what is that?

The program represents a modern system for organizing enterprise risk management, including a set of methodological documents with regulations for risk management procedures, as well as corresponding software tools. The program is a GRC-class system necessary for transitioning to ESG standards. It complies with ISO 31000 27001 22301 and can be supplemented with the COSO 2017 module. Internal audit tools allow for quick and more detailed analysis of the effectiveness of risk management systems. Financial risk calculation mechanisms are built-in.


The system has an organized database of risk events with extensive analytical information. Events can be registered fully automatically based on other enterprise information systems. 

INTEGRATED Risk Management, Internal Control AND Internal Audit SYSTEM

The system links the main entities of the risk management system within the organization. It establishes a connection between the implemented measures, the organization's processes, internal control procedures, risk reports, and current internal regulatory acts.


The ability to create flexible analytical reporting (BI) in various dimensions. Dashboards for management.

Why choose TAB GRC?

GRC-class system

Auto registration of risk events and internal control incidents

Entered in the register of domestic software

Support of legislative requirements

ISO 31000 27001 22301

Information security requirements are adhered to, up to the level of "top secret".

Functional features

Risk assessment

Self-assessment questionnaires and self-assessment calculation

Self-assessment questionnaires and self-assessment calculation are provided for more accurate risk assessment in the product. This allows self-assessment to be carried out by types and subtypes of risks among departments or risk owners. The results of the assessment are accumulated through self-assessment calculation.

Risk assessment, risk matrix, risk register

Risk assessment is based on a qualitative approach by type of risk. Based on the results of the assessment, a register of significant risks and a risk matrix are formed.

The maximum amount of risks

Based on the registry generated during the risk assessment, the system has the opportunity to set limits on significant risks depending on the size of the company's own funds and risk appetite, as well as the number of risky events. In addition to the pre-configured calculation of the limit size, it also supports the establishment of control and alarm values for the size of risks through key indicators and performance indicators.

 Internal control procedures

The tool is designed to help you carry out regular procedures to monitor the activities of the company and employees.

Accounting for internal control procedures

The procedure card records the execution algorithm, the responsible person, the execution schedule and the execution criteria, and also assigns a template for automatically setting tasks according to a given schedule.

Report on the implementation of internal control procedures

You can track the execution of procedures through a report built into the system showing a list of tasks for procedures, due date, date and result of execution.


Accounting for events

The product provides for the management of risk response measures with the fixation of the program of implementation, the parties involved in the measures taken.

Creation of planned events

The functionality of creating an event plan from a template is provided, according to which events for the year are automatically created in the product.

Creating events based on a risky event

The product allows you to quickly create an event based on the risk message data.



The software module for accounting events (incidents) that need to be reflected in the Risk Management System and internal control rules, with the ability to independently configure the data recording format and data export (presentation) forms.

  • Preconfigured risk management methodology with the ability for independent adjustments.Maintaining a risk register
  • Automated incident registration based on data from external information systems.
  • Setting and monitoring tasks
  • Reporting on the number of incidents over a period and their statuses.

    A module that includes all necessary administrative functions for maintaining the system's operability.
  • Users
  • Roles
  • Types of links
  • Screens / On-screen definitions
  • Setting up Classifiers
  • Maintenance
  • Business structure
  • Data (batch loading of data, unloading of templates, reference books and classifiers)

Scope of implementation work:

  • Configuration of functional options. Demonstration of available program functionality and disabling unnecessary features. The demonstration includes both general system mechanisms and sets of reports.
  • Adding users and configuring their permissions. Adding up to 5 users to the system and configuring their permissions for risk management.
  • Filling in basic reference directories for risk management: organizations, company structure, types of documents, etc.
  • System configuration by a methodologist. Express analysis of the methodology used, identifying gaps. Configuration of basic methodological reference directories for indicator calculations.
  • Training on working with system interfaces. Detailed demonstration of interfaces. Training on configuring workflows.
  • Practical training course on risk management in an automated system: Differences between non-automated and automated risk management, Analysis of three real situations in an enterprise based on an automated system.


We are the developers of the GRC Risk Event Management. It serves as a Russian equivalent to products such as IBM OpenPages, SAP GRC, RSA Archer, LogicManager, Riskonnect, SAI360, MetricStream, Enablon, ServiceNow, StandardFusion, Fusion Framework GRC, Pathlock, Navex Global RiskRate, Nasdaq BWise, AuditBoard, LogicGate Risk Cloud, Onspring, ZenGRC, Apptega, and Resolver. Our GRC-class product can replace any foreign counterparts.


Address: 105318, Moscow, ext.ter., Sokolinaya Gora Municipal District, Velyaminovskaya str., building 9, floor/room 5/32

Quality Control Department

Technical support

CRM-форма появится здесь