RHIZA- Controls Assurance

Where organisations do not have a dedicated risk coordinator or in-house software solution, it can become a challenge to maintain, update and report on risk and controls.  

For these reasons, many organisations have started to implement risk management tools which can put the responsibility back onto the risk owners to maintain their own risk registers through a system facilitated approach. 

At BDO we have developed our own risk management tool, Rhiza, which can help you implement risk management across the business through pre-population and training for risk owners.

Rhiza helps overcome the two biggest and most common challenges organisations face when trying to create an effective and sustainable risk management programme. 


Organisations need a software which is appropriate to their appetite for complexity, yet can grow with them as their risk maturity develops.  

Rhiza is straightforward and simple to use –but not simplistic. Risk management systems can either be too simple, and lack the sophistication you require, or excessively complex and expensive to implement, use and maintain. 

No matter what your specific challenges, Rhiza is designed to adapt its shape so that you can manage risks in the most effective way for your business. 

'Hearts and Minds’ 

The battle to actively engage business users and embed risk management in an organisation is perhaps the hardest challenge. 
Business users need a solution which is straightforward and simple. One which makes data maintenance easy, fast and efficient with minimal fuss and bother.
Rhiza is designed to make this happen.  An intuitive web browser interface enables users to access and focus on relevant information quickly and easily from wherever they are at any time. 

Rhiza - Controls Assurance

Our internally developed risk and controls management software, Rhiza, supports clients on their risk and controls assurance journey.

Key benefits of using Rhiza Controls Assurance include: 

  • Delivering a versatile solution for creating a unified, but flexible, approach to managing enterprise risk across the organisation. Rhiza allows organisational units to continue to identify and manage risk autonomously, whilst providing senior management with increased oversight across the organisation through an intuitive interface for management information and reporting 
  • Easing the administrative overheads involved with coordinating and managing the regular maintenance of RACMs. For individual users, there are active notifications and direct links to risks and controls due for review; for the central risk function a straightforward and simple way to generate reports or view risks/controls in need of update 
  • Providing a mechanism for raising the awareness of risk and related issues across the organisation. Rhiza can be used to create (and rank) a strategic risk register built from risks across the organisation, as well as creating key risk registers for other parts of the organisation 
  • Allowing management to build the necessary body of evidence and internal certifications to assert on the design and effectiveness of the ICFR framework for SOX purposes 
  • Helping to reinforce a standard set of processes, terminology, assessment levels and understanding throughout the organisation 
  • Demonstrating to key internal and external stakeholders that risk is being actively managed to a high standard 
  • Ensuring responsibility for risks, controls and improvement actions is clearly and unambiguously stated 
  • Creating a company-wide repository for recording risk/control breaches and near misses 
  • Establishing the link between risks and controls to organisation objectives and helping to keep a strong focus on the real benefits of risk management, not just box ticking
  • Offering the ability to start simple and increase complexity as required. Rhiza can match an organisation's current level of risk maturity and grow as risk management and other governance processes develop. Future proofing helps ensure that the time, effort and money invested in developing a risk management framework is not wasted or limited to only a few years.

Rhiza can be used to: 

  • Document and manage the Risk and Control Matrices (RACMs) once constructed whilst tracking remediation 
  • Allow control owners to certify the satisfactory performance of controls on a regular basis 
  • Act as a bridge between the testing performed and the necessary assertions 
  • Provide management with a well-structured, evidence based solution to support their SOX assertions
  • Provide full transparency on your risk and control activity throughout the year, facilitating external audit review and reliance 

Comprehensive risk management and assurance at your fingertips

Related Resources

RHIZA - Customisable risk tools

Watch our video on RHIZA, a practical solution for managing risk in your business or organization.

Key Contacts