Once you've configured the base platform, all your modules will benefit from it.

Sentinelys is not a collection of disconnected tools or modules. Each module (Internal Audit, Risk Management, Internal Control, Events, Questionnaires) is built on six foundational pillars that are active from the start: the Company Scope, Configuration and Administration, the Library, Event Management and Decision-Making Committees, Questionnaires, and Tracking of Created Activities. This foundation ensures that data entered once is utilized everywhere, without re-entry, without duplication, and without desynchronization between teams.

The common foundation can be used as a simplified first step toward GRC: establishing the simple and cost-effective foundations of the basic functions sought by an SME or mid-sized company.

They trust us

ARCHITECTURE THAT CHANGES EVERYTHING

What happens when GRC modules are not based on the same platform.

Most organizations that manage their GRC (Governance, Risk, and Control) using separate tools face the same challenges: the risk manager works in one tool, the auditor in another, and the compliance officer in a third.

The scope of the business is redefined in each system. Corrective actions are tracked in different Excel spreadsheets, and no one ever has a consolidated view.

Sentinelys solves this problem at its root through its architecture. Even before activating the first business module, six pillars are in place and shared across the entire platform.

Sentinelys is your partner for simple and smart GRC.

Why Choose Sentinelys

SIMPLICITY

Once you discover Sentinelys, you’ll want to use it every day. Get started in just a few days and learn the ropes in a matter of hours, with the help of a training AI.

INTEROPERABILITY

Get a 360° view of your organization with governance data management that’s never siloed.
Questionnaires, risks, internal controls, audits: all modules share the same data, with no need for re-entry.

ADAPTABILITY & CO-CREATION

Sentinelys will adapt to your organization thanks to its no-code approach and the opportunity to collaborate with our experts in internal control, internal audit, and risk management.
If you’d like to take it a step further, we can customize your own work environment on Sentinelys.

SOVEREIGN HOSTING

Data is essential and valuable to your organization, which is why we give you the choice.
Sovereign cloud SaaS hosted by OutScale, a subsidiary of Dassault Systèmes and SecNumCloud-certified, or on-premises installation in your environments.

PILLAR 1 · THE COMPANY'S SCOPE

Set up your organization once. Access it anywhere.

The scope serves as the foundational framework for the entire platform. Every element added—whether an entity, third party, procedure, tool, data point, physical site, process, regulation, or other—becomes a central building block to which all objects in the business modules are linked: risks, audits, controls, incidents, and decisions. Risk mapping, the audit plan, control campaigns, and questionnaires all focus on the same elements, not on lists redefined in each module.

A scope defined once, used by all modules (risks, audit, control, incidents, questionnaires).

Reference building blocks: entities, third parties, procedures, tools, data, physical locations, processes, projects, regulations.
Job titles: modeling the organizational chart (DPO, Risk Manager, etc.) to automate the targeting of governance actions.
Hierarchy and links: parent-child relationships between elements and links between families.
Centralized view: An item's page brings together all related interactions, including audit assignments, risk maps, action plans, events, and decisions.

PILLAR 2 · CONFIGURATION AND ADMINISTRATION

Adapt the platform to your organization, not the other way around.

The Configuration and Administration section allows administrators to configure global settings that affect the identity, security, and behavior of the entire platform.
This is where Sentinelys comes into play: your logos, security rules, business vocabularies, and validation processes.

Sentenlys’ adaptability: every rule, every vocabulary, and every role can be customized to fit your organization’s specific needs.

Brand identity & technical aspects: company name, logos (website and email), SMTP server, AI assistant (such as Mistral) for writing assistance.
Security & Authentication: Password Policy, 2FA, Microsoft SSO, Session Timeout Management.
Custom fields: Adding additional information to standard forms to meet specific business needs.
Permissions & roles: Granular control over permitted actions (read, create, edit, delete, approve) by user role.
Bulk imports: uploading data via Excel template files (users, risks, items, controls).
Languages & translations: multilingual support and customization of internal terminology (e.g., renaming a module to match your terminology).
Logs: Full traceability of user actions with severity levels (INFO, WARNING, ERROR, CRITICAL).
Milestones: Structuring campaigns into key stages with role-specific validation rules.

PILLAR 3 · THE LIBRARY

Define your reference systems once. Use them across all modules.

The library centralizes reusable templates across the entire platform: generic risks, risk mitigation measures, standard controls, potential incidents, and reference documents. These elements, defined once, are available in the Risk Management, Internal Control, Internal Audit, and Events modules.

Define once, deploy everywhere. The library ensures consistency across the GRC system without the need for re-entry.

