Häufig gestellte Fragen zur GRC Software

Sie finden hier Antworten auf Fragen, die uns immer wieder gestellt werden. Haben Sie weitere Fragen? Dann setzen Sie sich einfach mit uns in Verbindung! Wir helfen Ihnen gerne weiter.

Yes, the requirements of the two standards can be mapped using the software.

Yes, in addition to depicting the risk management process, an internal control system can also be depicted. This can take place in a completely integrated process or in two different process organizations (1st RM and 2nd ICS). It is always possible to consider the topics separately but also in an integrated way

Yes, in addition to the risks, opportunities can also be considered and recorded, evaluated and reported. In particular, customers who simulate use the option of opportunity management, since within the scope of risk assessment, there may also be deviations in the risks in the positive range. Of course, the opportunities can also be viewed in isolation from the risks.

Yes, a Monte Carlo simulation is available in the application. Risks can be aggregated using a Monte Carlo simulation, your own simulation portfolios can be compiled, or the overall risk situation of the company or parts of it can be simulated. Both multi-year risk assessments and (unidirectional or bidirectional positive and negative) dependencies between risks are taken into account. The application can determine the risk measures Value @ Risk (VaR) and Conditional Value @ Risk (CVaR) for self-defined confidence levels.


In the application there are standard reports as well as individual reports. The standard reports represent common requirements for risk management or an internal control system (risk map, risk inventory, risk development, ISAE 3402 etc.). In addition to the standard reports, there is the option of storing your own reports. These can be completely customized in terms of content as well as design / layout.

The application has very extensive evaluation options. This starts with a qualitative and / or quantitative evaluation and the respective mixed forms, via a multi-year evaluation, gross / net / target view, EBIT / cash impact, up to risk assessment using various distribution functions or in a multidimensional view (financial , Reputation, liability, environment, etc ...). The use of the available options is completely free and can be supplemented at any time in order to further optimize and expand your own risk assessment. Basically, all entry masks adapt to customer requirements

The resulting effects on the probability of occurrence and / or impact can be recorded in measures. These effects can be automatically offset against the risk assessment, e.g. to have the net valuation calculated from the recorded gross valuation. This measure allocation can be combined with all other functions and evaluation options.

Yes, there is the possibility of recording damage events / indications with the date of entry, damage amount, risk assignment and geographical location and evaluating them in an overview page or in reports.

As an alternative to processing your tasks in the application, employees who carry out measures or confirm the implementation of controls or their effectiveness can also report their execution using Microsoft Outlook. As a result, the employees can work in their familiar working environment and there is no training required for these employees.


We offer our application R2C_GRC not only on premises, i.e. installed in your system, but also in the cloud. Our GRC cloud is always online, always available and fully scalable. This way you can use the full functionality of the R2C solutions with little effort. Safety has top priority. This is also why all data is hosted in a German data center: ISO 27001 certified.

We take care of maintenance and support for you and guarantee you high data security and reliable system availability.

Folgende Anforderungen müssen erfüllt werden:

Die Erfüllung aller gesetzlichen Richtlinien stellt Unternehmen vor eine große Herausforderung. Wir übernehmen diese umfangreiche, aber wichtige Aufgabe für Sie.

Mit der GRC Software R2C_GRC setzen Sie die Anforderungen des IDW PS 340 n.F. fachgerecht um. Die Richtlinien zur Prüfung von Risikofrüherkennungssystemen wurden durch das Institut der Wirtschaftsprüfer in Deutschland e.V. (IDW) im Prüfungsstandard IDW PS 340 n.F. überarbeitet. Der herausgegebene Prüfungsstandard 340 beinhaltet die Prüfung des Risikofrüherkennungssystems nach § 317 Abs. 4 HGB, das im Risikomanagement sowohl zur Neuidentifikation als auch zur kontinuierlichen Überwachung von Risiken dient.

Die wichtigsten Neuregelungen im Kurzüberblick:

  • erweiterte konzernweite Identifikation bestandsgefährdender Entwicklungen auf Basis eines ganzheitlichen Gesamtrisikoinventars
  • rechtzeitiges Erkennen von Risiken in einem oder mehreren handlungsorientierten Zeithorizonten
  • Bestimmung und fortlaufende Analyse der Risikotragfähigkeit
  • Aggregation von Risiken zur Beurteilung der Bestandsgefährdung
  • Berücksichtigung von Maßnahmen zur Risikosteuerung bei der Bewertung von „Nettorisiken“
  • Einführung des Grundelements der Risikosteuerung in das Risikofrüherkennungssystem
  • Konkretisierung der Systemdokumentation zu den Maßnahmen nach § 91 Abs. 2 AktG

Der neue Prüfungsstandard betrifft derzeit börsennotierte Aktiengesellschaften (§ 91 Abs. 2 AktG).

Unsere GRC Softwarelösung unterstützt Sie bei der Umsetzung der Anforderungen des IDW PS 340 n.F.

Cloud GRC

By default, the following version availabilities apply:

  • 1 x daily full insurance (incl.) | Storage time 14 days
  • 1 x weekly full insurance (incl.) | Storage time 4 weeks
  • 1 x monthly full insurance (incl.) | Storage time 3 months
  • 1 x annual full insurance (commissioning) | Storage time 10 years
  • Full backup & retention time according to your wishes (commissioning)

The data is backed up to disk, in some cases bookable also secured by tape. The data is stored in secure areas (separate fire compartments) of the data center.

An extensive role concept at the administrative level regulates the rights of accessing persons. This not only applies to you as a customer, but also to Schleupen employees themselves.

As a Schleupen customer, you will be informed about an update at an early stage and an individual appointment will be arranged with you.

No, all licenses required for operation within the GRC cloud are part of the offer. All you need is a web browser.

We recommend for best performance: Google Chrome.

The move to the GRC cloud is usually like a regular update. After the application has been deployed to our servers, the data is imported into the application and any connections to the Exchange Server or ADFS are made.

The answer to the difference depends on the current performance of the in-house solution. However, resource planning for the GRC cloud aims to achieve consistently high performance. Therefore, it can be assumed that the performance is significantly dependent on the constitution (bandwidth, latency, art) of the existing Internet access.