Companies are increasingly being driven to provide proof of compliance with various legal requirements or quality standards by external as well as internal influencing factors. In addition, more and more companies are adapting their culture to conform to standards or guidelines in order to deal with company-critical issues in a timely and future-oriented manner and thus to prepare themselves ideally for the future. Compliance with such standards or norms often leads to increases in efficiency and quality as well as competitive advantages over competitors and positive PR. The products of the BOC Management Office contain all the necessary properties to prepare and carry out audits. Let us convince you!
Transparent, historization, versioned
Smart checks to guarantee consistency
Powerful analysis & reporting
Success factors that save your sleep
Business Process Management (BPM), Enterprise Architecture (EA) and Governance, Risk & Compliance (GRC) are three disciplines that are the focus of interest in the context of regulated scenarios. The relevant analyses and reports are not only relevant internally for corporate management, but can or must be reported to external stakeholders in various audits.
More frequently, companies are required to conduct internal and external audits.
The background to this can be very different:
For the preparation and execution of such audits as well post-audit activities such as evidencing improvement in the course of re-certification, companies are investing a lot of time and effort. In order to be prepared for such a situation, several requirements (audit-readiness factors) have to be fulfilled:
Without integrating management systems, individual stakeholders may work side-by-side, yet isolated from each other. This often leads to duplicate work, many requests to specialist areas and, regrettably, to incomplete presentations and reports. The wheel is reinvented again and again and those limits in users’ heads prevent them from reusing and complementing existing documentation. On the other hand, when a company has integrated documentation, it allows not only more efficient work, but also to better understand large contexts.
The integration of management systems also has potential for reuse and expansion of existing documentation. If you don’t have to invest extra time gathering information from other disciplines, you can not only work more efficiently, but you can also achieve higher reliability in data quality. Finally, all experts contribute to the overall picture directly and personally.
In order to meet necessary obligations, strict criteria have to be met. Some of them should be supported by a suitable tool set that help you to get your job done. BPM and EA tools such as ADONIS and ADOIT as well as the GRC module have always had their strengths in the integrative view of corporate management. They feature a variety of functions that clearly meet essential criteria such as traceability, historization, versioning or compliance with audit rules. The use of our products has long gone beyond a simple graphical modelling of process flows or IT landscapes. The use of basic documentation or specific evaluations for audit-relevant requirements is becoming more and more relevant.
Reference models not only help you to get started with the necessary documentation tasks, but also create additional confidence regarding completeness and plausibility. The BOC Group has a variety of reference models from a wide range of disciplines, from a first orientation to the establishment of audit-relevant test area: maturity level assessments in the context of ISO 9001: 2015 and EFQM, reference process descriptions from ISO / IEC 27001, COBIT 5.0 or ITIL, or risk and control catalogs based on Basel II / Basel III, Solvency II and many more.
The requirements, both internal and external, are demanding. But the good news is, you are not alone. Benefit from the experience of others and let yourself be supported by experts when preparing for your next audit. Whether tool-based or independent, proven techniques and methods can make life much easier for you.
The efficient use of important tools is crucial in the preparation of audit-relevant documentation. ADONIS, ADOIT and the GRC module provide a browser-based modelling platform, which can be prefilled or continuously updated using a variety of interfaces. Through a very specific allocation of rights to user groups and individual roles within the company, the corresponding assets can be specifically created and maintained in your documentation, and can also be reused for graphical modelling and evaluation.
The release of content is often subject to specific requirements and checks. By automating these checking rules to ensure quality, you can accelerate the release of content and at the same time ensure 100% coverage of your quality requirements.
Your documentation is a living entity. Therefore, changes must be subject to a comprehensible procedure, in order to ensure accuracy of the content and the changes by authorized stakeholders. To ensure reliable quality assurance through a stable, defined and, above all, transparent workflow, ensure that the 4 or 6-eye principle is maintained and clearly documented before new models or objects are released. Thereby, the system manages versioning, historicization and archiving, but also resubmission and prolongation.
The released documentation should be available in the company (only that which you wish to publish) in a transparent manner. This is ensured by publishing mechanisms that you can easily adapt to your specific needs. In addition, your documentation will continue to be alive beyond the creation of audit-relevant documentation. For this reason, experts from the various disciplines (business experts, compliance officers, ICS managers, etc.) can submit comments and improvement suggestions for models and objects via social media-like communication streams in ADONIS or ADOIT.
Create target group-specific audit-documentation based on your released documentation. With the products of the BOC Group, also these parts of the overall model can be made available online (process or organizational portal) or offline (e.g. via Microsoft Excel, PDF, PowerPoint). ADONIS, ADOIT and the GRC module provide configurable analysis and reports. Analysis results and reports can easily be exported and used again in presentations or meetings. The available dashboards provide you an informative overview of the current state of information in your management system.
Findings from the audit are recorded in the form of modification measures to assess their performance in the next cycle. ADONIS and ADOIT also serve to document these measures. We thereby also follow the integrative idea – the measures are directly assigned to the corresponding assets (processes, controls, IT applications, etc.). By means of action planning (responsible person, start and end time) and also measure tracking, the circle closes again to the next audit.
Discover the best BPM tool of its kind for design, analysis
and optimization of business processes.
Use our intuitive EA tool to understand correlations
between business and IT.
More than 1,000 customers in over 50 countries worldwide trust our professional management tools - some examples can be found here