We implement any GRC technology. . .

to become fully in control; risk management & control treatment on operations, third parties, IT, ESG, and EHS.

. . . provide real GRC specialist advisors

to assess, improve and embed best practices risk management & control treatment to always be in control.

. . . and offer you managed GRC services

from our global service centers to work seamlessly with you realising cost effective best class operating effectiveness.

Value propositions GRC

Internal control, CRO, and also CEO, CFO, CAE, CCO

Your questions & needs

  • Your GRC costs are too high.
  • You need to increase awareness and ownership of control.
  • How do you increase value to your boards?
  • Where do you find GRC expert staff or an ad-interim CCO.
  • You need an assessment on the effectiveness of your GRC.
  • Improvement in risk & control is needed.
  • The control environment is complex.
  • You need a vision and an action plan to align all governance bodies.
  • How to improve the job-satisfaction of your staff and increase retention?
  • How to work together with other control functions?
  • How to automate your controls testing?.
  • Your IT reveals control issues (eg SAP/Oracle security, IT-controls, IAM, or authorisations.
  • How to drive a GRC (technology) program, including benefit tracking, project management, quality assurance, and training.

Technology, specialist consulting & managed services

Our propositions

Strategy, governance and structure
  • Strategic consulting (workshops or coaching) to define ‘what’ you want/need to realise to be effective (vision, added value, planning, maturity plateaus), resulting in a concrete GRC and or risk program (‘how’).
  • Consulting to define effective integrated governance (lines of defense, stakeholders, communication).
  • Co-source or fully outsource your GRC and risk function; including software (GRC as a service).
Policies & processes
  • Hands-on consulting to build your methodology, risk universe, assessments, controls treatment & testing, policies and procedures based on your vision, charter, strategy, and plan.
  • High quality specialist on expert risk & controls topics (eg, vendor, security, IT, export controls, ESG, SOx, and so on).
  • Repetitive GRC and risk work (eg, operating effectiveness testing, risk monitoring, reporting) as managed service. Provide flexible Dutch and English speaking compliance staff at your location, out of our service centres, or hybrid.
  • Training and or control awareness, soft controls, and integrity controls.
  • Ad-interim GRC/risk Directors and specialists.
  • Select, implement and optimise GRC and risk technology to improve control and lower costs.
  • Improve risk & control awareness and performance via visual-oriented risk management software.
  • Software implementation (often with content and frameworks included); agile, in-time, and at a fixed price.
  • Integrate GRC technology via API-platform.

Our GRC solutions

GRC, Risk & ESG technology

  • Best practice GRC and risk software to manage all your GRC and risk processes from risks assessment, controls treatment, issue tracking to reporting.
  • Fixed price GRC and risk software implementation (to build trust).
  • GRC usage optimisation.
  • Integration with other control applications and functions via API’s. Read more…

High value GRC, Risk & ESG consulting

  • GRC and risk specialists to assess, improve,  and embed GRC functions.
  • Strategic consulting (vision, business case, project plan, maturity modelling).
  • Operational (hands-on) support to build governance structures, processes, and training.
  • Risk visualisation to improve awareness & ownership.
  • Tone-at-the-top, culture, integrity, leadership, and soft controls).
  • built in continuous process improvement as a capability. Read more…

GRC, Risk & ESG managed service

  • Insourcing of GRC-technology to provide it as a service (technology agnostic).
  • All GRC areas (eg, finance, technology, security, third party, ORM, fraud, EHS, and ESG risks.
  • Remote managed services, with global specialists and local representation.
  • Operational GRC from Suriname (risk assessments, controls testing, reporting and communication to stakeholders).
  • Technical GRC from South Africa (SAP controls treatment, security, and authorisations). Read more…

Flexible pool of GRC specialists

  • A pool of GRC and risk experts from all around the world, including our service centres to support our clients in their operations (all lines of defense) or change projects.
  • Focus to provide resource availability plus flexibility.
  • All our specialists are trained in our software solutions (including process mining).
  • Both repetitive work as high value GRC and risk consulting. Read more…

Integrated governance towards trust

  • One shared and transparent GRC dashboard over all control functions.
  • Real-time insight for continuous assurance (to all stakeholders).
  • One shared GRC solution with business partners to real-time collaborate, or between regulator and regulated (voluntarily oversight). 
  • All trust requirements (controls automation, real-time compliance & risk insights), and automated remediation. Read more…

Your value

Happy staff

  • We focus on your repetitive work,
  • Provide staff availability and flexibility (up- and downgrading).
  • Resulting in increased job satisfaction for your staff.
  • High staff retention.
  • Focused knowledge transfer.

Increase effectiveness

  • Technology forces effective and efficient process execution.
  • Experience experts for strategic and operational (hands-on) advise.
  • Effectiveness, efficiency and quality improvement is included in our managed services.

