top of page
Begin The Challenge

Your organization is in urgent need of a new Customer Relationship Management (CRM) software solution to manage increasing customer data and interactions. Due to the urgency, the procurement team is under pressure to make a quick acquisition. A vendor approaches your organization with an attractive offer that promises to meet all your requirements at a competitive price. The team is tempted to skip the usual vetting processes to expedite the acquisition. Risks: Security Risks: The software could have vulnerabilities that expose your organization to cyber threats, including data breaches and unauthorized access. Compliance Risks: The software may not be compliant with industry regulations or standards, putting your organization at risk of legal consequences. Financial Risks: Hidden costs or unfavorable contract terms could result in unexpected financial burdens. Operational Risks: Poorly designed or buggy software could disrupt business operations and lead to inefficiencies. Consequences: Data Breach: Sensitive customer data could be compromised, leading to reputational damage and potential legal action. Regulatory Fines: Non-compliance with industry regulations could result in hefty fines and legal scrutiny. Resource Drain: Unplanned costs and resource allocation for mitigating issues could strain the budget and derail other projects. Operational Inefficiency: Time and resources may be wasted in troubleshooting and fixing software issues, leading to operational inefficiencies. Stakeholder Impact: Board of Directors: Will question the governance and risk management practices in place. Customers: Loss of trust and potential churn. Employees: Decreased morale and increased workload due to software issues. Shareholders: Potential decrease in share value due to reputational damage and financial loss. Given your expertise in Governance, Risk, and Compliance (GRC), skipping the vetting process would be a significant oversight that could lead to multiple types of risks, including security, compliance, and operational risks.

Risk Assessment
Select a mitigation strategy
Likelihood  Impact  Risk

You start with an annual budget of $500,000, and as you navigate through the game, you'll encounter a series of scenarios that will test your skills in various aspects of GRC. Each decision you make will have implications, some immediate and some that will manifest in later stages of the game. Your performance will be evaluated rigorously, offering you valuable insights into your strengths and areas for improvement.

Strategy Score
Next Scenario



Total Score:





bottom of page