Dublin, Ireland, Thursday, 29 June 2017

Be ready for the next generation GRC suite that supports you in all phases of your risk management, from risk identification to operationalization up to analysis and reporting. Identify any potential risks your company might face and derive appropriate controls to mitigate them. You can create overviews of all your risks, analyze them based on various likelihood and impact charts (e.g. FMEA) or witness how those risks are affecting your organizational processes, IT assets or business units by integrating them with BPM or EA. Learn how GRC helps you comply with effective assessment of risks and testing of controls in your organization to ensure your company is always audit-ready.


Convince yourself – Get on board and let our GRC suite support you perfectly across all aspects of Governance, Risk and Compliance.

Easily create and maintain your Risk Portfolio

Willing to have an overview of all risks your company is dealing with every day?
Now you can import or create your own risk portfolio and make it as detailed as you need. Maintain the most important data, assign responsibilities and get comprehensive charts that will allow you to get the full picture and dependencies of your risks.

Added Value

  • Create transparency within your risk portfolio
  • Easily document all risks and controls occurring in your company
  • Prepare for your next audit

Integrate your Risk Portfolio into your BPM or EA Initiatives

Risks are not just emerging out of the blue, but arise out of your business processes or in relation to your IT infrastructure. Therefore, GRC is designed to be combined with your BPM and EA repositories. Now risks can be associated with certain processes, process steps or IT assets, so risk managers are able to assess their likelihood and impact on a more detailed level. Along with that, a control's implementation is detailed by linking it to the corresponding process, process step or IT asset. All that information about risks and controls can be accessed automatically from within your process or architecture documentation, so your enterprise risk management stays continuously in-line with other management domains.

Added Value

  • Contextualize risks with assets in your organization
  • Scope the risks in your organization to prepare for more precise assessment and mitigation
  • Raise awareness in your company by making visible the potential risks the assets may be exposed to

Have your Experts assess their Risks in an audit-ready manner

Your risk portfolio calls for assessment by your risk experts. A simple yet comprehensive workflow lets your risk experts score probability, impact and detection of all risks in their context. And that, following a defined revision-proof procedure.
Sleep tight before your next audit and be certain that your assessment data is readily available. Mechanisms such as assignment of tasks to responsible people, notification mechanisms, historization of changes to stored information incl. assessment scores, etc. guarantee a revision-proof documentation of your risk portfolio.

Added Value

  • Never lose track of your risk assessments' state
  • Profit from automated checking rules (e.g. 4-eye principle)
  • Maintain traceability of changes including historization and archiving (Audit trail)

Document and Test your Controls' Effectiveness

To address your risks you surely have a lot of controls in place. But how can you be sure that the controls are the right ones or that they are executed properly?
Evaluate and score their effectiveness by having your control experts test them and documenting the results (Test of Design and Test of Effectiveness). The quality of your controls will ensure that the risk gets mitigated appropriately.
Comprehensive workflows, notifications, views and dashboards assure a perfect overview on your control portfolio.

Added Value

  • Maintain your risks under control
  • Be sure your control measures actually work before the risk occurs
  • Maintain traceability of your control assessments including historization and archiving (audit trail) 

Pull comprehensive reports and accessible analysis results

Your risk catalogue with all its context, its assessment data and its historized data is a great source for analysis and reporting.
Make use of this profound data source and generate dynamic views on your risk or control portfolio, or visualize your risk scores in heatmaps or other diagrams. Easily share such analysis views also with stakeholders outside the tool for presentations or joint discussions.

Added Value

  • Get an overview of your risk assessment
  • Gaze the major risks in your company to tackle them earlier
  • Have reports of your risk status with one click

What is the GRC suite?

The GRC suite is the intuitive and suitable tool
for Risk and Compliance Management.




For further information and a free no-obligation
consultation do not hesitate to contact us!





Enrique Lobo Cruz

P +353-1-871 94 16
F +353-1-871 94 17
E info@boc-group.com