Reliability & trust

  • We meet your objectives and requirements.
  • Our repository of automated controls and application security provides reliability.
  • Reliability and continuous insight for all stakeholders creates transparency and trust.

Cost efficient savings

  • Efficient process execution with technology and trained staff.
  • One-time-right quality consulting (less hours, higher value) at competitive prices.
  • Managed services reduce 30% costs (compared to European standards).

High Quality

  • With our technology resulting in high quality process execution.
  • Best in class consulting including content (frameworks).
  • Embedding new way-of-working (make it stick).
  • High quality managed services seamlessly integrated in your process.

Added value

  • We make you best-in-class for you to add value.
  • Full project support.
  • Building your capabilities to continuously improvement.
  • Quality assurance over the transition is included in our managed services.

Client experiences GRC

reaching new heights with your GRC and risk management; continuous insight in your risks, controls, and status of your issues in one integrated dashboard

technology to enforce controls treatment to mitigate all your risks

high quality risk and controls consulting, supporting you through your entire journey; both strategical as hands-on operational

pool of GRC experts to support you when and where you want

vision about and capabilities to realise integrated governance towards trust

GRC and risk technology



Risk visualisation

Together with our technology vendors, we help our clients to select, implement, enhance & protect their GRC and risk technology solutions.

We support in:

  • Building the GRC and risk technology vision and plan.
  • Align with other governance bodies and implement software solutions.
  • Select the right technology from requirement analysis, RFI, RFP to contracting.
  • Providing demo’s and realising sandboxes to give you an understanding of the functionalities.
  • Set-up and (fully) execute the technology plan.
  • Do the market inquiry and provide reference clients (visits).
  • Technical realisation of the software (on-premise of together with the vendor in the cloud).
  • Customise the GRC and risk software.
  • Implement your way-of-working, organisation structure, policies, processes, risks, controls and report in the software.
  • Provide and implement content and frameworks.
  • Train you staff in the usage of the software.
  • Implement capabilities for you to continuously improve.
  • Integrating technology solutions (API connectivity).
  • Securing your software and data.




RegTech software applications are plotted in the picture to the right (with an indication in percentages of different type of software)



Top GRC and risk partners


Risk & compliance

CERRIX is the best value for money full GRC suite from The Netherlands. Strong at financial institutes because of embedded form functionalities to realise KYC/CDD compliance. Best in class to design business process, linked risk & controls, and action tracking. ISQM functionalities are built in to support external auditors to implement their quality system and thus become compliant.

Transaction monitoring

Pathlock’s access orchestration solution supports Zero Trust application compliance with a cloud based loss prevention control platform. Pathlock manages all aspects of access governance in a single platform, including user provisioning and temporary elevation, ongoing User Access Reviews, internal control testing, continuous transaction monitoring, and audit preparation

SAP GRC solution

Soterion has built a business-centric agile GRC solution on top of SAP that enhances accountability of SAP related risk & compliance. The solution has extensive functionalities to analyse user rights, improve compliance and stay compliant. Soterion is quick to install, easy to learn, S/4HANA ready and boasts an award-winning user experience; both on premise, in the cloud or as a managed service.

Audit & controls

World’s leading (internall) audit and assurance expert solution with over 25 years dedication to auditors. Is used by banks for 2’nd line compliance monitoring departments with a similar methodology as internal audit. TeamMate has more than 3,000 customers in over 150 countries. Among their customers are 30% of Fortune 1000, 40% of Fortune 100, the top 5 Global Audit Firms, and more than 1,000 Public Sector Agencies.

GRC solution

WolterKluwers’ Enablon provides the Mercedes amongst GRC-solutions. Besides the full GRC-suite, the solutions manages safety and environmental performance (ESG and HSE). Enablon’s solutions are used in more than 160 countries by the world’s leading companies. Enterprises have chosen Enablon solutions to enhance the management and reporting of nonfinancial performance.

Risk Management

RiskChallenger’s innovative risk management solution assists you in identifying, analyzing, and controlling risks efficiently and interactively. Increase team engagement and productivity during risk rating process and make risk awareness sessions even more dynamic with QR code participation. Gain a clear overview of all risks and measures using a visual dashboard, analyze and prioritize risks effortlessly with an intuitive tool, and stay informed about progress and risk status through real-time updates and reports. 

