by publishing mechanisms that you can easily adapt to your specific needs. In addition, your documentation will continue to be alive beyond the creation of audit-relevant documentation. For this reason, experts from the various disciplines (business experts, compliance officers, ICS managers, etc.) can submit comments and improvement suggestions for models and objects via social media-like communication streams in ADONIS or ADOIT.

Analysis & reporting

Create target group-specific audit-documentation based on your released documentation. With the products of the BOC Group, also these parts of the overall model can be made available online (process or organizational portal) or offline (e.g. via Microsoft Excel, PDF, PowerPoint). ADONIS, ADOIT and the GRC module provide configurable analysis and reports. Analysis results and reports can easily be exported and used again in presentations or meetings. The available dashboards provide you an informative overview of the current state of information in your management system.

Integrated management of measures

Findings from the audit are recorded in the form of modification measures to assess their performance in the next cycle. ADONIS and ADOIT also serve to document these measures. We thereby also follow the integrative idea – the measures are directly assigned to the corresponding assets (processes, controls, IT applications, etc.). By means of action planning (responsible person, start and end time) and also measure tracking, the circle closes again to the next audit.

Business Process Management

Discover the best BPM tool of its kind for design, analysis
and optimization of business processes.

Enterprise Architecture

Use our intuitive EA tool to understand correlations
between business and IT.

 

 

Get audit-ready, together with us!

Join us today and arrange a non-binding demo!

 

 

Contact us

What's new
in ADONIS NP

Learn more about the latest advancements in ADONIS NP

 LEARN MORE

What's new
in GRC

Learn more about the latest advancements in GRC.

 LEARN MORE

What's new
in ADOIT

Learn more about the latest advancements in ADOIT.

 LEARN MORE

Customers who trust in us

More than 1,000 customers in over 50 countries worldwide trust our professional management tools - some examples can be found here

?

QUESTIONS?

Enrique Lobo Cruz

P +353-1-871 94 16
F +353-1-871 94 17
E info@boc-ie.com