Software Functionality and Features

Overview of the most relevant VirtueSpark software features.

Risk Management

Manage risks in context

The system enables you to connect risks to other risks and objectives, assets, processes and all other types of objects in the system. Establishing the context allows all stakeholders to see and understand risks from their perspective.

Furtheron, the algorithms in the system use the contextual information to suggest relations between risks that may not have been obvious to the user.


Risk management functionality

Risk Identification
Risk context and relations
Risk assessment
Scenario analysis
Risk monitoring & reporting
Risk communication
Risk lifecycle management

Risk aggregation and reporting across the organization

Having risks context allows for smarter aggregation of risks. With the documentation of dependencies, knock-on effects between risks can be identified across multiple level. As a result, operational risks can be brought in relation with enterprise risks and objectives.

Change the way ERM operates

ERM reporting is no longer a list of independent risks per unit. With an integrated view not only the time to collect key risks from units is reduced to a split factor and turned into a brief verification activity instead. ERM reporting also changes fundamentally. Senior management has the ability to drill down into the operational root causes of risks and decide on mitigations where they make the most sense.

Aggregation and systemic decision making

Having relations and impact factors between risk nodes allows for a more comprehensive view. VirtueSpark's underlying graph theory algorithms use this information to create dependency trees. This allows to calculate the total impact of a particular risk across the organization.

Decisions on where to apply risk mitigation with the highest cost-benefit ratio have a new source of information. Instead of applying risk mitigation in isolated units, decisions can be made on a systemic scope.


Contact us for your individual demonstration.

Compliance and Control Assessments

Schedule automatic controls

Schedule your operational controls based on pre-defined control templates to be triggered automatically.

Or define your own controls. The high degree of configuration flexibility allows you to define controls for first and second line of defense or, if you don't follow the lines of defense concept,  even define your own levels of control.

Operational control approval and deviation management

Apply an automated approval workflow to ensure your control assessment was accurately performed and escalate deviations. Send the controls to reassessments or directly create actions to mitigate deviations.

Controls management functionality

Control setup
Control testing
Control monitoring
Control templates
Context and relations

Control framework mapping

No matter if you need to be ISO or NIST compliant. Define control frameworks to your individual needs and map them with established control standards.

In VirtueSpark you can create your own control frameworks and assess your organization against them.

By mapping your framework controls to each other and to established standards, you can automatically assess your maturity against the standard frameworks based on your operational controls. As this way you only have to assess the controls once and use the results for all frameworks you save a lot of time.

Control catalogue and framework assessment

Framework setup
Import standard control frameworks
Framework assessments
Assessment reporting

Easy reporting

Create control assessment reports against frameworks assessments or your individual controls.

Export to PowerPoint for easy management reporting.


Other features

Objectives management

Manage your objectives, align unit objectives with company objectives and map them with your risks.

Incident management

Manage incidents and map them to your risks. Create actions and tasks to adequately address the incidents and monitor progress.

Action management

Create actions and map them to your assets for e.g. control mitigation activities.

Supplier management

Manage supplier and services within VirtueSpark. Perform service risk assessments and due diligence assessments to automtically aggregate results and classify your suppliers against criticality and exposure.

Asset database

Manage assets on the platform and assess risks and controls against them.

Admin reports

Beyond standard reporting a whole set of advanced reports for the GRC manager to report and control activities.

Individual configuration

Configure your environment individually. Object types, mapping types, units and resources - freely configure the system to your needs.

Import and export

Import and export from and to Excel or benefit from VirtueSparks open interface structure where other systems can be easily connected.

Learn more about the system's functionality and features.