High value GRC & risk consulting


  • Your capabilities to prevent, detect, and respond.
  • Compliance function maturity scans.
  • Your process to independently do internal investigations.
  • Compliance risk assessment methodology.
  • Compliance technology assessments (regtech, GRC software, and tooling related to sanctions & embargoes, TPDD, GEH, S&D).
  • Strategic compliance capabilities assessments, including management of the function, ‘tone-at-the-top’, commitment, capabilities, vision, strategy, continuous improvement.
  • Effectiveness of governance (positioning, alignment with other lines-of-defense, and reporting lines).
  • Operational compliance capability assessments, including policies, risk and control treatment, methodology, plans, handbook, dashboards, and reporting obligations.
  • IT compliance, including ERM (SAP) authorisations and security.
  • Content and frameworks reviews.
  • (Financial sector) compliance monitoring (2.5 line of defense).
  • Compliance staff quality and requirement assessments.


  • Provide ad-interim Compliance Officers.
  • Specialist consulting on topics and regulations (eg, export controls, trading compliance, integrity & soft controls).
  • Board Audit Committee and Supervisory Board consulting.
  • Risk & compliance (awareness) training & ongoing counselling.
  • Executing compliance testing and independent investigations.
  • Strategic improvement program using maturity modelling and our vision towards the compliance function of the future where the focus changes from testing to continuous insight providing trust to boards, stakeholders, and society.
  • Value improvement, and (integrated) governance.
  • Technology selection & implementation and usage improvement.
  • Operational process improvement, code of conduct, risk treatments, policy compliance check, systematic case tracking, sanctions and disciplinary measures, self-disclosure / reporting obligations.
  • Compliance framework and content provision.
  • SAP authorisations & security compliance.
  • Continuous transaction monitoring.


  • We support to make all improvements stick by guiding your staff through all changes and periodically monitor the execution of your new way-of-working.
  • Embed learned skills and realise a culture of continuous improvement.

For those clients who don’t have the right capabilities, or just want to outsource their compliance function, we provide managed compliance services. This includes embedding the new way-of-working over your organisation and BR1GHT.

Managed GRC and risk services

For those clients who don’t have the right capabilities, not enough staff members, want to make fast quality improvement step or just have the strategy to outsource, we provide managed compliance services out of:

  • Suriname. Both ‘high value’ consulting plus repetitive compliance activities with a focus on energy trading, financial institutions and external auditors (ISQM). Our services include controls effectiveness testing, pre-accumulating compliance files, compliance testing, transaction & reporting oriented work, project management office activities, and so on. Read more for details related to banking compliance.
  • South Africa. IT-compliance, including (SAP) authorisations, application security, automated controls testing and identify & access management. We also run specific data-analytics or process mining programs. All our teams are skilled in the latest technology.
  • We provide both co-sourcing and full outsourcing. The biggest difference is that with co-sourcing our teams work fully under our client’s management supervision, in their IT-environment, and in their risk & quality management systems. With full-outsourcing, all risk & quality requirements are clear and written down in a service level agreement and we agreed that we can fully comply with them.
  • Teams in Suriname and South Africa always work together with local BR1GHT people at your location. These local ‘linking pins’ make sure that we always understand your needs and if issues pop-up, we can immediately solve them. They are responsible for the seamless integration of our and our client’s staff.
  • We have our proven methodology for onboarding to guarantee a controlled transition called ‘the 12-successfactors of change management’.

Read more (at our managed service page).

Flexible pool of GRC and risk specialists

Integrated governance towards trust

GRC Risk & ESG news

Wolters Kluwer named Global Leader in ESG Software

Wolters Kluwer named Global Leader in ESG Software

BR1GHT's partner Wolters Kluwer, a global leader in professional information, software solutions, and services, has been named among the leading global providers of ESG Software in the inaugural and prestigious Green Quadrant: ESG Reporting and Data Management...

read more
BR1GHT implemented ING’s compliance monitoring system

BR1GHT implemented ING’s compliance monitoring system

In September 2020, the Compliance Quality Assurance (CQA) department was established within ING. This department, even more than its predecessors, had the need to conduct thematic or process-oriented compliance reviews. Since the audit function uses TeamMate, and the...

read more


Vision paper

The digital transformation is reshaping organisations with an increasing pace. Digital solutions using RPA, IoT and mobile are being implemented in the business to save costs, improve business processes or to build client intimacy. But what are the risks of these new digital solutions, how do you control them and what does digital mean for your control environment? In a series of publications, we will dive deeper into these questions and take you with us in our Digital Control journey Towards Continuous Monitoring.

In this publication you will read all about:

  • What are the risks of new digital solutions, such as RPA, ML, IA,
  • The need to continuous monitoring,
  • Wat is continuous monitoring,
  • How 2’nd and 3’rd Lines of Defence can use continuous monitoring,
  • How to use continuous monitoring to provide assurance,
  • Upskilling risk and internal audit specialists.

If you would like to know more about continuous monitoring, please contact us. We can provide you with concrete examples of implementations.

Want to learn more?

Find out what our GRC and risk management propositions can mean for you.

Please contact us if we made you curious.

Thank you so much for you interest in us!