What's new in GRC 2.5

Wednesday, 20 June 2018

GRC 2.5 – the latest version of BOC Group's GRC suite is out now. We have put ourselves in our customers' shoes, in order to conceptualize and comprehend what it is that makes GRC special. By trying to understand our customers' specific needs and carefully listening to the feedback we have received, we were able to introduce innovations that substantially contribute to an even greater and holistic, true user experience. Also, with everything that has been implemented, we have tried to address specific stakeholders and their needs. All the necessary role-specific workflows and views are now available at any given time where they are needed the most – in the right place at the right time. On top of that, with this release we have strived to match the design principles of GRC to those of our other products to reduce the training efforts and increase the ease-of-use for those already familiar with ADONIS NP. Check out how our GRC suite makes managing risks and controls and complying with regulatory requirements the easiest so far!

Supervise, Assign and Assess Risks and Controls – All From One View

Being able to monitor and assess different risks assigned to a process is not an easy task on its own – especially when the amount of risks multiplies and rises. Having this issue in mind, GRC 2.5 comes with complete support of the Integrated Risk and Control Assessment (IRCA) implemented through a dedicated matrix view, so that all risks assigned to a process are always easily traceable and accessible. The IRCA provides you not only with a great overview in this sense, but also allows you to assign missing risks, assess them or mark them for a later assessment, when and if needed. On top of that, this view also displays the mitigating controls, thus making missing controls easily identifiable. Quick, easy and simple, just like that!



Benefit from the integrated view of all risks assigned to processes  

Easily identify and assign missing risks and controls

Quickly gather all necessary details

Effortlessly trigger new workflow actions and perform tasks


Browse through the feature highlights that come along with the new release and play their part in contributing to what GRC is today.

GRC Scenario & Task-specific Dashboards

Access your important functions quickly and easily

For risk officers, it is important to immediately see and uncover the latest states of assigned risks and pending workflow actions, to stay in control and identify where actions are needed. Therefore, with the redesigned GRC Scenario, a better overview and direct access to the user-specific tasks, have been easily realized. Individual dashboards allow for a detailed view on all GRC classes – including both, risks and controls. On top, the user interface dynamically adapts the content displayed based on user-specific role assignments and responsibilities. Transparency on current tasks, risks and controls has never been that high!

Added Value

  • Get transparency on your current tasks
  • Immediately uncover the need for action
  • Only see what is relevant for you

Detailed Status View & Report

Always keep up, never lose track

Risks tend to multiply and pile up over time, which is why having a good overview and keeping track of their state changes, especially when dealing with a larger variety of them, is of vital importance. With this latest release, you will no longer need to worry about keeping up with your risks and controls. The notable and well-known GANTT chart has been adjusted and integrated specifically for GRC's needs, and allows you to do just that. From now on, you can have a great graphical representation and overview of your risk assessment's and control testing's states, easily determine the current pain points to be addressed, identify responsibilities and assign new tasks – all in one view.

Added Value

  • Easily supervise and monitor the progression of your risk and control portfolios
  • Benefit from a clean representation and quick overview of your risks' and controls' states

Master Data Workflow

Gain the upper hand over risks and controls

It is a necessity for organizations to keep a close eye on operational risks and introduce controls for mitigation in order not to be presented with unexpected events that could endanger future development. For that, it is not only important to know about the existence of such risks, but also to have them documented and versioned along with their controls in an audit-ready manner. With the new master data workflow in GRC 2.5, it is possible to control the release of risks and controls, by making them subject to a multi-level review process for quality assurance before the release. What's more, all changes are consistently logged to keep them up-to-date, traceable and transparent.

Added Value

  • Proper review of risks and controls prior to release
  • Audit-ready & revision-safe document archive (history)

  • Keep information up-to-date, traceable and transparent

Case-Specific Dynamic Risk Assessment

Have a look at your risks in the right place, at the right time

Risks, by nature, always have a negative impact, but the degree of impact, likelihood of occurrence and detection varies from one occasion to another. So, once the risk portfolio of an organization is transparent, it is now the risk officer's turn to engage in a dynamic risk assessment and evaluate the potential threat of risks when being exposed to the various assets of an organization. With the case-specific dynamic risk assessment, the risks and controls in place are subject to a one to three-staged review process, depending on the number of flexible review steps chosen by the organization and the calculated value-at-risk. Also here, just like in the master data workflow, every change is documented in a consistent, revision-safe audit-ready manner.

