Skip to main content

Increasing importance of governance, risk and compliance

Governance, Risk & Compliance (GRC) are topics that have come into focus in recent years, due to several external shocks as well as prominent examples of control failures. Especially for regulated industries (financial services, telecommunications, etc.), GRC is a focus topic due to high and ever-increasing regulatory requirements. GRC measures must not only be set up correctly and proportionately throughout the company from a strategic and organizational point of view, but must also be followed up in detail from an operational point of view. 

Intero Consulting has foundational experience in the organizational and process-related development of a balanced individual framework for Governance & Compliance with tool-supported automation. We support you in reviewing and optimizing existing regulations, processes and controls according to regulatory requirements. We also support you with our many years of experience in the implementation of compliance and risk management requirements with regard to vendor relationships/control. An important part of our know-how is also the preparation and support of internal and external audits, such as those conducted by BaFin, as well as the follow-up and closure of monitors. 

Understanding requirements and risks 

The most important part of building a GRC framework is understanding the internal and external environment and the current situation in which your organization finds itself. Based on this knowledge, we support you in deriving suitable action measures according to your risk profile. 

  • Provide an overview of the relevant external specifications
  • Derive concrete requirements for your company from regulatory requirements

  • Understanding the relationship between external requirements and their implementation through internal policies
  • Understand totality of these requirements for your organization

  • Recording the discrepancy between requirements and actual state
  • Preparation of recommendations for action based on the identified deficits


Understanding external requirements

Checking regulatory compliance level (e.g.B. VAIT) 

Mapping of external standards to internal guidelines (e. g.B. CoBit, NIST) 

Restore governance

We support you in designing and implementing an individual and flexible (IT) governance and compliance management framework. In doing so, we take into account the dynamics of the continuously changing regulatory ecosystem to ensure sustainable (IT) governance.

  • Analysis and plausibility check (vetting) of existing and changing internal regulations
  • Defining and writing area-specific rules and regulations (e.g. IAM)

  • Needs analysis, conceptual design, definition, alignment and implementation of processes based on the Governance/ IT Management Framework
  • Definition and implementation of highly automated controls and control mechanisms, taking into account feasibility, conservation of resources and proportionality

  • Definition and alignment of risk appetite according to proportionality principle and business profile
  • Pragmatic approach to policy implementation derived from a risk-based approach that combines parameters from business strategy, operational reality and risk management


Structure (IT) Management Framework 


Compliance Life-Cycle Framework

  • Automation & Tools
  • Simplification
  • Change Management & Awareness
  • Risk assessment / need for protection
  • Dashboards / Reportings

Requirements Check

In order to identify risks and gaps in the organizational structure and process organization in relation to requirements, regular auditing is of great importance. This presents a challenge for any organization. We provide you with efficient and results-oriented support in dealing with internal and external audits and solving moniten tailored to your needs.

  • Set up a framework for self-auditing the effectiveness and completeness of your control landscape and associated processes
  • Apply the established framework for self-auditing and deriving measures

  • Support for internal audits through optimal preparation and support during implementation
  • Efficient and individual solution of potential monites

  • Support and close collaboration in all phases of the external audit
  • Preparation of recommendations for action based on the audit results


Self-testing / Control Effectiveness Testing


Support for external review / audit

  • Preparation of the audit (organization, rules of conduct, communication, mock audit implementation)
  • Audit support / management
  • Monites solution

Jochen Friedrich