What makes risk2value different? One of the main objectives of the software platform is to unify individual GRC processes in a single management system to drive value in light of risks and, thereby, avoid and eliminate the information silos that create unnecessary work, costs and complexity. risk2value, however, is not just a documentation or compliance checking tool. It is an active management system that supports iterative development and improvement cycles to enable operational excellence and lasting goal achievement in times of uncertainty.
risk2value fosters collaboration by building the communication between the first, second and third lines of operation and management.
It offers rich self-service capabilities for modelling the system and reporting to empower business users to create reports and adapt the system without special IT skills. This minimizes the dependence on avedos and internal IT.
risk2value offers both on-prem and cloud deployment options. Our cloud partner T-Systems operates the data center in central Europe.
Reporting, as the last mile of GRC, is an integral component of our solution. Aside from personal conversations, reporting is the media for communicating messages to the respective stakeholders. Our reporting capabilities utilize the integrated Microsoft BI stack.
Harmonization of GRC processes
Active management system
On premise and cloud
Last mile of GRC
As an integrated risk management software platform, risk2value fulfills all GRC requirements, processes and use cases in a complete, flexible enterprise management system. Thanks to the software’s flexible configurations, companies can build individual GRC solutions for their specific requirements. Aside from the classical domains of GRC, such as risk, control, audit, security and compliance, risk2value enables an integrated view of strategy implementation, quality assurance, sustainability and other management systems. Companies can also integrate their own reference models aside from the official standards to provide an important foundation for management decisions.
- Gain a clear overview of the entire GRC process
- Conduct local risk and compliance analyses
- Map existing GRC processes quickly
- Automate repetitive processes for up to 50% time savings
- Create audit-proof mappings of reoccurring processes
- Extend the solution flexibly based on your growing needs
- Log all changes per user
- Conduct mid-term planning in light of qualitative and quantitative risk evaluations
- Receive audit and certification information with a click of a button
- Identify where you need to take action prior to external audits
- Display risks in the desired level of detail
risk2value is a flexible, scorecard-based GRC platform that provides a solid foundation to support decision-making in companies. Using the built-in methods of risk2value, you can implement enterprise risk and compliance assessments based on criteria lists and questionnaires. Using a scorecard approach, companies can easily implement their individual business requirements.
The scorecard forms the heart of risk2value and provides a logical, graphical explanation of the correlations among the various risk2value modules.
It consists of two main dimensions:
- The X axis shows the objects that have received an assessment. These objects are placed in a hierarchal structure (for example, the company’s organizational chart) to consolidate the information. This creates overview reports, for example, on individual company levels.
- The Y axis contains three modules (asset properties; risk management and assessments; control and compliance management) to define the questionnaire for an evaluation object. Some examples include a business impact analysis (BIA), risk catalog (e.g. risk categories of a company), control catalog (e.g. ISO 27001, COBIT), company-specific guidelines, technical measure catalogs and ICS controls.
risk2value also has a level “above” the scorecard where users can manage additional information, actions, tasks, etc. with the help of workflows and link them to the scorecard. Some examples include actions, audit findings, damage claims, exceptions, legal cases and control actions.
This additional level embeds measure tracking as an integral part of the GRC solution to establish an active management system and iterative improvement cycles throughout the organization.
At avedos, we view reporting as a central component for effective, efficient GRC solutions and strategies – and not just an extra feature. Aside from personal conversations, reporting is the central medium to convey and transport the right messages in a collaborative approach across the three lines of defense operations and up to the executive level.
risk2value offers comprehensive reporting functionality based on the Microsoft® BI Stack (Microsoft has been named as the leader in the Magic Quadrant for Business Intelligence and Analytics Platforms by Gartner). With risk2value.analytics, business users can easily create reports on their own in Excel and publish them to the Web with just a click.
avedos also supports the standards of perception-optimized reporting to ensure the efficiency and effectiveness of the “last mile” of GRC.
Benefits for your business:
- Comprehensive standard reports and briefing books
- Easy-to-build dashboards and analyses
- Fast learning curves using existing Excel or Microsoft® Office skills
- Lower rates of misinterpreted reports due to methodically correct report construction based on empirical insights
- Innovations in Microsoft® BI
- Sharing reports in the team through one-click Web publishing
This analytic module offers rich functionalities for risk2value clients. Armin Plank, Senior Security Manager at T-Systems, states:
“We are very satisfied with the reporting in risk2value.analytics. This module offers many possibilities to adapt the reporting templates to our employees’ needs and share them with users for further processing in Excel."
risk2value is based on the IT platform of Microsoft® and fully leverages the capabilities of Microsoft SQL Server® as well as the business intelligence and analytics platform of Microsoft®.
- Rich functionality from the leading database, BI and analytics platform (according to Gartner®)
- Easy integration into your company’s existing IT landscape
- No proprietary IT components
- Microsoft® .net Web application
- Open 3-tiered architecture
- LDAP integrated authentication
- On-prem and cloud deployments from our data center in Germany, Austria and Switzerland
- Connections to various target and source systems (e.g. relational databases, data warehouses, ERP, BPM, DMS solutions)
|Installation types:||Single-/Multi-Server Installation|
|Application Server risk2value:|
|Operating system:||Windows Server 2008 R2 (includes IIS 7.5)|
|Windows Server 2012 (includes IIS 8.0)|
|Windows Server 2012 R2 (includes IIS 8.5)|
|Required Software:||.NET Framework 3.5 with Service Pack 1|
|.NET Framework 4.5.1|
|SQL Server 2014 Feature Packs|
|SQL Server:||SQL Server 2012|
|SQL Server 2014|
|Note: Supported SQL Server Editions: Standard or Enterprise|
|Required Services:||SQL Server-Database Engine|
|Application Server risk2value.analytics:|
|Required Software:||.NET Framework 4.5.2|
|Visual C++2010 SP1 Redistributable (x86) or (x64)|
|Core XML Services (MSXML) 6.0 (x86) or (x64)|
|Microsoft SQL Server 2008 Shared Management Object|
|Client software:||Microsoft Internet Explorer 11|
|Microsoft Edge 25+|
|Mozilla Firefox 49+ (Windows)|
|Google Chrome 53+ (Windows)|
|Microsoft Excel 2007/2010/2013/2016|
In cooperation with T-Systems Austria, avedos offers risk2value.cloud, a GRC cloud solution as an infrastructure service. This solution runs in a virtual data center based on the vCloud from T-Systems to deliver maximum security and user flexibility.
Why choose risk2value.cloud?
This highly scalable platform grows with your changing needs. You maintain a clear overview of used capacities and services.
Through the self-service portal, you can adjust the computing power to ensure optimal resource utilization.
risk2value.cloud is based on vCloud from T-Systems. This highly secure data center, which complies with Austrian data protection laws, has received multiple certifications.
Benefits for your business
- Self-service portal to flexibly adjust computing power
- Overview of used capacities and services
- Optimal resource utilization
- Dynamic services for infrastructure as a private cloud in line with current laws (e.g. data protection)
- Tier 3+ certified data center for a highly secure network connection through MPLS / IP VPN
You can find more information about risk2value.cloud powered by T-Systems here.