What makes risk2value different? One of the main objectives of the software platform is to interconnect GRC information in a single management system to drive value in light of risks and, thereby, avoid and eliminate the information silos that create unnecessary work, costs and complexity. risk2value, however, is not just a documentation or compliance checking tool. It is an active management system that supports iterative development and improvement cycles to enable operational excellence and lasting goal achievement in times of uncertainty.


risk2value fosters collaboration by building the communication between the first, second and third lines of operation and management.


It offers rich self-service capabilities for modelling the system and reporting to empower business users to create reports and adapt the system without special IT skills. This minimizes the dependence on avedos and internal IT.

risk2value offers both on-prem and cloud deployment options. Our cloud partner T-Systems operates the data center in central Europe.


Reporting, as the last mile of GRC, is an integral component of our solution. Aside from personal conversations, reporting is the media for communicating messages to the respective stakeholders. Our reporting capabilities utilize the integrated Microsoft BI stack.

  Linking of GRC information


  Active management system



  Self Service


  On premise and cloud


  Last mile of GRC

As an integrated risk management software platform, risk2value fulfills all GRC requirements, processes and use cases in a complete, flexible enterprise management system. Thanks to the software’s flexible configurations, companies can build individual GRC solutions for their specific requirements. Aside from the classical domains of GRC, such as risk, control, audit, security and compliance, risk2value enables an integrated view of strategy implementation, quality assurance, sustainability and other management systems. Companies can also integrate their own reference models aside from the official standards to provide an important foundation for management decisions.

integrated GRC


  • Gain a clear overview of the entire GRC process
  • Conduct local risk and compliance analyses 
  • Map existing GRC processes quickly
  • Automate repetitive processes for up to 50% time savings
  • Create audit-proof mappings of reoccurring processes
  • Extend the solution flexibly based on your growing needs 
  • Log all changes per user
  • Conduct mid-term planning in light of qualitative and quantitative risk evaluations 
  • Receive audit and certification information with a click of a button  
  • Identify where you need to take action prior to external audits 
  • Display risks in the desired level of detail


risk2value is a flexible, scorecard-based GRC platform that provides a solid foundation to support decision-making in companies. Using the built-in methods of risk2value, you can implement enterprise risk and compliance assessments based on criteria lists and questionnaires. Using a scorecard approach, companies can easily implement their individual business requirements.

risk2value Scorecard

The scorecard forms the heart of risk2value and provides a logical, graphical explanation of the correlations among the various risk2value modules.  

It consists of two main dimensions:  


  • The X axis shows the objects that have received an assessment. These objects are placed in a hierarchal structure (for example, the company’s organizational chart) to consolidate the information. This creates overview reports, for example, on individual company levels. 
  • The Y axis contains three modules (asset properties; risk management and assessments; control and compliance management) to define the questionnaire for an evaluation object. Some examples include a business impact analysis (BIA), risk catalog (e.g. risk categories of a company), control catalog (e.g. ISO 27001, COBIT), company-specific guidelines, technical measure catalogs and ICS controls.


risk2value also has a level “above” the scorecard where users can manage additional information, actions, tasks, etc. with the help of workflows and link them to the scorecard. Some examples include actions, audit findings, damage claims, exceptions, legal cases and control actions.

This additional level embeds measure tracking as an integral part of the GRC solution to establish an active management system and iterative improvement cycles throughout the organization.


At avedos, we view reporting as a central component for effective, efficient GRC solutions and strategies – and not just an extra feature. Aside from personal conversations, reporting is the central medium to convey and transport the right messages in a collaborative approach across the three lines of defense operations and up to the executive level.


risk2value offers comprehensive reporting functionality based on the Microsoft® BI Stack (Microsoft has been named as the leader in the Magic Quadrant for Business Intelligence and Analytics Platforms by Gartner). With, business users can easily create reports on their own in Excel and publish them to the Web with just a click.


avedos also supports the standards of perception-optimized reporting to ensure the efficiency and effectiveness of the “last mile” of GRC.


Benefits for your business:


  • Comprehensive standard reports and briefing books
  • Easy-to-build dashboards and analyses
  • Fast learning curves using existing Excel or Microsoft® Office skills
  • Lower rates of misinterpreted reports due to methodically correct report construction based on empirical insights
  • Innovations in Microsoft® BI
  • Sharing reports in the team through one-click Web publishing  




This analytic module offers rich functionalities for risk2value clients. Armin Plank, Senior Security Manager at T-Systems, states:


“We are very satisfied with the reporting in This module offers many possibilities to adapt the reporting templates to our employees’ needs and share them with users for further processing in Excel."


risk2value is based on the IT platform of Microsoft® and fully leverages the capabilities of Microsoft SQL Server® as well as the business intelligence and analytics platform of Microsoft®.


Your advantages:


  • Rich functionality from the leading database, BI and analytics platform (according to Gartner®)
  • Easy integration into your company’s existing IT landscape  
  • No proprietary IT components
  • Microsoft® .net Web application
  • Open 3-tiered architecture
  • LDAP integrated authentication
  • On-prem and cloud deployments from our data center in Germany, Austria and Switzerland
  • Connections to various target and source systems (e.g. relational databases, data warehouses, ERP, BPM, DMS solutions)



risk2value architecture

System requirements


Installation types:Single-/Multi-Server Installation
Application Server risk2value:
Operating system:Windows Server 2008 R2 (includes IIS 7.5)
Windows Server 2012 (includes IIS 8.0)
Windows Server 2012 R2 (includes IIS 8.5)
Windows Server 2016 (includes IIS 10)
Required Software:.NET Framework 3.5 with Service Pack 1
.NET Framework 4.5.1
SQL Server 2014 Feature Packs
SQL Server: SQL Server 2012
SQL Server 2014
SQL Server 2016 SP1
Note: Supported SQL Server Editions: Standard or Enterprise
Required Services:SQL Server-Database Engine
Application Server
Required Software:.NET Framework 4.5.2
Visual C++2010 SP1 Redistributable (x86) or (x64)
Core XML Services (MSXML) 6.0 (x86) or (x64)
Microsoft SQL Server 2008 Shared Management Object
Client software:Microsoft Internet Explorer 11
Microsoft Edge 25+
Mozilla Firefox 49+ (Windows)
Google Chrome 53+ (Windows)
Microsoft Excel 2007/2010/2013/2016
Note: If using risk2value.analitycs Excel Edition, version 8.1.41 or higher is required
Microsoft Gold Partner avedos

In cooperation with T-Systems Austria, avedos offers, a GRC cloud solution as an infrastructure service. This solution runs in a virtual data center based on the vCloud from T-Systems to deliver maximum security and user flexibility.




Why choose

This highly scalable platform grows with your changing needs. You maintain a clear overview of used capacities and services.

Through the self-service portal, you can adjust the computing power to ensure optimal resource utilization. is based on vCloud from T-Systems. This highly secure data center, which complies with Austrian data protection laws, has received multiple certifications. 


Benefits for your business

  • Self-service portal to flexibly adjust computing power 
  • Overview of used capacities and services
  • Optimal resource utilization
  • Dynamic services for infrastructure as a private cloud in line with current laws (e.g. data protection)
  • Tier 3+ certified data center for a highly secure network connection through MPLS / IP VPN 


Here you can find more information about powered by T-Systems.


Get in touch with our experts – personally or through our online contact form.
We look forward to hearing from you!

Romana Hanig




Romana Hanig
Sales & Account Manager

+43 1 3670876-136