Site Creator


Datenmodell-Ausschnitt: Risiko


  • Implementation of the Operational Risk Management Model, integrated across all modules
  • Identification, analysis and assessment of inherent risks
  • Documentation of business processes and mapping to risks
  • Definition of internal controls and mapping to risks, estimation of residual risks
  • Mapping of actions to risks
  • Support for company segments

Datenmodell-Ausschnitt: Kontrolle


  • Control documentation as well as scheduling and routing of control tasks
  • Modular concept to define control assignments (who/what/when)
  • Multilingual control title, description and guidance
  • User friendly dashboard for performance of control tasks
  • Support for SmartControls (data records embedded into control performance, e.g. sample data)
  • Flexible and sophisticated reporting
  • Support for company segments

Datenmodell-Ausschnitt: Action


  • Configurable action types and flexible workflows, freely definable additional fields
  • Tracking of standalone actions and of report actions (e.g. from audit report)
  • Action Owner dashboard for implementation of actions
  • Full overview over implementation progress for coordinating action experts and line managers
  • Support for company segments

Further details available about our  integrated model,  cross-cutting functionality and other modules.


The GoCompliant Tool Suite is based on the Operational Risk Management Model, which places risks in the context of business processes and facilitates assessment, mitigation and taking of measures as well as continuous evaluation and reporting of these elements (more about the integrated model). 

The identification, documentation, analysis and assessment of risks is conducted in the so-called risk inventory. The estimation of inherent and residual risks takes place via a risk matrix (3x3, 4x4, etc.) along the dimensions of probability and impact. A risk kann be evaluated in this matrix either overall or per impact type (financial loss, reputation etc.).

Business processes and their sub-processes can be modeled in any depth and mapped to risks from the risk inventory.

Based on the risk analysis, mitigating controls are defined and residual risks are estimated. The risk exposure of the business processes is identified on the basis of the aggregated inherent and residual risks that are mapped to each process. Likewise, the number and details of the controls that are in place are shown per process.

Risk mitigation measures can be captured, tracked and mapped not only as controls, but as well in the form of actions.

The GoCompliant Tool Suite does not enforce a certain procedure, but rather allows an individual approach that corresponds to the respective company philosophy (Process First versus Risk First versus Control First). This offers a flat learning curve, rapid results and a gradual evolution into an integrated oprisk management.

Ultimately, an overall picture of risks, processes, controls, control tasks and actions emerges that can be continually observed and analyzed.

Big companies or corporate groups profit from the possibility to represent their organisation structure as segments and model risks, controls and actions within these segments. While each segment has the possibility to do individual adjustments, concepts across all segments can still be enforced (e.g. key controls or level 1 and 2 of the primary risk tree). This way consistency and comparability can be achieved without overlooking segment-specific particularities.


Control documentation, definition of control assignments as well as automatic scheduling and routing of control tasks are core functionalities of the GoCompliant Tool Suite. Thanks to a modular concept that separates the control definition (what) from the scheduling (when) and the routing to employees and/or organization units (who), the control assignments become transparent and maintainable.

The ICS module adapts to your company philosophy by offering configurable additional fields, e.g. for standardized control models and audit standards (COSO, COBIT, SOX etc). Controls can be mapped to a risk or directly to a process and be evaluated in this context.

Not only is the application itself available with four different language packs (EN, DE, FR, IT), but as well control title, description and guidance can be maintained multilingually.

Control performances are seamlessly integrated into the enduser's daily work via the dashboard and via sophisticated emails and thus increase acceptance and awareness: the goal is not to impose a nuisance, but to support the user and bring meaning to the control performances.

To render the control performances even more meaningful and at the same time facilitate the work of the control performer, we offer so-called SmartControls: Data records that form the basis for the control rating (e.g. sample data) are directly embedded into the screen during the control performance. This allows for a direct and reportable reference to the data to be controlled and increases the traceability.


Manifold governance and documentation needs can be met thanks to configurable action types, flexible workflows and freely definable additional fields.

Actions can be created and tracked in two forms: as so-called standalone actions (e.g. a single compliance issue or a measure proposed by an enduser that discovered a weakness during a control performance), or in the context of an audit finding report. Both types of actions run through a configurable workflow that involves endusers and action experts for capture, validation, activation, implementation and final review.

Just as for the control performance, the endusers are involved for the action implementation via dashboard and emails. As so-called action owners they receive an overview about their pending actions and are supported during implementation. Responsibilities and access rights for the action owners can be assigned in a fine-grained way. At the same time, coordinating action experts (e.g. COO, CFO, compliance) and line managers have full overview over the implementation progress up until the highest levels. 

Actions are completely embedded into the oprisk management model: References to risks, processes, control performances as well as to other actions and audit reports are supported and reportable.


Integriertes Datenmodell

Our strength lies in the data model that was designed from scratch to be the base of the entire tool suite. The individual modules reference this model and thus integrate seamlessly with each other. This increases the maintainability, visualizes connections and avoids redundancy. Simple and high-performance reporting is another advantage of the integrated model.


We offer various cross-cutting functionalities whose value has proven itself over years in day-to-day business, und which have been continuously enhanced thanks to feedback from our customers.

  • Adjustable texts: All field names, menus, labels, mailtexts etc. of all language packs can be adjusted directly in the software, and so can be adapted exactly to the terminoloy that your company uses.
  • Configurable dropdowns and additional fields: Most dropdown contents can be filled according to your ideas, with values that make sense for you company. Central elements (controls, actions, reports) can be enriched with exactly the additional fields that your company needs.
  • Sophisticated authorization system: Our roles & rights concept is extremely powerful and at the same time easy to understand. Granting of fine-grained access rights down to single elements (need-to-know principle), specific rights for certain contexts, and central roles with enterprise-wide scopes are possible. Rights can be granted for specific organisation units, company segments, countries and regions, and crossborder concerns are met as well. Therewith we are able to satisfy needs of small and medium enterprises up multinational companies.
  • Deputations and delegations: Deputaties can be specified per employee and separately for control and action functionality, for a limited time and/or with limited rights. Alternatively, single control performances can be delegated ad hoc without the need of creating a deputation.
  • Management of documents and references: In all relevant screens we support the uploading, storing and displaying of accompanying documents. Furthermore we offer a central database to maintain links (e.g. as a registry for intranet applications or company policies).


In addition to the above described core modules we offer and develop additional modules that may interest you depending on your industry sector or ICS focus.

  • FATCA module: The FATCA module is directly embedded into the ICS and facilitates the setup of supervisory and certification controls as well as operational controls related to FATCA. Both existing controls can be enriched with FATCA / QI / AEI data as well dedicated FATCA controls can be set up. Legal entities are maintained centrally in a repository, can be mapped to control performances and become thus reportable, e.g. via the so-called FATCA dashboard. 
    If interested, write us and ask for our FATCA information material.
  • Accounting module for financial controls: Module under development, expected until end of 2016.
  • RCSA (Risk Control Self-Assessment): Module under development, expected until end of 2016.
  • OpLoss modul: Module under development, expected until end of 2016.