GRC, Process Management and Risk Management with ADONIS

ADONIS supports you especially in:

> Hierarchised risk and control catalogues

> Flexible modelling and documentation

> Broad meta model with responsibilities, IT systems,

documents/guidelines and data objects

ADONIS supports you especially in:

> Assured risk assessments in technical and process contexts

> Individual workflows, notifications and escalations

> Roles and permissions directly from the technical architecture

> Web-based execution in the ADONIS Process Portal

ADONIS supports you especially in:

> Assured control assessment in technical and risk contexts

> Individual workflows, notifications and escalations

> Reviews linked to control activities of processes

> Web-based execution in the ADONIS Process Portal

After the initial definition and assessment of the control, the focus lies on the validation of the execution. With the possibility to claim for proof testing in periodic intervals, the effective execution is ensured.

Through automatic interfaces, for example with ERP systems, in case of faults the controls are able to activate themselves and claim for a review.

Outcome: measurable control performances

• Review of the (operational) controls• Reasonable control performances and proof testing • Defined, workflow-based process of execution• Identified need for action

Control PerformanceIFocus: request and confirmation of control performances

Organisational changes are initiated only through the definition of initi-atives (derived from risks, controls or processes). In this way, initiatives help to focus on, for example, control weaknesses, new control proce-dures or improvements in the processes.

An integrated administration prevents silos and clearly displays, if pro-gresses have been achieved, or which steps have to be performed next.

Outcome: modifications and improvements

• Continuous improvement management• Clear initiative portfolios • Integration with business processes, risks and controls • Constant initiative controlling

Initiative ManagementIIFocus: operational improvements of the risk landscape

So GRC is even better

embedded So GRC is even better

embedded

The development of a vital

and sustainable system:

Start today!

Contact us:

info@boc-group.com

ADONIS supports you especially in:

> Web-based communication and reporting

> Audit and reporting templates

> Individual user views and tasks

> Document management in the ADONIS Process Portal

ADONIS supports you especially in:

> Interfaces and automatisms for control activation

> Assured control performances and proof testing

> Web-based execution in the ADONIS Process Portal

> Archived and documented control performances

ADONIS supports you especially in:

> Web-based dashboards and initiative maintenance

> Individual workflows, notifications and escalations

> Identification of optimisation possibilities

> Controlling, reporting and analysis

ContactBOC Products & Services AG Operngasse 20b, 1040 Wien Tel.:+43-1-905 10 71-0 E-Mail: info@boc-group.com

You can find further information about our products and services on our Website: www.boc-group.com

Theindividualriskswillbeidentifiedanddocumentedbasedonprocesses,activities, business units or deployment scenarios in which they occur and in which they are assessable.

Those risks, whose probability or impact assessment is too high, according to the enterprises risk appetite, need a follow-up check. In this way one or morecontrolsareidentifiedandassignedforeveryrisk.Theriskandcontrolcatalogue originates and can be confronted with optional (reference) control objectives.

Outcome: risk and control catalogue including process linking

• Catalogue of individual risks and controls• Integration with business processes and activities• Compliance of legal requirements and standard specifications• Execution of risk management frameworks

Detection & Scoping

The risk assessment defines the probability of a risk occurrence and the impacts that have to be taken into account. The periodic assessment takes place, for example, according to the gross/net principle.

The assessment frequency is assigned individually for each risk. The assessment process takes place aligned to the business requirements and consists for example of estimation, quality assurance and approval and is performed by freely definable roles. Regularity and the inclusion of changes in the environment are essential.

Outcome: risk portfolio rated by those responsible

• Reasonable risk assessments and trends• Defined assessment process• Clearly defined responsibilities• Derived need for controls

Risk Assessment

The embodiment (design), but also the operational function (efficiency) of the controls are rated regularly. The estimation can be validated with quality assurance stages (for example with a counter-check).

A correct and realistic assessment helps to detect errors and, if neces-sary, to identify new risks or a need for action. In the latter case, initia-tives will be deduced directly.

Outcome: Broad control checks

• Reasonable control assessments• Minimisation of risks• Defined assessment procedure• Identified weaknesses

Control Assessment

Communication of risks and controls in technical and process contexts immediately increases the quality and awareness in enterprises. Those responsible of and those executing the processes directly profit of this integrated view.

Integrated process, risk and control reports are used (automatically) to assure a consistent and highly qualitative audit result with low expendi-ture.

Outcome: integrated communication, audit-compliant reports

• Integrated view on processes, risks, controls and IT systems• Audit-compliant reports• Uniformity of the communication• Currency / status overview of all contents

Reporting

ADONIS – make processes work

Focus: correct and broad starting point Focus: realistic assessment of risks2 Focus: testing controls for design and efficiency Focus: (audit) reports without additional effort and expenses

1 3 4

Supported Standards• COSO I Internal Control Systems• COSO II Enterprise Risk Management • ISO 9001 Quality Management Standard• ISO/IEC 27001 Information Security Management

System• ISO 31000 Risk Management System • ONR 49000 Risk Management • ISAE 3402 International Standards on Assurance

Engagements • CobiT Framework for IT Governance • Individual requirements of audit firms• and due to the flexibility of ADONIS even further

Consulting and TrainingProduct-related support:• Introduction and customisation of ADONIS • Execution of Internal Control Systems / Risk

Management• Execution of audit requirements and templates• Concepts for releasing and versioning • Integration of operative systems

Technical Advice: • Introduction to BPM (Business Process Management) • Introduction to GRC • Creation of roles for BPM and GRC • Organisational review• Audit preparation• Process audit

Trainings and Seminars:• ADONIS and BPM trainings • GRC seminars

Infodays:Regularly free infodays for Business Process Manage-ment, Risk Management and Internal Control Systems. You can find all upcoming dates on:www.boc-group.com

Imprint:publisherandmanufacturer:BOCProducts&ServicesAG,placeofpublishingandmanufactoring:Vienna;©CopyrightBOCProducts&ServicesAG,Vienna.TheBOCManagementOfficeaswellasADOSCORE,ADONIS,ADOLOG,ADOIT,ADONIS:CommunityandADOIT:CommunityareregisteredtrademarksoftheBOCProducts&ServicesAG.Allofthecontentisprotected.Allothernamedbrandsarepropertyoftherespectivecompanies.All changes can only be made with a written letter of agreement from the BOC Products & Services AG. Reproductions in any form are only allowed with the Copyright remark. Publications and translations need a written letter of agreement from the BOC Products & Services AG.

www.boc-group.com/adonis

ADONIS -Business Process Management

www.boc-group.com/riskmanagement