• Risk Managers
  • Internal control teams
  • Audit teams
  • Compliance teams


  • Risk appetite definition and monitoring
  • Risk trends and scenario analyses
  • Risk register and assessments
  • Control execution and self-assessments
  • Compliance monitoring


  • Risk appetite and risk profile frameworks
  • Risk evaluation and self-assessment / polling (RSA)
  • Control repository and execution
  • Worflows and e-mail notifications
  • Audit planning and execution, deviations management (PDCA)
  • Compliance monitoring
  • Incident management
  • Policy house management
  • Processing registry (“verwerkingsregister”)
  • List matching


  • Integral risk management
  • Clear and simple reporting and dashboarding
  • Reduced costs, Fewer regulatory and financial losses and fines
  • Faster response time to regulatory changes
  • Reduction in time taken to manage compliance activities

 First line of defense

  • Increase value through improved financial and operating controls
  • Accelerate reporting for more rapid decision-making and business improvement
  • Detect exceptions in real time to respond immediately and reduce damage
  • Replace manual preventative controls with automated detective controls, which increase efficiency and traceability
  • Identify control issues in real time with automatic alerting and remediation

 Second line of defense

  • Reduce ongoing compliance costs
  • Get notification and analyze impacts when regulations change
  • Establish a more automated, risk-based control environment with lower labor costs
  • Heighten competitive advantage by turning risk into value
  • Rely on a single point of truth for all GRC master data on risks, controls, regulatory requirements, processes and IT

 Third/fourth line of defense

  • Improve risk and control assurance in the same or less time than previous approaches
  • Reduce costs, including internal audit costs and those associated with unaddressed control deficiencies
  • Achieve a more robust, more effective auditing process
  • Expand internal audit coverage with minimal incremental cost
  • Shorten audit cycles

Case study 1:

Pension fund risk management

Our client, a Dutch pension fund, has developed an advanced risk management framework to support its pro-active, integral and continuous risk management vision. Rather than focusing solely on risk reduction, our client’s risk management philosophy privileges the careful selection of the best risk/return positions to stay within risk appetite without destroying value. Such an approach requires an agile risk management solution that can accompany the necessary dialogue between risk managers and board members: Sherlock advanced dashboarding capabilities facilitates quick and easy drill-down analysis as well as scenario analysis to better understand risk interdependencies.
Easy-to-configure collaborative features facilitate the automation of repetitive tasks and leads to increased productivity by streamlining the relationships with the various parties at stake under the fiduciary management framework (asset manager, custodian, actuaries…).

Case study 2:

Audit management

Our client has used Sherlock to build a risk-driven audit process and to achieve greater consistency and efficiency in the audit execution. Sherlock proposes a unique integrated platform to efficiently manage the 4 phases of the audit and ICS life cycle: a comprehensive multidimensional repository to maintain the audit universe (organisations, assets, policies, documents, norms, auditors’ certifications and capabilities, audit plan templates…); a user-friendly audit staffing and planning sub-module to easily prepare the various audit missions based on the audit universe repository; the audit execution sub-module supports the auditors in all their tasks (online as well as offline) and facilitates the audit budget tracking; and a case management based action tracking sub-module that enables our client to efficiently track and close the various follow-up actions.

Case study 3:

New underwriting compliance & risk management

Our client, a leading global health insurer, has developed a powerful framework to track regulatory requirements and determine the impact of changing regulatory landscape on its business. Sherlock was deployed to manage compliance risks, automate manual monitoring activities, organize the many different compliance activities alongside workflows, simplify and centralize all communication and documentation of compliance activities. In addition, our client uses Sherlock’s advanced data profiling analytics to detect and prevent non-compliance and fraud.

Case study 4:

Identity access management

Our client is the digital government service of the Netherlands Ministry of the Interior and Kingdom Relations (BZK). It maintains government-wide ICT solutions and common standards, that foster trust and simplify the communication between authorities, businesses, and millions of citizens with a view to guarantee the cohesion of the e-government networks. Our client supplies products relating to access, data exchange, standardization and information security. In doing so it is essential to maintain the highest security and quality standards: first by thoroughly assessing initial requests, but also by conducting yearly audits of their clients. Sherlock’s proven case management and workflow capabilities deliver a comprehensive solution to help our client identify potentially abusive behaviors, effectively investigate issues, and manage the workflow of the case through to resolution, resulting in substantial cost savings and productivity gains.

Case study 5:

Corporate governance and participations repository

Our client is an innovative and disruptive player on the Dutch pension and life insurance market. Effectively accompanying our client’s aggressive growth strategy required an agile approach to building a solid yet evolutive risk and compliance management framework. Sherlock’s modular structure and agile implementation approach were instrumental in progressively building a our client’s risk and compliance “umbrella” backbone that shelters a corporate governance repository to register our client’s participations and a risk management module that documents their business processes and internal control procedures including all related controls, and effectively supports our client’s process-based risk management.