Integrated Risk Management System

Risk Management System

Our risk management system is an effective automation solution created to help companies automate GRC tasks and detect, evaluate, and reduce potential risks to their operations, projects, and assets. It offers a complete platform that enables businesses to actively manage and reduce any hazards that can have an adverse effect on their success.

Doorstep GRC

Developed by Industry Experts

Doorstep GRC is not just another risk management tool. It has been developed by professionals with decades of experience in risk management, bringing a wealth of industry knowledge and best practices into the platform’s design.

Simple and Intuitive Interface

Despite its powerful capabilities, Doorstep GRC is simple and easy to use, making it ideal for organizations that need an effective risk management solution without the burden of complexity.

Cost-Effective and Scalable

The pricing model is designed to be highly affordable, scaling based on the number of users. This makes it accessible for both small businesses with limited resources and large enterprises with complex needs.

  • Platform – The system is web-based and hosted on the cloud. Each client enjoys an individually hosted database under a dedicated domain that can be accessed by all teams across all geographies. Locally hosted versions of the system are also available as per client needs.
  • Risk Register – The risk register plays an important and critical role in the overall risk framework.  Risks can be categorized by risk categories as well as Basel risk types making it in line with international best practices. Risks can also be prioritized accordingly.
  • Risk Mitigations – The system allows for unlimited number of mitigation plans for each risk. Mitigation plans can invite actions with target dates from stakeholders as well as identification of control owners for each plan individually.
  • Risk Assessments – Risk assessments can be undertaken for each risk in the register on need basis. Risk assessments are based on impact/likelihood criteria that can be configured by each client individually.
  • Risk Indicators – Unlimited number of risk indicators can be setup for each risk. Indicators include frequency of collection and threshold values to monitor risk levels. Indicator data exceeding threshold values invite action and target dates for closure.
  • Operational Losses – The system is capable of capturing and managing operational losses under various categories including regulatory fines, operational failures, frauds and natural disasters etc. Losses can be attributed to various entities with action management and resolution timelines. The recoveries module helps to keep track of each loss and progress made by respective stakeholders.
  • Alerts Management – The system generates email alerts for all open items. Alerts can be programmed on daily, weekly, monthly and annually. Alerts are targeted to preset recipients and can be switched on and off by admin.
  • Action Management – All components by default come with action management including target dates to allow items to be actively followed-up for closure.
  • Audit Trail – All changes are captured and logged to ensure an end-to-end audit trail.

SPECIFICATIONS

An enterprise-grade platform designed to automate and centralize the management of operational risk processes including:

  • Incident Management
  • RCSAs (Risk and Control Self-Assessments)
  • Key Risk Indicators (KRIs)
  • Action Plan Tracking
  • Executive and Board-Level Reporting
  • The system aims to enhance risk visibility, ensure accountability, and support strategic decision-making through data-driven insights and visual dashboards.

Modules Overview

  • Incident Management
    • Incident capture via forms, APIs, or bulk upload
    • Categorization by risk type, severity, impact
    • Root cause analysis and loss data capture
    • Workflow for investigation, approvals, and closure
    • Linkage to controls, KRIs, or action plans
    • Audit trail and version control
  • RCSA (Risk and Control Self-Assessment)
    • Risk and control libraries (customizable)
    • Periodic or event-driven assessments
    • Likelihood and impact rating (qualitative/quantitative)
    • Inherent and residual risk scoring
    • Control effectiveness evaluation
    • Automated reminders and workflows
    • Action planning for gaps identified
  • Key Risk Indicators (KRIs)
    • KRI libraries by business unit or risk type
    • Threshold settings (green/amber/red)
    • Data integration from internal systems or manual input
    • Alerts on threshold breaches
    • Dashboard and trend graphs
    • Links to incidents or RCSA entries
  • Action Plans
    • Assignment to individuals with due dates
    • Categorization by source and risk type
    • Status tracking (open, in progress, completed, overdue)
    • Escalation workflows for delays
    • Notifications and reminders
    • Integrated evidence repository
  • Reporting and Dashboards
    • Role-Based Dashboards Tailored for:
      • Line Managers
      • Risk Officers
      • Senior Executives
      • Board of Directors
    • Visualizations include:
      • Heatmaps (Risk and Control)
      • Trend charts (Incidents, KRIs)
      • RAG status for KRIs and Action Plans
      • Open vs. closed issues
      • Residual risk vs. tolerance levels
      • Business unit comparisons
  • Export & Integration
    • PDF/Excel/PowerPoint exports for board packs
    • API for integration with BI tools (e.g., Power BI, Tableau)
    • Scheduled report delivery via email
  • Governance & User Access
    • Access Control
      • Role-based access management (RBAC)
      • Segregation of duties and data security
      • Multi-level approval workflows
    • Audit Trails
      • Full logging of user actions
      • Change history for risk assessments and actions
  • Automation & Alerts
    • Automated workflows for assessments, escalations, and reminders
    • Threshold breach alerts (KRIs, overdue actions)
    • Scheduled review cycles for RCSAs and KRIs
    • Email and in-system notifications
  • System Configuration
    • Risk taxonomy and templates configurable
    • Custom fields for business-specific requirements
    • Frequency and review cycles adjustable
    • Multi-language and multi-region support (if applicable)
  • Compliance & Standards Support
    • Aligns with standards/frameworks such as:
      • COSO ERM
      • ISO 31000
      • Basel II/III
      • Operational Risk Management (ORM) best practices
  • User Support & Training
    • In-system guided walkthroughs
    • Role-specific training manuals
    • FAQs and Help Center access
    • Admin user training for configuration