contact us

  • 617932136

Innova GRC

The ultimate risk management and internal control tool

Innova GRC considers all phases of risk management: identification, analysis, assessment, control, monitoring and continuous improvement, enabling proactive risk management and facilitating prioritization of actions and decision-making.
Learn more Product Sheet
Innova GRC - Software de gestión integral de riesgos y control interno

Innova GRC al detalle


Comprehensive management of the risk lifecycle

Our software offers a structured approach to risk management, following all the phases corresponding to the management system: identification, analysis, assessment, control, monitoring and continuous improvement through tools that allow correct treatment and prioritization in action plans, e.g., real time recording, data export in standard MS Office and PDF as well as an integrated system for early warning and notification when deadlines expire.
Características: gestión integral de riesgos
Características: modelo de las tres líneas de defensa

Model built on 3 pillars

Innova GRC is structurally based on a 3-pillar model with flexible configuration and integrates seamlessly into the compliance system:
The first pillar includes all functions of the organization that are significant to day-to-day operations and at the same time may be responsible for assessing, controlling, and mitigating risks and implementing effective controls.

The second pillar includes functions such as internal control, risk management and compliance, which facilitate and oversee the implementation of effective internal control and risk management practices by operational management.

The final and third pillar is internal audit, which provides independent assurance of effectiveness, internal control, and risk management, including first and second line of defense operations in the risk management system.

Matrix system for risk assessment (P x I)

The application allows to create the risk matrix at any level, by company, area, process or risk type, identifying the main risks and visualizing their evolution after the application of controls. Through the risk matrix it is possible to carry out an objective, global or sectoral diagnosis of companies of different sizes and sectors and to evaluate the effectiveness of the management, calculating the average risk of each generated matrix.
Características: sistema matricial de asignación de nivel de riesgo
Características: sistema de notificaciones y alertas tempranas

Early warning and notification system

The early warning system makes it possible to act before an event occurs or a task is completed to avoid a rule violation and mitigate the impact. The application sends real-time email alerts to users informing them of assigned tasks and their due date, including a link with direct access to the task to consult. In this way, the risk managers do not have to constantly check the task and are perfectly informed by looking in their e-mail inbox.

Analysis and Reporting

Innova GRC includes powerful analysis and reporting tools that can be exported to standard MS Office (Excel, Word) and PDF. On-demand data export to Excel, generation of gross risk and residual risk matrices, editable risk management reports in MS-Word format and compliance indicators or KPIs are among some of the most interesting options to analyze and use the information offered by the application to allow users to make decisions and prioritize actions.
Características: análisis y generación de informes
Características: generación y repositorio de evidencias

Evidence Generator and Repository

Innova GRC's evidence management system allows the linking of all scanned documentation related to risks, controls and surveillance that are performed regularly, organized and permanently available to the users of the application.
Innova GRC includes an automated system for electronic signature of documents with a digital certificate and time stamp, which is used as proof of the business organization due diligence.

Main properties

  • Developed according to ISO31000, ISO19600 and ISO37301 standards
  • Management of risk catalogs and controls of any kind (operational, financial, strategic, legal, etc.)
  • Creation of inherent and residual risk maps
  • Management of preventive, corrective and non-conformance actions, and action plans
  • Control system monitoring
  • Monitoring of audit reports
  • Allocation and encryption of documents
  • Data encryption
  • Notification and alarm system
  • Electronic signature with digital time stamp