In recent years, increased significance of GRC (Governance, Risk & Compliance) has been observed. This increased demand results from both external requirements, such as new legal regulations or certification requirements of customers, but also by internal guidelines for the increased use of control models by the owner or the company management. A current example of an EU-wide regulation is the General Data Protection Regulation, which comes into force in May 2018.

With its control4, gravity consulting offers a solution with which its GRC requirements can be comprehensively and integratively mapped.


control4 is your solution for efficient and integrative mapping of GRC requirements with direct SAP connection.

In a solution, classic models from the financial sector can be mapped as well as IT models (for example COBIT), models for the data protection regulation or sector-specific special topics.

Most tools focus on modeling and documenting goals, controls, and risks.

control4 covers this as well, but above all it makes the much more labor-intensive, ongoing implementation easier. Even though the initial effort in a GRC project can often be very high and is accompanied by corresponding expert experts, the implementation of the ongoing work is associated with an even greater use of resources (above all human resources). This is exactly where control4 comes in and supports you with a multitude of useful functions such as included task management, e-mail integration, merging of ICS and ERM in one application and much more.

GRC / control4


A real novelty is the high level of integration with a multitude of other applications, above all SAP.

For example, The negative UID check result of an SAP debtor is automatically documented in the ICS and the further processing by a financial employee is also triggered automatically. The results of this processing are in turn deposited in the SAP debtor master.

In the area of ​​basic data protection regulation, in the case of a request from an information provider concerning the data stored about it, these can be automatically collected from the respective feeder systems (ERP, CRM, individual applications, …) and transmitted to the information requester via email or displayed in the extranet. Especially if frequent inquiries are to be expected in your industry, massive efficiency gains can be achieved here.


Thematic Solutions

control4 can basically be used for all GRC requirements, but also offers topic-specific solutions, such as:



(“classic” ICS)

(ICS for COBiT)

(General Data Protection Regulation)

Let’s join our expertise to design the perfect solution for your individual business requirements!

Contact us