A risk and opportunity management process based on an open corporate culture represents an essential building block of value-oriented corporate management. In addition to fulfilling legal requirements, modern risk management software for companies must above all be able to individually implement internal company requirements. With the R2C_GRC software solution, all relevant employees of the company can be involved in the risk management process with precisely defined access rights. Thanks to its intuitive usability, the software optimally supports all process participants and provides them with the necessary information in a user-friendly format.
In this context, the software offers many great opportunities: It can be freely configured and thus optimally adapted to the size of the company as well as the organisational structure and the risk management process. Information is mapped in a structured manner analogously to the respective stage of the risk management process – from identification and assessment to analysis and reporting of risks for the company.
Our software solution covers various areas around Governance, Risk & Compliance. For example, it provides support through:
- A user-oriented, intuitive operating concept
- Integrated risk and process atlases
- Extensive monetary and non-monetary assessment procedures
- Predefined standard reports and the option of creating additional individual reports
In addition, the risk management software R2C_GRC is characterised by a high degree of scalability, which enables adaptation to the most diverse maturity levels of the company's internal risk management. In this way, the solution not only facilitates your regular risk reporting, but also supports you in the implementation of regulatory requirements such as COSO ERM, ISO 31000 and ONR 49000 ff as well as IDW PS 340 n.F. – a complete solution for Governance, Risk & Compliance!
As an elementary component of value-oriented corporate management, risk management is the process of making optimal use of opportunities while taking existing risks into account. All the key decision-makers and experts in a company are involved in an active risk management process. Motivating all persons concerned is the prerequisite for sustainable benefits from the risk management process.
Usually, the specific corporate and project risks are known "by feel" in the individual departments and are often also recorded in some form. However, when it comes to amalgamating the individual risks at the business management or group level and making appropriate decisions taking into account the risk situation, process support through an efficient IT solution provides the decisive advantage.
- Integrated risk atlas with example risks, possible measures and standard questions
- Risk catalogue function for top-down risk process
- Mapping business processes and linking risks inherent in the process
- Monitoring early warning and performance indicators
- Recording and evaluation of causes of risk
- Qualitative and quantitative assessment as well as mixed assessments
- Various distribution functions, e.g. triangular distribution, normal distribution, PERT distribution, scenario distribution, rectangular distribution, multinomial distribution
- Freely definable assessment target variables, e.g. EBIT, cash flow
- Consideration of assessment perspectives (gross, net and/or target)
- Any number of assessment periods, incl. calculation of cumulative risk
- Optional opportunity management
- Multilevel risk aggregation
- Use of any dimensions for non-monetary risk assessment, e.g. ESG (Environment, Social, Governance), reputation, environment, criminal liability, etc.
- Automatic calculation of the total impact from monetary and non-monetary assessment aspects
- Clear evaluation pages for results analysis
- Analysis and evaluation of the risk portfolio in relation to company organisation, process structure, general responsibilities or risk categorisation
- Scenario analysis (Best Case, Most Likely Case, Worst Case)
- Annual and target variable analyses
- Monte Carlo simulation for calculating the Value@Risk and Conditional Value@Risk with freely definable confidence levels
- Definition of any simulation portfolios, e.g. per risk category, business process, company, etc.
- Integrated action management for efficient action tracking incl. freely configurable e-mails to remind those responsible to process actions on time
- Evaluation of actions with regard to effectiveness, costs, scheduling, implementation status and responsibilities
- Automatic monitoring of deadlines
- Integration of Microsoft Outlook to perform tasks for staff without access to the application
- Process support for cyclical reporting through freely filterable standard reports and self-generated individual reports
- Reporting templates for adaptation to individual requirements at any time
- Comprehensive dashboards through the integration of Microsoft Power BI
- Clear cockpit functions
- Tamper-proof historisation and journalisation
- Comprehensive export/import functions
Software that covers the entire spectrum of risk management in a company has many advantages over the traditionally used risk management method via Microsoft Excel or on paper:
- Permission-controlled access to elements: it is possible to control in detail who is allowed to edit or read which elements
- Journalisation: you can track who made which change to the elements and when
- Historisation/archiving function: historical reports and comparisons of current and historical data can be generated at the touch of a button
- Online evaluations and ad-hoc reports: Analyses can be generated and data prepared at the touch of a button
- Direct data capture: all stakeholders can capture data directly; no need to consolidate individual risk reports (Excel sheets) that have to be sent to central risk management
- Easy extensibility of the risk management process within the framework of the standard functionalities without additional programming
- Central distribution and management of tasks (measures, controls)
- Increased engagement on the user side
Yes, the requirements of the two standards can be mapped using the software.
