LR pixel

avedos GRC News

OpRisk and ICS at the bank Vontobel

Globally operating financial expert Vontobel relies on the integrated GRC-software risk2value. Michele Luongo, Head of Operational Risk, Executive Director shares his experience with risk2value and provides an outlook for potential developments.

Vontobel, a global investment advisor with strong roots and a solid capital base, specializes in asset management for private clients and institutional investments as well as investment banking.

“At Vontobel, we actively shape the future. We create and pursue opportunities with determination. We master what we do – and we only do what we master. This is how we get our clients ahead.”

Fast facts (as of December 2018)

  • Founded in 1924
  • Locations: Headquarters in Zürich, 26 branches worldwide
  • Approx. 2,000 employees
  • Client assets: Approx. CHF 247.3 billion

Growing company banks on sustainable software solution

Operational risk management (OpRisk) and the internal control system (ICS) were previously mapped in an Excel and Access solution, which had been developed in house. Over the years, the system had become impractical and needed to be replaced.

  • The work involved for the responsible business department rapidly grew due to the company’s growth and increasing international business
  • Excel files had to be consolidated manually in regular intervals
  • The department had to collect and process all information as the sole hub
  • Multiple workshops were hosted just to collect information

Developing the target system

In order to meet the challenging market requirements and promote active risk management, the bank saw the need to improve transparency, consistency and efficiency. To optimize these criteria sustainably, it began its search for a software solution that not only supported its current requirements, but also offered attractive possibilities for ongoing development. The main requirements included:

  • Application ownership within the business department
  • Local data entry
  • Standard solution with flexible customizations (e.g. in risk and control self-assessments)
  • Simple, intuitive usage
  • Reasonable implementation time
  • Easy access to the data for analytics and a connection to the existing reporting tool

Selection of the GRC software platform risk2value

At the end of the software evaluation process, the decision-making panel selected the GRC platform risk2value from avedos.


“We first started with OpRisk and ICS in risk2value knowing very well that other areas can follow and the extensible, future-proof system is a safe investment.” Michele Luongo, Head Operational Risk, Executive Director

  • risk2value not only fulfilled the necessary criteria but impressed the panel with its many advantages.
  • High flexibility for implementing individual ideas (e.g. workflow design) in the system
  • Straight-forward technical integration
  • Modern look and feel, intuitive usability
  • Direct access to the BI database
  • Geocultural ties to avedos


Following a successful project, which was finished in budget and on time in Spring 2018, risk2value went into operation. The feedback from the employees who work with the system has been very positive. This is primarily due to the solid prep work from the department, which offered workshops, created a user manual, and set up a telephone hotline.


“Working with the tool is really a pleasure because it is straightforward, intuitive and modern.” Michele Luongo, Head Operational Risk, Executive Director

Benefits and advantages of risk2value

The implementation of the GRC software fulfilled the high expectations at Vontobel:

  • Transparency: More comprehensive information, faster data availability, improved analytic capabilities
  • Consistency: Single point of truth (i.e. central access to all data at any time through an authorization system), common methodology
  • Efficiency: Larger scope with the same resources, faster way to collect information for faster responses and higher agility, lighter burden on the first line by avoiding redundant queries, less effort required for coordination between the second and third lines


In addition, the department has been able to reduce the number of hosted workshops by 75-80%. This saves a great deal of time so it can focus on its core responsibilities.

Future-proof GRC

The GRC platform has gotten off to a great start and the positive experiences throughout the three lines of defense are paving the road to further levels of GRC maturity. In the next step, Vontobel will implement the General Data Protection Regulation (GDPR) in risk2value. Other potential use cases include:

  • IT and cybersecurity
  • Business continuity management
  • Stronger integration of qualitative and quantitative information to enrich RCSAs with indicators, losses, etc. and support evaluations
  • Automated control assessments with the help of indicators used as “sensors” in combination with AI


risk2value has laid the foundation for Vontobel to integrate information from various GRC applications and profit from well-founded decisions across the company.

Share on facebook
Share on twitter
Share on linkedin
Share on xing
Share on email

GRC alert!

GRC know-how for your inbox!

Get informed on the facts and latest trends in GRC – and stay tuned for upcoming events, webinars, podcast episodes or trainings.

CSM Webinar 150x151 Icon
Podcast icon avedos
CSM Event Icon avedos 150x151
CSM Newsletter Icon avedos 150x151
CSM Training 150x150 Icon