Document repository: controlled storage (type, sensitivity, versioning) with tracking of validity and expiration dates.
Universe / Domains / Themes: a hierarchical structure for organizing control repositories.
Control standards: qualified controls (type, associated risk), which can be imported and exported in bulk.
Risk Library: Family → Subfamily → Risks tree structure, with the risk concept instantiated to provide context for a specific item.
Control measures: actions (prevention, detection, correction, etc.) related to risks used to calculate net criticality.
Potential incidents: a list of typical events to monitor and link to risk scenarios or actual incidents.

PILLAR 4 · EVENT MANAGEMENT AND DECISION-MAKING COMMITTEES

One place to manage all your events and the decision-making committees associated with them.

The Events section allows you to record and track any occurrence that could impact the organization’s activities. Events are categorized by types defined by the company and further organized using color-coded tags to facilitate filtering and analysis. An event can be created directly or based on a potential risk from the risk repository.

Typology & classification: types defined by the company and color-coded tags for filtering and analysis.
Creation & tracking: directly or from a predefined event in the repository, to link the actual incident to the documented scenario.
Enhancement: Uploading documents and evidence to each record.
Centralized dashboard: an overview of statuses, ongoing incidents, related actions, and required approvals.
Bodies: decision-making bodies (executive committee, board, etc.) with a designated minute-taker.
Committees: meetings associated with a governing body, including the date, participants, and agenda.
Decisions: person in charge, stakeholders, deadline, comments, possible link to a specific risk.
Final validation: Once a decision is 100% validated, it becomes unchangeable, ensuring the integrity of the audit trail.
Access control: A minutes-taker can only view the committees and decisions that fall under their responsibility.

PILLAR 5 · QUESTIONNAIRES

Gather information where it is.

The Surveys module allows you to create self-assessment or information-gathering surveys to be distributed before or during any campaign (risk assessment, audit, or inspection). Responses are collected from targeted respondents and directly linked to the risks and controls in the library.

Scope & Targeting: The scope is selected from the shared scope, and job titles automatically determine the recipients.
Reusable templates: Create questionnaire templates (compliance, self-assessment, third-party, etc.) that can be reused across campaigns.
Dedicated dashboard: track responses by respondent and by scope, with metrics and charts.

PILLAR 6 · MONITORING OF ACTIVITIES

A comprehensive overview of all ongoing activities on the platform.

The activity tracking module gives you a 360° view of everything shared by all platform users: action plans, recommendations, guidelines, and tasks currently in progress, regardless of their source (audits, risks, internal controls, incidents, committee decisions).

You can create any type of event in Sentinelys—an incident, a simplified recommendation, or a miscellaneous action. Events are fully customizable without coding and reflect the company’s daily operations. These events are centralized in a cross-functional module shared across the entire platform.

Centralized management: all corrective actions (audits, controls, risks, incidents, committees) in a single location.
Progress status: a measure of the overall progress of each plan and each individual action.
Configurable without coding: fully customizable activity types, data entry rules, and scheduling policies.

a feature you might find interesting

Self-assessment questionnaires

Create questionnaires to distribute before or during a compliance audit, self-assessment, or third-party survey to strengthen your monitoring of compliance issues (Sapin 2, DORA, NIS2, etc.).
Track responses via a dedicated dashboard.

Questionnaires related to campaigns and associated risks.
Structured data collection based on job title.
Track responses using a dedicated dashboard.

INTEROPERABILITY · 360° VIEW

The Foundation in Action: What Each Module Gains from a Common Base.

Each of Sentinelys’ modules or features (Risks, Internal Audit, Internal Control, etc.) is linked to the six pillars of the Common Framework.

+ Internal Control

The campaigns are based on the library’s control standards. The control elements are drawn from the common scope. Questionnaires round out the system.

+ Internal Audit

The scope of the organization determines the audit tasks. Use your libraries to create and run the necessary controls. Questionnaires round out the system, and the tracking module provides a 360-degree view of everything shared by platform users.

+ Risk Management

Define your company’s scope and link the risks created in your libraries. Generic risks are applied to scope elements (entities, processes, tools, third parties, etc.). The risk map reflects the actual organization.

Would you like more information? Contact us!

We’re here to answer any questions you may have. Please feel free to contact us at any time.

34 Rue du Clos Four, 63100 Clermont-Ferrand, France

+33 4 73 44 85 05

contact@coauditgroup.fr

Looking for answers?

Frequently Asked Questions

Do you have a specific question? Our experts are here to help. Request a demo to see how our tools can make your day-to-day work easier.

What is a GRC platform, and how does Sentinelys fit the bill?

A GRC (Governance, Risk, Compliance) platform centralizes in a single environment the functions that enable an organization to manage its risks, oversee regulatory compliance, and ensure the governance of its operations.

Sentinelys goes beyond a simple collection of tools: its modules (Internal Audit, Risk Management, Internal Control) all share the same foundation (scope, library, questionnaires, configuration and administration, events and decisions, activity tracking), which eliminates silos and duplicate data entry across teams.

