Governance, Risk and Compliance (GRC)

Integrated GRC solution connects risk mitigation efforts across an enterprise

Origami Risk offers an integrated Governance, Risk, and Compliance system that empowers business leaders to make the right decisions in order to meet their organization’s objectives and position them for success. The highly configurable solution with support for various API integration options allows each client to tailor the system to best fit their unique environment.


Enterprise Risk Management (ERM)

Manage ERM processes, risks, controls, and KRIs/KPIs using your own risk scoring methodology. Assign risk assessments on a regular basis and monitor results. Draw from a library of standardized ERM dashboard reports or easily create your own.


  • Support for multiple ERM risk and control frameworks including COSO and ISO 31000

  • Lenses allow different groups to view the same underlying data in entirely different ways

  • Assessments can be done through an anonymous portal, eliminating administrative burden

  • Automatically trigger and monitor the progress of risk mitigation plans

  • Track operational risks and connect assessments to processes, controls, KRIs, and issues

Internal Control Management (ICM)

Link controls to risks, processes, regulations, or any other GRC entity. Conduct failure tests which can include the use of your own risk control test questions. Continuously monitor control testing progress and view results at any time.


  • Exclusive document-sharing portal allows control owners to communicate with process owners

  • Support for common risk control frameworks, including COBIT and COSO

  • Control tests can be triggered automatically and sent to internal or external users

Regulatory Compliance

Manage compliance with laws, regulations, and standards by monitoring specific requirements metrics. Configure compliance scoring results based on your organization’s specific needs. Implement quick turnaround actions to be “audit ready” at all times.


  • Regulation/framework-agnostic to work with any regulatory compliance structure (i.e. ISO 27001, NIST, AMLA, etc.)

  • Exclusive document sharing portal allows compliance team to communicate with regulation owners

  • Regulatory compliance tests can be triggered automatically and sent to internal and external users

Business Continuity Management (BCM)

Create an effective, scalable process for developing and testing business continuity plans. Manage Business Impact Analysis (BIA) assignments, monitor progress across the enterprise, and dynamically update the plan as new information is entered. Rank processes by criticality, impact, and time-to-recover. Conduct testing exercises on business continuity plans to assess readiness and execute crisis management plans upon triggering events.


  • One-click publishing as a PDF or Word document

  • Complete control over the format, design, and inclusion of components in the plan

  • Ensure that business continuity plans are developed based on the criticality/priority established in the BIA

  • Automated workflows to initiate plan updates with versioning control

Internal Audit

Manage various audit activities by monitoring progress and completion. Create action plans to mitigate risks generated from findings. Design your own audit report as needed.


  • Configurable workflows and notifications/alerts

  • Provide restricted access to external auditors to the limited materials they require

  • Risk rank auditable entities as inputs into the annual audit plan

Issue Management

Configure issues workflow to allow multiple levels of approvals. Assign tasks and monitor implementation before closing the issue. Associate issues with any other GRC entity to allow better cross-functional governance.


  • Access to confidential issues is restricted to authorized users

  • Dynamically create issues from risk assessments, controls/regulatory compliance tests, and KRI inputs via business rules


Single SaaS Platform

Manage various GRC Solutions in one place and easily associate GRC entities together

Product Performance

Fast performance in a highly configurable solution with robust analytical reporting

Superior Service

Support by the same team from implementation through ongoing service providing consistent, superior service

We're Here to Support You

Best in Class


Our client executives have the tools, client access and authority necessary to collaborate with you in the most productive and efficient way possible.


Gathering, reporting and analyzing data, as well as acting on data insights, has never been more timely and efficient.


Access the features you love with confidence that your system will be secure, reliable, fast and can adapt to your needs.

How Our Capabilities Compare

Origami Risk is the #1 rated stand alone risk management information system, as ranked by the industry leading Advisen RMIS Review—an annual survey of RMIS customers regarding their satisfaction levels with their providers.

Learn More

What Customers are Saying

“The reporting capabilities are superb and are capable of measuring and tracking such a variety of items that I’m now quantifying losses in new and creative ways that would not have been possible with our previous RMIS system. I've recommended Origami to anyone inquiring about RMIS systems.”

- Tom Johnson
Director, Risk Management ● Bowlmor AMF, Inc.

Read More Testimonials »