GRC Overview

In today’s digitalized world marked by fast-changing trends and frequent market fluctuations, the expectations on executives are higher than ever. Investors expect continual, profitable growth. Shareholders demand stronger transparency requirements in face of growing regulatory pressure and accountability. Successful executives also have high and challenging expectations on themselves and an inherent drive to make understandable, transparent decisions.

By establishing a comprehensive strategy for governance, risk and compliance (GRC), companies can master these challenges effectively and efficiently.

A tight integration of GRC processes is essential for achieving operational excellence and competitive advantages:

  • Corporate governance: Corporate governance defines the guidelines for enterprise risk and compliance management. The goal is to achieve uniform, binding methods and guidelines for all employees.
  • Risk management: Risk management helps implement these rules in real-world processes. It focuses on an iterative cycle of collecting, documenting and analyzing enterprise risks (entered reporting) and keeping risks under control.
  • Compliance: Compliance risks are integrated in compliance management, where various measures are allocated to them, for example, as an internal control system. This method ensures that all internal and external requirements are fulfilled.

This three-part approach allows companies to build an effective, compliant, complete, future-proof solution to manage risks and opportunities across the entire organization. GRC requires a strong collaboration among people, resources, processes and technologies to align and integrate governance, management, performance, risks and compliance. GRC, therefore, is a collection of capabilities to achieve set goals, deal with uncertainty, and act with integrity.

Our principles for implementing GOLDENHORN GRC

Our goal is to help establish sustainable GRC processes so companies can overcome their challenges and use their GRC strategy to generate tangible business benefits. GOLDENHORN GRC is an converged and integrated collection of capabilities to reliably achieve defined goals, deal with insecurity, and act with consilience and integrity. This is why we view GRC as more than just the sum of individual processes, such as risk management and an internal control system. As TAC, we believe that GRC is a path to develop sustainable corporate management, which provides the solid foundation of operating system to drive innovation and growth in companies. We want to guide, support and, perhaps, even challenge our clients along this journey to build the basis for generating measurable value from GRC processes. Our reference framework CONIG (Consilience in  Information Governance) is used while implementing and executing GRC processes.

Key Facts

The GOLDENHORN GRC Suite integrates various processes and applications to fulfill all GRC requirements in an integrated, converged, flexible, efficient enterprise management system. The individual GOLDENHORN GRC Modules can be customized to create tailor-made GRC solutions for large companies and international corporations. GOLDENHORN GRC goes beyond mere compliance with formal, external regulations. Companies can also integrate their own specific reference models along with the official standards to provide stakeholders with an important foundation for making decisions.

  • Create transparent GRC processes and identify individual measures to mitigate risks in a cost-effective manner.
  • Run local risk and compliance analyses on organization breakdown levels and aggregate them to an enterprise view.
  • Existing GRC process models quickly tailored from their neutral design with regards to methodology that customer needs.
  • Reduce the time and work needed for GRC processes by as much as 50% by automating recurring processes and using GOLDENHORN BPM functions.
  • Create an audit-proof design for self assessments, audits, questionnaires, annual reviews and other recurring processes by using GOLDENHORN VVM – Validation and Verification Manager.
  • Adapt or extend the system flexibly to your changing needs.
  • Record all changes that users make automatically by GOLDENHORN Basis Lookout Audit Logs.
  • Integrate risk management into enterprise planning using qualitative and quantitative evaluations of VVM Cases in risk plans and projects.
  • Access all information you need for audits and certifications at the click of a button.
  • Measure the compliance levels regarding different norms and policies throughout the organization to recognize where you need to take action before external audits take place.
  • Provide users on different management levels with individual risk views in the right granularity for their roles.


  • RCM – Compliance Management
  • IAM – Internal Audit Management
  • EAM – External Audit Management
  • ORM – Operational Risk Management
  • ICM – Internal Control Management
  • IRR – Internal Rules and Regulations Management
  • CIM – Continual Improvement Management
  • BRM – Business Resilience Management