Case studies behind Michael Rasmussen’s Enterprise Risk Management solution perspective for CoreStream GRC

Introduction

Michael Rasmussen, renowned GRC expert and the former Forrester analyst who coined the term Governance, Risk and Compliance, recently shared his analysis of CoreStream GRC’s enterprise risk management (ERM) solution.

In his latest review, Michael spoke with four organizations currently using CoreStream GRC’s ERM platform. Each company applies the solution in a distinct way, tailored to their sector-specific challenges and strategic goals. This blog highlights the key insights from those conversations, showcasing how CoreStream GRC’s flexible approach to ERM is driving value across industries.

CoreStream GRC Enterprise Risk Management Client Experiences

Organizations across industries and regions are leveraging CoreStream GRC to
strengthen their ERM and broader GRC programs, achieving improvements in efficiency, automation, and adaptability to complex regulatory requirements. GRC 20/20 has engaged with CoreStream GRC clients globally, and in this evaluation conducted four specific client reference calls that found:

CLIENT: Global travel food services organization (~40 countries, ~50,000 employees).

ERM moved from an annual, report‑driven exercise into a living discipline
used daily and recognized at CEO level.

“ The Group CEO has called this out to the company several times, risk management has gone from tick box exercise to something they live and breathe.”

CoreStream GRC provides a real‑time consolidated view that can instantly pivot to region or country, enabling leadership to see top risks and mitigations on demand. Simplicity and usability drove engagement across leadership groups and created greater consistency in how risks are identified and understood. Reporting continues to be refined; ambitions include broader delegated action tracking and more automated board‑pack output.

CLIENT: Global energy company (~ 100,000 employees)

Global enterprise and project/delivery risk now run in one platform, replacing multiple legacy tools and consolidating roughly a hundred disparate data stores. Costs dropped materially versus prior systems, while usage expanded to thousands of users.

• Governance checkpoints,
• Exposure windows,
• Trend “flight paths”

made the program more forward‑looking, improving alignment of capital and contingency to risk timelines.

APIs feed external quantification tools; CoreStream GRC serves as the risk data spine.

Requests include faster delivery of certain advanced visualizations and simpler grid editing for high‑volume users.

CLIENT: UK financial mutual (specialty re/insurance covering £2.2 trillion in assets)

After challenges with a previous tool, the organization adopted CoreStream
GRC for risks, controls, KRIs, events, maturity, and actions, plus a declarations
module.

Adoption leapt from ~40% to ~95% within one cycle.

Same‑day capture‑to‑committee reporting is now routine; internal audit operates directly in the platform; and confidence in data quality has increased. Efficiency improved as “admin drag” disappeared, freeing time for analysis. Desired roadmap items include greater end‑user self‑service for dashboards and analytics, building on a strong standard set. They compare the level of support to their old tool stating:

“People and culture at CoreStream GRC are really really good, the team are keen to help, we’ve all become good friends. Never had that kind of engagement with a software solution!”

PARTNER and CLIENT: Big four perspective

Praises a practitioner‑built design, “Lego‑block” configurability, and the right price point for organizations digitizing ERM or stepping up from first‑generation tools.

Executive and board meetings benefit from live, drillable dashboards that materially improve discussion quality versus static decks. Recommendations
for roadmap emphasis include deeper self‑service configuration, BI‑grade
visualization polish and integration.

Summary from the feedback findings

Across these deployments we see a consistent pattern: efficiency through consolidation and automation; effectiveness via clearer appetite alignment and action follow‑through; resilience as forward‑looking indicators and exposure windows bring early warning; and agility as teams spend less time on pack preparation and more time on horizon scanning and decision support. CoreStream GRC’s culture — enthusiastic, collaborative, and responsive — amplifies these results by meeting organizations where they are and moving them forward at pace.

CoreStream GRC is well‑suited to organizations seeking a practical, configurable
ERM core with strong UX and fast time‑to‑value. It modernizes risk from spreadsheets and static reports into a connected, objective‑centric discipline embedded in daily management. While clients ask for more self‑service analytics and automation — appropriate for a platform on a strong upward trajectory — the prevailing narrative is clear: CoreStream GRC provides a flexible ERM spine that improves visibility, sharpens decisions, and strengthens the enterprise’s ability to take the right risks with confidence

Want to read more? Download the full report here.

Or head over to the preview section of the report here.

CoreStream GRC was also recognized by Michael Rasmussen in 2025, for the Innovator Award for Enterprise GRC architecture, learn more here.

About Michael Rasmussen

Michael Rasmussen is an internationally recognized thought leader and pioneer in governance, risk management, and compliance (GRC). With over 30 years of experience, he has extensive expertise in enterprise GRC strategy and processes supported by robust information and technology architectures. Known as the ‘Father of GRC’, Michael was the first to define and model the GRC market in February 2002 while at Forrester, setting the foundation for the modern understanding of GRC.

FAQ