Why is defining the scope of the business so important in Sentinelys?

The company’s scope serves as the foundational framework for the entire platform. Every element that makes up the company—such as entities, subsidiaries, departments, processes, data, and regulations—becomes a common reference point shared by all modules. A risk is associated with an element within the scope; an audit focuses on these same elements; and a questionnaire targets the relevant entities.

Without a common scope, each module redefines the organization in its own way, leading to inconsistencies and wasted time.

Can we customize Sentinelys' terminology to fit our organization?

Yes. The Configuration section allows you to customize the platform’s internal terminology: rename a module to match your business terminology, create custom fields in standard forms, define the activity types used in timesheets, or configure job titles to align with your organization’s organizational chart.

Sentinelys adapts to your business, not the other way around.

Once you've configured the base platform, all your modules will benefit from it.

They trust us

ARCHITECTURE THAT CHANGES EVERYTHING

What happens when GRC modules are not based on the same platform.

Sentinelys is your partner for simple and smart GRC.

Why Choose Sentinelys

SIMPLICITY

INTEROPERABILITY

ADAPTABILITY & CO-CREATION

SOVEREIGN HOSTING

PILLAR 1 · THE COMPANY'S SCOPE

Set up your organization once. Access it anywhere.

Reference building blocks: entities, third parties, procedures, tools, data, physical locations, processes, projects, regulations.

Job titles: modeling the organizational chart (DPO, Risk Manager, etc.) to automate the targeting of governance actions.

Hierarchy and links: parent-child relationships between elements and links between families.

Centralized view: An item's page brings together all related interactions, including audit assignments, risk maps, action plans, events, and decisions.

PILLAR 2 · CONFIGURATION AND ADMINISTRATION

Adapt the platform to your organization, not the other way around.

Brand identity & technical aspects: company name, logos (website and email), SMTP server, AI assistant (such as Mistral) for writing assistance.

Security & Authentication: Password Policy, 2FA, Microsoft SSO, Session Timeout Management.

Custom fields: Adding additional information to standard forms to meet specific business needs.

Permissions & roles: Granular control over permitted actions (read, create, edit, delete, approve) by user role.

Bulk imports: uploading data via Excel template files (users, risks, items, controls).

Languages & translations: multilingual support and customization of internal terminology (e.g., renaming a module to match your terminology).

Logs: Full traceability of user actions with severity levels (INFO, WARNING, ERROR, CRITICAL).

Milestones: Structuring campaigns into key stages with role-specific validation rules.

PILLAR 3 · THE LIBRARY

Define your reference systems once. Use them across all modules.

Document repository: controlled storage (type, sensitivity, versioning) with tracking of validity and expiration dates.

Universe / Domains / Themes: a hierarchical structure for organizing control repositories.

Control standards: qualified controls (type, associated risk), which can be imported and exported in bulk.

Risk Library: Family → Subfamily → Risks tree structure, with the risk concept instantiated to provide context for a specific item.

Control measures: actions (prevention, detection, correction, etc.) related to risks used to calculate net criticality.

Potential incidents: a list of typical events to monitor and link to risk scenarios or actual incidents.

PILLAR 4 · EVENT MANAGEMENT AND DECISION-MAKING COMMITTEES

One place to manage all your events and the decision-making committees associated with them.

Typology & classification: types defined by the company and color-coded tags for filtering and analysis.

Creation & tracking: directly or from a predefined event in the repository, to link the actual incident to the documented scenario.

Enhancement: Uploading documents and evidence to each record.

Centralized dashboard: an overview of statuses, ongoing incidents, related actions, and required approvals.

Bodies: decision-making bodies (executive committee, board, etc.) with a designated minute-taker.

Committees: meetings associated with a governing body, including the date, participants, and agenda.

Decisions: person in charge, stakeholders, deadline, comments, possible link to a specific risk.

Final validation: Once a decision is 100% validated, it becomes unchangeable, ensuring the integrity of the audit trail.

Access control: A minutes-taker can only view the committees and decisions that fall under their responsibility.

PILLAR 5 · QUESTIONNAIRES

Gather information where it is.

Scope & Targeting: The scope is selected from the shared scope, and job titles automatically determine the recipients.

Reusable templates: Create questionnaire templates (compliance, self-assessment, third-party, etc.) that can be reused across campaigns.

Dedicated dashboard: track responses by respondent and by scope, with metrics and charts.

PILLAR 6 · MONITORING OF ACTIVITIES

A comprehensive overview of all ongoing activities on the platform.

Centralized management: all corrective actions (audits, controls, risks, incidents, committees) in a single location.

Progress status: a measure of the overall progress of each plan and each individual action.

Configurable without coding: fully customizable activity types, data entry rules, and scheduling policies.