Governance, Risk and Compliance

Governance, Risk Management and Compliance (GRC) are three disciplines that work together for the purpose of assuring that an organisation meets its stated goals.

Our GRC solution suite covers all areas needed to ensure full visibility over functions across the modern enterprise. 


Summary of solution

Governance reflects processes that are designed to monitor and review performance and progress towards agreed Key Performance Indicators. Risk management is predicting, assessing and managing risks that could adversely impact on performance. Compliance reflects the need for all business units, functions and teams with the company to adhere to policies and procedures, laws and regulations

GRC apps

The solution runs on the Softools secure and scalable web platform, and delivers a portfolio of business process ‘apps’ that enable you to:





Internal Audit & Compliance

To enable routine audits against compliance and best practice checklists. These apps can be based on industry standards (such as ITIL and Sarbanes-Oxley) or client specific audits (such as a Supplier Assessment). Red and Amber indicators are then linked to improvement initiatives and tracked via the Project Management Office (PMO).

Governance & RAID

Support the effective governance of the business or team. These include the ability to capture, prioritise, and track RAID items: Risks, Actions to resolve issues, Insights or lessons learned, and key business Decisions. This provides a single place for capturing the outputs of key meetings and for reviewing all aspects of business performance.

Performance Review Meetings

Enable teams to plan, track and report on Performance Review Meetings. These will range from local team or project reviews to the Senior Management Team (SMT) reviews and Annual Business Planning (ABP).

Risk Management

Allow the effective management of strategic, operational and programme risks. The process varies depending on the level of complexity (ranging from simple Probability x Impact rating to a full Monte Carlo simulation) and the client preferred method. The resulting Risk register feed the regular (weekly / monthly) Risk Review Boards.