Governance, risk & compliance software solution R2C_GRC

Governance, risk & compliance software solution R2C_GRC

Modern process support for the field of governance, risk & compliance

A modern risk management tool must be in a position to implement internal company requirements along with legal provisions. Our new integrated software solution R2C_GRC for the field of governance, risk & compliance is a flexibly configurable standard solution for the consistent depiction and control of your entire risk management process.

More than a risk management tool

Our R2C_GRC software solution covers the complete field of governance, risk & compliance - an integrated standard solution, which can be adapted individually to your company requirements with three modules.

Your GRC experts are there for you!

We would be happy to advise you on matters to do with governance, risk & compliance!

In a personal consultation, we can discuss which solution is the prefect match for you. You will also have the opportunity to take a look at our software solution in a free webinar – get in touch with us!

Request a free webinar now

[Translate to Englisch:] Schleupen GRC Cloud

Schleupen GRC-Cloud

We do not just offer our R2C_GRC and R2C_SECURITY applications on-premises, so you have them installed on your system, but also in the Cloud.

Our GRC cloud is:

  • always online
  • always available
  • fully scalable.

To use the full functionality of the R2C solutions, at a low cost.

Learn more

Services provided by the R2C_GRC software solutions

Our software solution covers various areas to do with governance, risk & compliance. For instance, it will support you with:

  • Integrated risk and process maps
  • Extensive assessment procedures
  • Standard reports including the option to create additional individual reports
  • A modern, intuitive operating concept

The role-based authorisation concept (need-to-know principle) allows you to issue user roles at the client, company, and/or department level, thus controlling access to the application and use in detail.

In addition, a distinguishing feature of R2C_GRC is its high degree of scalability, which enables adjustment to different levels of maturity of the internal company risk management.

In this way, the solution will not only make your regular risk report creation easier, it will also support you in implementing regulatory provisions such as COSO ERM, ISO 31000 and ONR 49000 ff. – a complete solution for governance, risk & compliance!

This is what the R2C_GRC software solution offers you

R2C_GRC can be individually adapted to your requirements. The software solution can be extended according to your requirements via the configuration and via the various modules for the entire field of governance, risk & compliance.

  • Simple integration into the existing IT landscape
  • Multi-lingual user interface
  • Intuitive, modern and web-based user interface
  • High degree of scalability to adapt to different levels of maturity of the risk management
  • Standard solution with permanent ongoing development based on best practice approaches
  • Comprehensive risk assessment and analysis options
  • Integrated opportunity management
  • Optional use of ICS and compliance functionalities
  • Software made in Germany
  • High acceptance for risk management due to simple use
  • Revision security due to logging function
  • Low introductory effort due to high standardisation
  • Illustration of your own reporting through independently adaptable individual reports
  • Role-based authorisation concept (need-to-know principle)
  • Easy compliance with legal requirements and national/international standards such as ISO 31000
  • Process modifications in the softwareindependently and without extra cost

Advantages over conventional methods

Software that covers the entire risk management area of a company has many advantages over the traditional risk management method using Excel or on paper:

  • Authorization-controlled access to elements: it is possible to control in detail who can edit or read which elements
  • Journaling: it is understandable who made which changes to the elements and when
  • Historization / archiving function: historical reports and comparisons of current and historical data can be generated at the push of a button
  • Online evaluations and ad hoc reports: Analyzes can be generated at the push of a button and data can be processed
  • Direct data acquisition: everyone involved can directly record the data; there is no need to consolidate individual risk reports (Excel sheets) that have to be sent to central risk management
  • Easy expansion of the risk management process as part of the standard functionalities without additional programming
  • central distribution and control of tasks (measures, controls)
  • increased liability on the user side

Write us

* Required fields

We would be happy to help you with all questions and suggestions. Expertly and in person.

Frequently asked questions (FAQ)

Here you will find answers to questions that we are asked again and again. Do you have any further questions? Then just get in touch with us! We're here to help.


  • Yes, the requirements of the two standards can be mapped using the software.

Yes, in addition to depicting the risk management process, an internal control system can also be depicted. This can take place in a completely integrated process or in two different process organizations (1st RM and 2nd ICS). It is always possible to consider the topics separately but also in an integrated way

  • Yes, in addition to the risks, opportunities can also be considered and recorded, evaluated and reported. In particular, customers who simulate use the option of opportunity management, since within the scope of risk assessment, there may also be deviations in the risks in the positive range. Of course, the opportunities can also be viewed in isolation from the risks.

Yes, a Monte Carlo simulation is available in the application. Risks can be aggregated using a Monte Carlo simulation, your own simulation portfolios can be compiled, or the overall risk situation of the company or parts of it can be simulated. Both multi-year risk assessments and (unidirectional or bidirectional positive and negative) dependencies between risks are taken into account. The application can determine the risk measures Value @ Risk (VaR) and Conditional Value @ Risk (CVaR) for self-defined confidence levels.

In the application there are standard reports as well as individual reports. The standard reports represent common requirements for risk management or an internal control system (risk map, risk inventory, risk development, ISAE 3402 etc.). In addition to the standard reports, there is the option of storing your own reports. These can be completely customized in terms of content as well as design / layout.

The application has a comprehensive and flexible authorization concept. Roles and rights can also be assigned to the level of entities, staff positions and company areas. Various standard roles are available for the assignment, which can be supplemented by customized roles if required.

The application has very extensive evaluation options. This starts with a qualitative and / or quantitative evaluation and the respective mixed forms, via a multi-year evaluation, gross / net / target view, EBIT / cash impact, up to risk assessment using various distribution functions or in a multidimensional view (financial , Reputation, liability, environment, etc ...). The use of the available options is completely free and can be supplemented at any time in order to further optimize and expand your own risk assessment. Basically, all entry masks adapt to customer requirements

The resulting effects on the probability of occurrence and / or impact can be recorded in measures. These effects can be automatically offset against the risk assessment, e.g. to have the net valuation calculated from the recorded gross valuation. This measure allocation can be combined with all other functions and evaluation options.

  • Yes, there is the possibility of recording damage events / indications with the date of entry, damage amount, risk assignment and geographical location and evaluating them in an overview page or in reports.

As an alternative to processing your tasks in the application, employees who carry out measures or confirm the implementation of controls or their effectiveness can also report their execution using Microsoft Outlook. As a result, the employees can work in their familiar working environment and there is no training required for these employees.

We offer our application R2C_GRC not only on premises, i.e. installed in your system, but also in the cloud. Our GRC cloud is always online, always available and fully scalable. This way you can use the full functionality of the R2C solutions with little effort. Safety has top priority. This is also why all data is hosted in a German data center: ISO 27001 certified.

We take care of maintenance and support for you and guarantee you high data security and reliable system availability.