Governance, risk & compliance software solution R2C_GRC

Governance, risk & compliance software solution R2C_GRC

Your GRC experts are there for you!

We would be happy to advise you on matters to do with governance, risk & compliance!

In a personal consultation, we can discuss which solution is the prefect match for you. You will also have the opportunity to take a look at our software solution in a free presentation.

Get in touch with us!

Request a free presentation now


Modern process support for the field of governance, risk & compliance

A modern risk management tool must be able to individually implement internal company requirements in addition to legal requirements. Our integrated software solution R2C_GRC for the field of Governance, Risk & Compliance, is a flexibly configurable standard solution for consistently mapping and controlling your entire grc process.

More than a risk management tool

Our software solution R2C_GRC covers the entire field of Governance, Risk & Compliance – an integrated standard solution that can be individually adapted to your company requirements.

This is what the R2C_GRC software solution offers you

R2C_GRC can be individually adapted to your needs. Depending on your requirements, the software solution can be expanded via the configuration and via the various modules to cover the entire field of Governance, Risk & Compliance.

  • Simple integration into the existing IT landscape
  • Multilingual user interface
  • Intuitive, modern and web-based operating concept
  • High scalability to adapt to different maturity levels of risk management
  • Standard solution with permanent improvement based on best practice approaches
  • Extensive risk assessment and analysis options
  • Integrated opportunity management
  • ICS and compliance functionalities optionally usable
  • Software made in Germany
  • High acceptance for risk management due to ease of use
  • Tamper-proof through journalisation function
  • Low implementation costs due to high standardisation
  • Mapping your own reporting through individual reports that can be created independently
  • Role-based authorisation concept (need-to-know principle)
  • Easy compliance with legal requirements and national/international standards such as ISO 31000, ONR 49000 ff. and IDW PS340 n.F.
  • Mapping process changes in the software can be implemented independently without additional costs
  • Possibility of connecting to external programs (e.g. MS Power BI)
[Translate to Englisch:] Schleupen GRC Cloud

Schleupen GRC-Cloud

We do not just offer our R2C_GRC and R2C_SECURITY applications on-premises, so you have them installed on your system, but also in the Cloud.

Our GRC cloud is:

  • always online
  • always available
  • fully scalable.

To use the full functionality of the R2C solutions, at a low cost.

Learn more

Write us

* Required fields

Frequently asked questions (FAQ)

Here you will find answers to questions that we are asked again and again. Do you have any further questions? Then just get in touch with us! We're here to help.


  • Yes, the requirements of the two standards can be mapped using the software.

Yes, in addition to depicting the risk management process, an internal control system can also be depicted. This can take place in a completely integrated process or in two different process organizations (1st RM and 2nd ICS). It is always possible to consider the topics separately but also in an integrated way

  • Yes, in addition to the risks, opportunities can also be considered and recorded, evaluated and reported. In particular, customers who simulate use the option of opportunity management, since within the scope of risk assessment, there may also be deviations in the risks in the positive range. Of course, the opportunities can also be viewed in isolation from the risks.

Yes, a Monte Carlo simulation is available in the application. Risks can be aggregated using a Monte Carlo simulation, your own simulation portfolios can be compiled, or the overall risk situation of the company or parts of it can be simulated. Both multi-year risk assessments and (unidirectional or bidirectional positive and negative) dependencies between risks are taken into account. The application can determine the risk measures Value @ Risk (VaR) and Conditional Value @ Risk (CVaR) for self-defined confidence levels.

In the application there are standard reports as well as individual reports. The standard reports represent common requirements for risk management or an internal control system (risk map, risk inventory, risk development, ISAE 3402 etc.). In addition to the standard reports, there is the option of storing your own reports. These can be completely customized in terms of content as well as design / layout.

The application has a comprehensive and flexible authorization concept. Roles and rights can also be assigned to the level of entities, staff positions and company areas. Various standard roles are available for the assignment, which can be supplemented by customized roles if required.

The application has very extensive evaluation options. This starts with a qualitative and / or quantitative evaluation and the respective mixed forms, via a multi-year evaluation, gross / net / target view, EBIT / cash impact, up to risk assessment using various distribution functions or in a multidimensional view (financial , Reputation, liability, environment, etc ...). The use of the available options is completely free and can be supplemented at any time in order to further optimize and expand your own risk assessment. Basically, all entry masks adapt to customer requirements

The resulting effects on the probability of occurrence and / or impact can be recorded in measures. These effects can be automatically offset against the risk assessment, e.g. to have the net valuation calculated from the recorded gross valuation. This measure allocation can be combined with all other functions and evaluation options.

  • Yes, there is the possibility of recording damage events / indications with the date of entry, damage amount, risk assignment and geographical location and evaluating them in an overview page or in reports.

As an alternative to processing your tasks in the application, employees who carry out measures or confirm the implementation of controls or their effectiveness can also report their execution using Microsoft Outlook. As a result, the employees can work in their familiar working environment and there is no training required for these employees.

We offer our application R2C_GRC not only on premises, i.e. installed in your system, but also in the cloud. Our GRC cloud is always online, always available and fully scalable. This way you can use the full functionality of the R2C solutions with little effort. Safety has top priority. This is also why all data is hosted in a German data center: ISO 27001 certified.

We take care of maintenance and support for you and guarantee you high data security and reliable system availability.