RISMA Systems was founded in 2014 by Lars Nybro Munksgaard, who initially developed a system that helped accountants and lawyers with the repetitive tasks of Risk Management. Although RISMA Systems started as a Risk Management solutions provider, now it is dedicated to become a complete one-stop GRC platform. RISMA Systems develops groundbreaking solutions ensuring optimal resource use in organizations. Through its user-friendly online tools, RISMA helps to ensure that all levels of an organization always have access to updated and relevant information.
RISMA software has two guiding stars, and the organization aims to become a full GRC-platform so that the customers can rely on just one solution for all the GRC-related tasks. “The organization is heavily focused on usability and user-friendliness to make the platform accessible for all, not just the experts but also for every employee involved in processes around governance, risk, and compliance. The organization has a flexible solution, where it is easy to add new compliance areas as they emerge,” states Lars Nybro Munksgaard, Founder and CEO of RISMA. Just like the case when GDPR & CCPA was in the brewing. RISMA added the new regulatory framework to the solution, and then activate widgets to support, i.e., mapping out business processes, collecting information from the business, GAP-analysis, risk assessment, initiatives, and controls.
RISMA Systems is a fast-growing software company that supplies compliance tools to organizations and authorities, and not a consultancy. So, when the legislation demands specific legal or regulatory insights, RISMA partners with leading industry experts. This was also the case with GDPR, where the knowledge partner is one of the largest law firms in the Nordics. They flipped the regulation into simple questions, so when ordinary users help the DPO with crucial information for the GAP-analysis, they update RISMA with the critical knowledge known to them about their area of the business. Then RISMA converts it into insights suitable for building a complete GDPR compliant framework, both initiating actions plan to close gaps, and an “off the shelf” controls catalog to stay compliant in the future.
RISMA recognizes the many GDPR-only solutions out there, but as the legal tech and regtech market mature, it believes in the suite approach for GRC. For RISMA, GDPR is just another compliance area, which needs intelligent software support. Combining the RISMA engine with a strong knowledge partner, the organization had a market-leading solution, and with continuous updates as GDPR evolves, RISMA makes sure to stay ahead.
RISMA Systems develops groundbreaking solutions ensuring optimal resource use in organizations.
When approaching businesses and organizations, RISMA see many challenges within governance, risk, and compliance. The biggest one is acknowledging the importance of having a professional approach to GRC or not understanding the consequences of slacking. It is simply not on the top management radar at the same level as growth, revenue, and profits even though GRC, in many cases, represent a license to operate and could pose either significant risks or competitive advantages depending on the approach.
GRC will only become increasingly important with the continued demands for data security/integrity, increasing legislation, and potential penalties.
The lack of top management involvement and support usually means that GRC is underfunded; governance and compliance teams operate as a small independent silo, and the GRC-professionals are perceived as someone bothering the real business. In most companies, the approach to GRC and GDPR is a manual, handheld process with little or no platform support. RISMA’s biggest competitors are still the word, excel, and share point combined with a lot of manual labor. It does work for some, but in the long run, an organization can end up with static information, undocumented processes, and little or no ability to report to top management or authorities, the long wasted hour being the most worrisome disadvantage.
The biggest benefit of using RISMA and a GRC platform is all the process and knowledge support provided by the platform. It covers all the needs in handling, controlling, and documenting the GRC across the entire business, and an organization can have all the functionality automatically out-of-the-box- policy and process library, information mapping tools, GAP-analysis, actions and controls, dashboards and reporting.
Once the clients have system support of their GRC, it can be seen that there is a speedy maturity curve within the organizations. Now the GRC-teams spend more time on actual value-adding GRC-matters rather than wasting it on copying information from emails to excel. Now top management and boards get better and frequent reporting, which eventually educates executives to know the importance of GRC, and suddenly they even know which questions to ask, which task to give, and which targets to set and expect. At that point, the GRC-platform becomes an enabler of supporting strategic business goals and eliminates a lot of risks itself, especially by much better utilization of the GRC-professionals.
The biggest benefit of using RISMA and a GRC platform is all the process and knowledge support provided by the platform.
In terms of technological advancements, RISMA System has 3 focus areas. Experimenting and applying artificial intelligence and machine learning when adding even more automation and predictive modeling to the GRC work. A second focus is continued flexibility, not only within RISMA and GRC but opening the solution with smooth integrations to other relevant systems, i.e., ERP, KYC-solutions, project management. Just like GRC should not be a silo for professionals, it should not be as a platform. So, RISMA should be a part of a business software ecosystem, and through integrations and APIs, the organization leverage the natural synergies to and from other systems with data, insights, triggers, alerts, tasks, etc.
A company can have the most advanced tech stack in their GRC-solution, but if it does not help the GRC-professionals to engage the workforce with key knowledge from HR, Sales, Marketing, etc., then it is of no use. So thirdly, RISMA is also spending a fair portion of the development of continuously having the most user engaging front end for both experts and novelty users.
In one instance, a global production company with different takes on compliance and governance was facing a challenge as they did not have a structured framework to support all their sustainability initiatives. Over the last years, they have become increasingly devoted to sustainability and are very committed to the UN sustainability goal as a UN Global Compact. So, RISMA has started a co-creation process, and it does make sense to look at sustainability from a compliance and governance perspective. RISMA is geared to help them structure all their initiatives, collect valuable information from all departments involved, and document that they follow the track, mentioned by the organization. So, now the CEO and top management can communicate confidently both internally and externally based on actual progress in processes, initiatives, and controls.
RISMA is a Nordic-based company with offices in Denmark, Norway, and Sweden, and the organization is planning for a European expansion, expecting people on the ground in key countries within the next 2-3 years. However, RISMA is a SaaS-company, and it serves globally from its current locations. RISMA also sees increasing interest from both North and South America, mainly due to the combination of being complete GRC and the user-centric approach, which also means a US-expansion perhaps, but it has not been decided if it will be direct or through partners.