Swiss Post turns Excel chaos into streamlined GRC operations with Swiss GRC

Discover how Swiss Post modernized its GRC processes, moving from manual Excel spreadsheets to an intuitive, digital system with the help of Swiss GRC.

Initial situation

When Swiss Post’s previous Enterprise Risk Management (ERM) solution was discontinued in 2020, the company temporarily managed risks without dedicated tool support, relying instead on Excel spreadsheets and PowerPoint reports. This quickly proved inefficient and error-prone. A modern, robust, and user-friendly GRC solution became essential.

Objectives

As a systemically important company with a public mandate, Swiss Post is subject to strict requirements in the area of Governance, Risk, and Compliance (GRC). In addition to legal regulations such as the Swiss Code of Obligations and the Postal Organization Act, the company’s management is overseen by the Federal Department of the Environment, Transport, Energy and Communications (DETEC), the Postal Regulatory Commission (PostCom), and the Swiss Federal Audit Office (SFAO). The system to be implemented had to fully meet these requirements while being sufficiently flexible to accommodate future regulatory or operational changes.

The goal was to find an intuitive, user-friendly, and easily adaptable platform that could reliably meet all existing needs from the applied risk management and internal control system (ICS) methodology. During the development process, care was taken to avoid unnecessary complexity and to design a solution that could be seamlessly integrated into the existing corporate structure. Furthermore, the solution needed to be scalable to meet future requirements.

Approach and collaboration

Swiss Post began by defining and prioritizing its requirements, then conducting a structured evaluation across multiple providers. Swiss GRC, already known for its work with PostFinance, stood out with a concept that combined strong functionality, flexibility, user-friendliness, and an attractive price-performance ratio.

Swiss Post awarded the contract to Swiss GRC, initially implementing the ERM and ICS modules. Implementation followed a hybrid approach, combining classic project structures with agile, practice-oriented working phases. On the Swiss GRC side, Gentian Ajeti (Head Consulting) and his team coordinated closely with Swiss Post’s corporate risk management function. Thanks to the platform’s intuitive usability, Swiss Post could actively participate and operate independently throughout the rollout.

The success of the first two modules sparked strong interest across the organization, leading to the phased introduction of additional modules, including:

• Information Security
• Supplier Security Management (Third-Party Risk Management)
• Compliance
• Data Protection
• Physical Security
• Audit Management

Project challenges

Key results and impact

With the introduction of the GRC Toolbox, Swiss Post was able to establish a central GRC platform that provides significant added value to the various assurance functions. The modular architecture enables a precise mapping of individual, subject-specific requirements and seamless integration of the solution into the complex corporate structure. Processes are documented transparently and traceably, and responsibilities are clearly assigned. In this way, the GRC toolbox makes a significant contribution to enabling Swiss Post’s assurance functions to perform their tasks efficiently, effectively, and transparently.

In the long-standing collaboration, Swiss GRC is perceived not merely as a software provider, but as a reliable and committed partner. What particularly distinguishes the cooperation with Swiss GRC is not only the technical support, but also the active enablement of Swiss Post to work independently with the GRC toolbox and even further develop it themselves. Thanks to its intuitive usability, minor adjustments and enhancements can be made in-house, without long development cycles or external dependencies.