Granite has recently introduced a range of new features designed to bring efficiency and unprecedented visibility to an organisation’s daily risk management operations. Granite’s experts gathered for a June expert conversation to demonstrate in practice how the new cross-tool relations, risk and control libraries, and built-in artificial intelligence operate. These updates enable more proactive decision-making and centralised risk management without the rigidness of cumbersome GRC systems.
The expert conversation featured Janne Viljamaa, CCO at Granite, and Jukka Mäkitalo, GRC Consultant at Granite.
Relations Create Visibility Across Departmental Boundaries
Granite’s new relations allow data entered into the system, such as risks, controls, and incidents, to be flexibly linked across different tools and organisational units. In practice, items in different tools can be connected directly to one another. For instance, risk observations reported by staff can be linked straight to a risk managed within the general risk management module.
Jukka Mäkitalo describes the bi-directional nature of the feature during the expert conversation as follows:
“Relations are bi-directional. This means the connection is visible from both sides: which observation is linked to a risk, and conversely, which risks are linked to an observation.”
The feature also includes a visual graph view, allowing users to easily see the entire chain of links. This helps in conceptualising broader contexts and identifying complex dependencies that standard row data cannot reveal. Furthermore, relations strictly adhere to the organisation’s access control permissions, meaning users cannot access information through relations that they would not otherwise be authorised to see. Jukka Mäkitalo emphasises that data security comes first in this scenario as well.
Risk and Control Libraries Streamline Management
With the new risk and control libraries, deploying a new framework within an organisation is accelerated and management becomes more efficient. Assessments do not need to be built completely from scratch; instead, the risk management team can maintain a centralised, standardised list of risks and controls. Business units can then select the most relevant items from this library for their own assessments.
When a control or risk is selected from the library for a specific risk form, it creates what is essentially a risk-specific instance. While the foundational data comes directly from the library, the business unit can describe the exact method of implementation, define the frequency cycle, and assign responsible persons based on how it applies to that specific risk. This ensures that assessments across different units are genuinely comparable. At the same time, audits and reviews become much easier, as the risk management function can see at a glance exactly which risks a specific control is applied to and how its implementation is being tracked.
Granite AI: An Intelligent Sparring Partner
Granite’s built-in AI assistant is designed to provide straightforward support for day-to-day risk management. Granite AI assists the user on two different levels:
For an individual risk, control, requirement, or incident, the AI acts as a sparring partner that can provide suggestions for completing information or identifying appropriate control measures. On a broader level, the AI can be used to support analysis across the entire risk register. It helps extract trends, weak signals, or identify blind spots and biases from large volumes of data to aid decision-making.
The AI solution has been built with a strict focus on data security. It operates within the Microsoft AI Foundry environment using OpenAI models, but respects the user’s existing access permissions, ensuring no unauthorised access to data. Janne Viljamaa clarifies the AI’s data protection as follows:
“No data is retained by the AI. The data is sent to the AI, it is processed in the cloud, and once the query ends or the user clicks the clear button, nothing is left behind.”
The AI acts purely as a coach and does not make direct changes to the client data. Instead, responses are generated in a text format within a chat window, allowing users to utilise the information as they see fit.
Feature Synergy Simplifies Daily Work
The greatest value of these new features stems from their seamless interaction. As the risk and control libraries standardise the organisation’s data and relations connect information from different tools into a visual network, the AI can deliver higher quality, context-aware analysis. This helps organisations shift from reactive firefighting towards proactive, centralised risk management.
To support this ecosystem, Granite is also introducing an extensive design overhaul, the development of which is already underway. The objective of the update is to make the system even easier to use as functionalities expand. It makes the user interface intuitive even for casual users who do not interact with the system daily, reducing the need for scrolling and making the AI and metadata easily accessible directly on the side of the form.
Summary of Granite’s New Features
- Relations: Enable data linking across tool and unit boundaries and provide a visual graph view for identifying dependencies.
- Risk and Control Libraries: Accelerate the deployment of assessments using ready-made standard lists and make data across different units genuinely comparable.
- Granite AI: Acts as an intelligent sparring partner in individual entry scenarios and supports the analysis of large risk datasets with complete data security.
Published 24th of June 2026