The Purpose of Integrated Management
“Get off the island!”. What sounds like a request to German Mallorca tourists in a Corona-ridden time should actually be a request to our everyday business life. We all mean well and want to fulfil the internal and external demands placed on us as best we can. We wish to ensure our company, our function, our department, and our personal work are “state of the art”. At the same time, we also love our independence and freedom from external constraints. We want to reduce complexities and not be tied down by too many dependencies. We love our business “island”.
But the supposed short-term success we achieve with an “isolated” view, in reality, causes growing frustration, extra work, and a lack of acceptance by colleagues and especially by the management.
Yet all governance and management programs are originally set up with the aim of “making the company’s processes transparent and taking suitable measures to be able to recognize developments that could endanger the company’s continued existence at an early stage and to set up an appropriate monitoring system” – seen here as required by Section 91 (2) of the German Stock Corporation Act (AktG).
Such systems are often seen in compliance and risk management, which is in turn monitored by audits and certification programs.
However, companies often have other legal or social requirements too. Typically, ISO standards, norms, or TÜV certification (should) help entrepreneurs with frameworks to implement good corporate practice:
- Quality management (ISO 9001) increases the quality of processes and products
- Occupational health and safety (ISO 45001) ensures the performance of employees
- Information security (ISO 27001) protects the confidentiality, integrity, and availability of information
- Emergency management (ISO 22301) ensures business operations in crises and emergencies
- Project management (ISO 21500) helps to secure the future of the business, reduce costs or increase revenue.
- Corporate Social Responsibility (ISO 26000) for sustainable and responsible business.
On closer inspection of real-life scenarios, we see that hardly any Managing Director, Board member, or authorized signatory is in a position to identify and control all the standards and obligations, and to monitor their implementation appropriately.
The number of measures from the various management programs is numerous and varied. Rarely does the organization feel empowered by the numerous risk-based initiatives. Instead, GRC (governance, risk, and compliance) functions often create additional work and stress for the functional departments.
What is the challenge in meeting Governance, Risk, and Compliance?
Meeting the requirements of a GRC management system is multifaceted and cannot be viewed in isolation. The Implementation of such a system requires the cooperation of the entire organization and does not stop at the boundary of one’s area of expertise. For instance, the requirements of the General Data Protection Regulation (GDPR) have made this clear to many companies in the form of complex, lengthy, and expensive projects. They have realized that the technical and organizational measures are not just the responsibility of the Data Protection Officer but have to be worked out in accordance with the company’s business model, and implemented throughout the organization, across processes, IT systems, and departments. Similar challenges also arise in other compliance areas, such as information security, risk management, or the internal control system (ICS).
In all these cases, responsibilities must be clarified, and employees entrusted with execution must be identified. Decisions must be made, and tasks delegated. What looks possible within a very limited scope of action and subject areas becomes even more difficult when more risks, departments, processes, countries, subsidiaries, IT systems, projects, etc. have to be considered. This is where the use of an integrated system is essential.
Why an integrated management system?
Meeting the complex challenges of GRC requires a systematic and, above all, process-integrated approach. Existing islands of thought and systems must be broken up. An overarching view, aligned with the goals of the company, is necessary.
Think of how a lifeboat from a desert island is best when built together. In the same way, it requires a common but pragmatic approach across different management functions for companies to remain strong and resilient in the face of a wide variety of risks, threats, and developments in recent years.
The integrated and standardized approach avoids redundancies as well as duplications. The management and the supervisory board gain an overview of different initiatives and can track the implementation of each unit or division. The performance improves as departments take advantage of an integrated management system. Thus, an integrated management system creates added value and prevents organizational failure.
How does software support the implementation of an integrated management approach?
In order to map the complexities of a business, we need modern and flexible software that supports various GRC functions. The requirements from different standards have to be unified and transferred into a clean data model. Different data sources must be linked, integrated, analyzed, and evaluated.
In order to meet the various requirements, a wide range of tools and procedures must be available. Simple simulations, modern questionnaire-based queries, or complicated Monte Carlo methods must be just as possible as the integration of external data streams or information feeds. It needs a connecting and integrating view. A platform.
The introduction of a cross-functional solution does not have to happen all at once. Even with modern and integrated software, getting off the island is still a journey. But pre-built modules and standardized procedures and approaches help to implement the “best-practice” approach quickly.
About Corporater
Corporater specializes in integrated management systems. Our long experience in performance management, portfolio management, KPI systems, and Balanced Scorecard distinguishes us and makes us unique in the field of integrated management systems.
Even the implementation of an integrated risk early warning system e.g. according to IDW-PS 340 will be as easy as building LEGO.