Added Value

  • Proper dynamic risk assessment with flexible review stages
  • Audit-ready & revision-safe document archive (history)

  • Keep information up-to-date, traceable and transparent

Business Area Portfolios

Monitor and control without breaking a sweat

Although many people in a company might be involved with handling risks and controls, not many are actively involved with them from an operational side. Rather, they will more likely be assessing, overseeing and controlling them for a specific business area – like an organizational unit, a process, or an application. The three brand-new dedicated dashboards – My GRC, My Risks and My Controls – exactly address this need. They come as a part of the GRC based extension of the Read & Explore scenario, provide a quick and easy access to important functions and features, and allow the users to see the risks and controls relevant for them. All of these available views are designed to provide you with a more comprehensive picture of all the relevant risks and controls, help you monitor the work, create more transparency within your risk and control portfolios and finally provide you with a comprehensive overview of your ICS/RM without a hassle.

Added Value

  • Effortlessly and swiftly browse through all your company's risks and controls
  • Overlook the risks and controls for a specific business area
  • Bring more clarity into your risk and control portfolios


Check out our selection of other nice features contributing to an enhanced user experience.


Transaction Report
All completed, declined or discontinued risk and control workflow periods that are currently part of your repository can be monitored in an CSV-based export.

Master Data History
The master data history provides a compact overview of the most relevant master data information, e.g. version, name, description and responsibles available in different views and export formats.

Enhanced Description of Widgets, Dashboards and Views
The description of all GRC specific elements within the user interface have been updated in order to allow the users to directly inform themselves about the content displayed.

Assessment History
Each workflow transition happening in the course of risk assessments, control testings or control executions is assigned to a specific version and gets documented, revision-safe in the history.

Pause Workflows
All workflows can be paused, in order to match organizational requirements and prevent the system from any further automated action, e.g. escalations.

Enhanced Examples
GRC now offers enhanced examples, which indicate the implemented method, provide an overview of every workflow (states, responsibilities, configurations, notifications) and, on top, integrate with existing sample scenarios from ADONIS NP, e.g. ADOmoney Bank.

Unified UI Strings
In GRC 2.5, all attributes and relations are named based on the same scheme used in ADONIS NP.

Workflow Variants
Now, you can choose the workflow variants for risk assessment and control testing, which suit your scenario best, starting from the no-review step, up to the three quality gates, activated on a case-by-case basis. This feature might be especially helpful for centralized scenarios, where a single person is performing all tasks, or where an automatic involvement of managing directors might be required.

Improved Performance of all Components
Our GRC suite has been revamped and fine-tuned so that the performance of all of its related components is optimized to the maximum. All the way from the initial loading time of the scenario, up to the dialog for workflow actions - you can now enjoy the better, faster GRC inside and out!

Manual Start of Workflow Periods
Apart from being able to plan, schedule and trigger workflows automatically, this version also brings the possibility to start a workflow manually, whenever you feel one is needed - be it on a specific date or ad-hoc.

Automatic Trigger for Workflows
GRC 2.5 brings even more flexibility with regards to triggering workflows. From now on, you can also automatically trigger workflows on a weekly basis, if needed, for even greater consistency and assurance.

Helptexts within Dialogs
GRC never wants you to feel left alone and confused! That's why we have redesigned all the attributes, found within the transition dialogs, to provide you with a helping hand and support in a form of short descriptions. Thus, all users regardless of their expertise can inform themselves about the relevant content and required input at hand.

Improved Workflow Notifications
All changes throughout the workflow are logged and updated automatically within a blink of an eye, while always notifying the relevant persons of changes being implemented.

What's new in GRC

Discover all the features of the past release you are interested in.

All features released with GRC 2.0


The GRC suite is the intuitive and suitable tool
for Risk and Compliance Management.



More Information


For further information and a free no-obligation consultation do not hesitate to contact us!



Contact us

Watch our free webinar

Sign up for our webinar "GRC 2.5 unboxed" and get to know the latest version of our GRC suite in a live demo.



Register now



Enrique Lobo Cruz

P +353-1-871 94 16
F +353-1-871 94 17
E info@boc-group.com