Compliance Management System as part of a digitized management system for the entire business system
What is digitized business system management?
The management of each business system consists of the management of its associated segments. The GRC management concept is its ability to strongly implement the process of connecting 3 components: Governance, Risk Management and Compliance. These components are based on 7 logical units: strategic management, business processes, policies and procedures, performance measurement, risk management, control structures / activities and audits, which can be seen in the picture:
Image: Components of GRC
The role of the Governance component is that top management manages and supervises the entire business system in such a way that it “sees” all strategically important information at all times, including critical ones, through which it can compare the achievement of set goals and, if necessary, make new decisions immediately.
The Risk component in GRC consists of processes by which management at all levels identifies the risks associated with them (strategic, operational, security, etc.) and, if necessary, initiates or undertakes, in accordance with its responsibilities and powers, rapid corrective responses.
The Compliance component is the ability of the business system to monitor at all levels, through control structures/activities and audits, whether it is acting in accordance with legislative and regulatory requirements, internal policies, procedures, standards, permits, licenses, etc.
Below is a picture of such a platform called Isorobot, the use of which is advocated by ZIH. However, there are several other platforms of this type, but it seems to us that this one has an acceptable cost-benefit ratio for the Croatian market.
Source: ZIH and Excelledia isorobot documentation
This platform has 31 business modules (Enterprise Management System – EMS) and consists of 55 business frameworks and standards integrated into one management and operational entity.
Isorobot uses the most common business frameworks, such as: COSO, Balanced Scorecard, ISO management systems, OECD Framework, EFQM, etc. Also, it is possible to incorporate some specific local frameworks into this platform, for example, the system of internal controls for the public sector in the Republic of Croatia.
The basic ISO standards “embedded” in Isorobot are:
It has already been said that Isorobot is “open” to other business frameworks and ISO management standards.
The internal organization of Isorobot is based on business modules called Enterprise Management Systems – EMS. The basic modules of EMS are:
Each of these modules has its own structure. For example, the Organization and KPI Management (Performance Evaluation) modules have the following structure:
Method of implementation of Isorobot
Of course, it is not necessary that a user immediately decides to acquire and apply all these modules, so the implementation can follow gradually, and accordingly the versions are available:
• Business excellence,
• Premium i
• Fully integrated intelligent solution.
Services of ZIH
ZIH can fully provide all consulting and educational services for the implementation of Isorobot. Basically, they can be grouped into the following stages:
• Motivational presentations,
• Assessment of business maturity and determination of appropriate modules,
• Installation of the platform according to the selected modules,
• “Filling” the platform with business system data
• Training for use (management, operational users, administrators)