Yes, in addition to depicting the risk management process, an internal control system can also be depicted. This can take place in a completely integrated process or in two different process organizations (1st RM and 2nd ICS). It is always possible to consider the topics separately but also in an integrated way
Yes, in addition to the risks, opportunities can also be considered and recorded, evaluated and reported. In particular, customers who simulate use the option of opportunity management, since within the scope of risk assessment, there may also be deviations in the risks in the positive range. Of course, the opportunities can also be viewed in isolation from the risks.
Yes, a Monte Carlo simulation is available in the application. Risks can be aggregated using a Monte Carlo simulation, your own simulation portfolios can be compiled, or the overall risk situation of the company or parts of it can be simulated. Both multi-year risk assessments and (unidirectional or bidirectional positive and negative) dependencies between risks are taken into account. The application can determine the risk measures Value @ Risk (VaR) and Conditional Value @ Risk (CVaR) for self-defined confidence levels.
In the application there are standard reports as well as individual reports. The standard reports represent common requirements for risk management or an internal control system (risk map, risk inventory, risk development, ISAE 3402 etc.). In addition to the standard reports, there is the option of storing your own reports. These can be completely customized in terms of content as well as design / layout.
The application has very extensive evaluation options. This starts with a qualitative and / or quantitative evaluation and the respective mixed forms, via a multi-year evaluation, gross / net / target view, EBIT / cash impact, up to risk assessment using various distribution functions or in a multidimensional view (financial , Reputation, liability, environment, etc ...). The use of the available options is completely free and can be supplemented at any time in order to further optimize and expand your own risk assessment. Basically, all entry masks adapt to customer requirements
Yes, there is the possibility of recording damage events / indications with the date of entry, damage amount, risk assignment and geographical location and evaluating them in an overview page or in reports.
As an alternative to processing your tasks in the application, employees who carry out measures or confirm the implementation of controls or their effectiveness can also report their execution using Microsoft Outlook. As a result, the employees can work in their familiar working environment and there is no training required for these employees
We offer our application R2C_GRC not only on premises, i.e. installed in your system, but also in the cloud. Our GRC cloud is always online, always available and fully scalable. This way you can use the full functionality of the R2C solutions with little effort. Safety has top priority. This is also why all data is hosted in a German data center: ISO 27001 certified.
We take care of maintenance and support for you and guarantee you high data security and reliable system availability.
Implement the requirements of IDW PS 340 n.F. professionally with R2C_GRC
The guidelines for auditing risk early warning systems were revised by the Institut der Wirtschaftsprüfer in Deutschland e.V. (IDW) in auditing standard IDW PS 340 as amended. The issued auditing standard 340 includes the audit of the risk early warning system in accordance with Section 317 (4) HGB, which is used in risk management for both the identification of new risks and the continuous monitoring of risks.
A brief overview of the most important new regulations:
- Extended Group-wide identification of developments that could jeopardize the company as a going concern on the basis of a holistic overall risk inventory
- Timely identification of risks in one or more action-oriented time horizons
- Determination and ongoing analysis of risk-bearing capacity
- Aggregation of risks to assess the threat to the portfolio
- Consideration of risk management measures in the assessment of "net risks"
- Introduction of the basic element of risk management into the risk early warning system
- Specification of the system documentation for the measures in accordance with Section 91 (2) AktG
- The new auditing standard currently applies to listed stock corporations (Section 91 (2) AktG).
Our software solution R2C_GRC supports you in implementing the requirements of IDW PS 340 n.F.