Designing iSystain’s Governance Software Module
Treasure Hunts and the Value of a Good Question
Claude Levi-Strauss once said, "The scientist is not a person who gives the right answers, he is one who asks the right questions."
As a veteran management systems auditor, I’ve always thought the same to be true of our profession.
Certainly, the inspiration for iSystain's new Governance Register stems from over two decades of asking varying versions of the same question:
"What are your governance, risk and compliance responsibilities and how do you manage them?"
I'd put this question to everyone from the CEO to line management. When the inevitable blank or confounded looks arrived, I'd draw them a mud map similar to the diagram below* to help visualise the starting point and system navigation path I wanted to follow.
*In the interests of disclosure, the above diagram has undergone some cosmetic enhancements. Regardless, the general response was that I may as well have drawn this ....
One of the coolest things about being a veteran auditor, consultant and owning a software company is that I get to conceptualise, design and develop solutions to address many of the real-world needs I've experienced first hand.
Last year, while travelling around Tasmania and pondering the meaning of life (aka: drinking wine), I decided it was time to convert the diagram into an iSystain solution. From there, iSystain’s new Governance Register was born.
Our design process usually starts with objectives, deliverables and then functionality design.
The design deliverables focused on:
Creating a centralised location - a starting point - to access summary information on all governance sources relevant to organisations’ responsibilities.
Being able to navigate to relevant governance, risk, compliance and audit tools, schedules, completed tasks and outcomes.
Reducing the duplication of tasks that occurs when governance, risk management and compliance are managed independently.
Eliminating the silo approach across the many legal, commercial and sustainable commitments organisations are encumbered with.
Additionally, our objective was for users to be able to navigate the tool in two or fewer clicks to answer any of the following questions:
How do you view the scope of your position's assurance scope?
What position has the overall accountability for this assurance item?
What position(s) have implementation responsibilities?
Who or what authority is the source of the requirement?
How do you monitor the source document for currency?
Who is responsible for implementing the requirements?
How do you view associated risk/materiality assessments and treatment plans?
How do you access the suite of compliance monitoring tools for this assurance item?
How do you assign and manage the closeout of related actions?
From that, we shortlisted our first release functionality deliverables:
Searchable Register - A centralised place to view a listing of all of the legislation and applicable standards to which your organisation subscribes. Filters include topic, source and a set of categories including legislation, external management standards, benchmarking standards, operating permits, agreements and charters. However, as with all things iSystain, the lists are fully editable.
Governance Requirement Record - Capture, classify and link key information on each governance record added to the register including title, description, issuing authority, categories, website links, attachments, and responsibilities.
Accountability and Responsibilities: Using a pre-configured position hierarchy, assign overall accountability and nominate the positions responsible for implementation across the business. This provides top-down, bottom-up responsibility based filtering.
Attachments: Attach any relevant document or image files. Add an expiry date if relevant.
Action Plans: Linking action plans to governance requirements assist tracking of implementation, review, and monitoring tasks associated with the governance source. All actions are linked to workflow, reminders, progress update prompts, and sign-off functions.
Link to relevant Risk/ Materiality Assessments - Each record can be easily linked to relevant risk and/or materiality assessments completed in the risk register. If you already use iSystain's Risk Register, we've worked out a neat way to detect and suggest risk assessments from your register once you add the governance record. If you've completed them in a separate system or as a document, simply link to or attach to the record.
Link to relevant Compliance Monitoring Tools - Centralise and link all the compliance monitoring tools your organisation uses for day to day or periodic compliance checks. If you use iSystain's Compliance solution you can simply tick relevant self-assessments, checklists, questionnaires etc. If you've created an external one, attach as documents.
Link to relevant Audit Tools and Records - Centralise and link audit instruments for management system audits against requirements. There's also an option to create an overarching scorecard style instrument that aggregates results and displays on your scorecard with your targets, objectives and performance outcomes.
iSystain's new Governance Register feels like the culmination of my 20+ years of auditing, consulting and systems design experience. It was also one of the easiest solutions to design and develop as it organically pulled a myriad of existing system threads together. The product offers an enterprise-wide management tool that avoids duplication and the silo effect that often plagues a more traditional approach to GRC.
Want to breeze through your next management system audit or governance review?
Send us your details by clicking here to organise a web demo or receive more detailed information on the governance solution.
iSystain Clients who read and respond to this article will be eligible for free implementation and a waiver on the first 6 months’ hosting fees in exchange for your feedback and as a thanks for being wonderful to work with. Leave a comment or contact me directly to get the ball rolling.
The iSystain platform has been designed around the following three deliverables:
Managing Environment, Health & Safety - Running a company that minimises risk to people, the environment, local communities and assets requires commitment and great software. We've got you covered with the essentials including risk, compliance, incident, health, competency, change and action management. All processes are linked to email-based workflow and collect data that feeds into our suite of reporting, dashboards and performance monitoring tools.
Demonstrating Compliance & Governance - Move beyond silo-based, compliance and audit activities by integrating them into an overarching governance framework. Collect and categorise all voluntary and involuntary legislation, permits, internal and external policies and standards subscribed to by your company in the Governance Register. Link items to risk assessments, audit instruments, compliance assessments and action plans for implementation and review responsibilities.
Managing Sustainability Reporting - Our Sustainable Development solution provides a framework to define your sustainability performance goals and establish the quantitative and qualitative data collection requirements to report and measure against them. We'll incorporate management tools including workflow, data status monitors and alerts, import facilities, flexible reporting options and data analysis views.