Internal Control System (ICS),
Risk and Compliance Management

Your next generation GRC suite


For more than 15 years, our GRC suite has been successfully implemented by our clients. Continuous improvement, full focus on professionalism and comprehensive integration – these are the pillars of our GRC suite, leaving nothing to the imagination! Meet risks and controls sustainably and increase the efficiency, effectiveness and success of your company. From small businesses to large enterprises – build an advantage over your competitors!

Key facts:

15 years of experience
with integrated GRC systems

– BPM, EA, GRC –
Everything under one roof

Best practices

We support you in reaching your goals,
no matter what maturity level you are in

and together with you, we take the optimal path to accomplish your objectives



from "classic ICS" to workflow-supported GRC ...


... by using existing assets in our platform


... from data capturing to maintenance to analysis & reporting


... from ICS management to audit and revision


Everything under one roof – let information flow transparently between the BOC Group platforms

The GRC suite of the BOC Group

Embedded and integrated with your corporate asset repository.

"There is no other solution I can deeply integrate while ensuring
all content is fully reusable! The synergies are unbeatable."

Erik Guschlbauer,
BOC Group, Service and Innovation Management

GRC 2-Pager

Application scenarios at a glance

 Internal Control System (ICS)

  Asset & Organizational Scoping

 Risk Management

 Risk Assessment

 Compliance Management

 Control Testing

 IT Risk

 Control Implementation

 Procedure Management

 Audit Reporting

The capabilities of our GRC suite - Highly Modular & fitting your professional use cases

Capture risks

Document identified risks using risk catalogs and group them according to internal requirements. A tabular interface allows for easy, intuitive and fast capturing of data.

Organize risks

Take advantage of the opportunities to easily create and maintain risk hierarchies in your catalogues. Thus, redundancies and additional efforts are avoided and a basis for aggregation is created.

Integrate risks with BPM and EA

Link identified risks with your processes, IT assets or business units from the enterprise asset repository and profit from an integrated system on a uniform data basis.

Define role-based access

It is you who decides which information and actions are available to the users. The flexible authorization concept is based on the assignment of roles and allows an individual definition per risk.

Assess risks

Evaluate your risks according to both qualitative and quantitative dimensions that are configured according to your company's needs. Derive controls and initiatives resulting from your forecasts and trends.

Derive controls

Assign the controls from your catalogues (for example according to ISO 27000 or COBIT) to the risks and implementing assets (including processes, IT systems or documents).

Review controls

Review your controls regarding ToD (Test of Design) and ToE (Test of Effectiveness). The results show weaknesses and enable the definition of measures to adapt to the risk appetite of the company.

Carry out controls

Carry out your controls supported by the system and benefit from the centralized and uniform documentation of the results. Related documents (e.g. control documents) can be directly saved and archived.

Define measures

Use your resources effectively and prioritize actions that are directly related to risks and controls. Constant tracking allows to identify requirements for adaptation before any internal and external audits are carried out.

Ensure audit-readiness

Facilitate the audit process! The GRC suite automatically logs any changes to risks, controls and measures to ensure traceability. The resulting audit trail ensures transparency and reduces the effort required for further checks and revisions.

Comprehensive workflows

The integrated workflow engine can be flexibly configured according to your needs. By mapping the assessment procedures in automated workflows, the complexity is reduced and the focus is placed on content-related aspects.

Automate workflows

Request the effective evaluation of your risks and controls in an automated way! The GRC suite handles distribution, monitoring and documentation of tasks in a transparent and up-to-date flow of information.

Automated notifications

In order to increase transparency and traceability, your colleagues are informed and reminded of their tasks via e-mail. The structure and content of the messages can be defined in a company-specific manner.

Personalized dashboards: Tasks

Customized dashboards provide role-specific information to the users. The assigned tasks are presented clearly and intuitively. This clear representation of the UI reduces training efforts and increases significantly the acceptance in the company.

Personalized dashboards: Monitoring

Monitor and review the status of your risks, controls, and measures, as well as their integration in the enterprise asset repository, using intuitive reporting, evaluation, and collaboration capabilities.

Search & find

Browse through the entire Enterprise Asset Repository using keywords. Create, combine, and save multiple queries using options and filters. Use the possibility to directly edit the results.

Analyse & evaluate

Benefit from the numerous graphical analysis possibilities and identify key dependencies. GANTT charts, business impact analyses, matrix or portfolio views are seamlessly integrated and support a structured evaluation of your corporate assets.


Prepare information required for audits and certifications with the click of a button! The flexible reporting system allows the individual design of reports and analysis views as well as the further processing of data in common formats.

 Capture risks

Organize risks

Integrate risks with BPM and EA

 Define role-based access

Assess risks

Derive controls

 Review controls

Carry out controls

Define measures

 Ensure audit-readiness

Comprehensive Workflows

Automate workflows

 Automated notifications

 Personalized Dashboards: Tasks

 Personalized Dashboards: Monitoring

 Search & find

 Analyse & Evaluate


Check out what's new in our GRC suite details  


Getting Started with GRC/ICS

1 Business Insight Video


Integrated GRC and the Three Lines of Defence

1 Business Insight Video, 3 Lines of Defence,
1 Integrated Approach


Compliance Management

5 Tips and Key Success Factors,
1 Business Insight Video


Integrated Risk and Control Management

1 Business Insight Video

GRC Two-Pager

Integrated ICS and Risk Management.
Put GRC successfully into practice.


Business insights

Details and Insights
in our "Audit-ready" video.


Demo & Contact

Contact one of our experts and schedule
a guided, personal online demonstration.


Highly versatile


Comprehensive workflows

 100% web-based



100% intergratable in scenarios

Highly flexible authorization concepts

 AD integration / single-sign-on

 Versioning, Historicization, Audit trail

 Professional service and support

An excerpt of our supported standards




 ISAE 3402



 ISO 27000

 ISO 31000

 BSI IT-Grundschutz

 ISO 20000

 ISO 9001:2015


 DSG 2000


 ONR 49000

 ISO 19011

Customers who trust in us

More than 1,000 clients in over 50 countries worldwide – browse through selected customers of BOC Group

"ADONIS and the ADONIS Process Portal are a key success factor in the implementation of our ICS",

Harald Fürlinger,
ICS Manager, voestalpine Group-IT GmbH


 Demo & Contact

Contact one of our
experts and schedule
a guided, personal
online demonstration.


Events More Events

There are no elements



  • 29.07.2020

    BOC Group Named a Representative Vendor in the 2020 Gartner Market Guide for Enterprise Business Process Analysis

    For the third time, BOC Group is recognized in Gartner’s report for its ADONIS solution. More

  • 30.06.2020

    BOC Group Announces the Latest Release of Its GRC Suite – GRC 7.0

    Introducing GRC Insights, Improved Documentation for Initiatives, Search Queries Publishing, and More, to Redefine the GRC Experience for All Users More

  • 30.06.2020

    GRC 7.0 – Simply powerful.

    The latest release of GRC delivers features created with power users in mind, but designed to empower everyone. Connect your data in fewer clicks....More

Prev Prev


GRC Poster
GRC 2-Pager
ICS Whitepaper



Enrique Lobo Cruz

P +353-1-871 94 16
F +353-1-871 94 17