One platform, two engines, six building blocks.
RiskForge pairs an asynchronous detection engine that learns how your organisation behaves with a synchronous intervention gateway fast enough to act before a transaction commits. Everything else exists to make those two engines trustworthy, auditable and easy to live with.
The six building blocks
The listener
Receives a live, read-only feed of everything that matters: every SAP posting and change, plus the systems around it (SAP GRC for access data, Jira and ServiceNow for tickets and approvals, deployment logs from your servers). Zero added load on SAP. One consistent picture inside RiskForge.
The detection engine
Learns behavioural baselines per user, process and season, and produces findings with confidence bands. The full classic GRC rule set ships included as the baseline library: access risk analysis, SoD matrix, critical authorisations, emergency-access monitoring. It delivers value from day one while the baselines mature.
The intervention gateway
Answers allow, hold or block in under 200 milliseconds, before the transaction commits. A held transaction is safely parked; one click from the responsible manager posts it exactly as entered, or rejects it for good. Nobody re-keys anything.
The SAP hook
The only RiskForge code inside SAP, and deliberately tiny. Built on SAP's official enhancement mechanism, so it survives upgrades and travels through your normal transport process. Fail-safe by design: you decide whether transactions pass or wait if RiskForge is ever unreachable.
Dashboards & ForgeIQ
Role-scoped views: the audit lead sees everything, the CFO sees what matters to her. Every finding carries the history of prior occurrences. ForgeIQ answers plain-language questions and builds custom reports, always scoped to the asker's role.
The evidence vault
Append-only and hash-chained. Every automated decision and every human disposition lands here, timestamped and attributable. The vault feeds the auditor evidence packages, and even we cannot rewrite it.
Not every feature and detail is covered here. The best way to see what RiskForge can do is to walk through it with our team. Schedule a demo →
Two postures: enforcement and monitoring.
Every control runs in one of two modes. In enforcement mode, a high-confidence anomaly is held before it posts. The suspicious line waits for a human decision while the rest of the batch proceeds. In monitoring mode, the same anomaly posts normally and lands in a review queue, so operations are never interrupted. Most customers start in monitoring mode, build trust in the confidence bands, and then switch their highest-risk processes to enforcement.
The closed learning loop.
The two engines teach each other continuously, and what matters is the effect: false alarms decline measurably month after month, and a pattern the platform learned this morning already protects this afternoon's payment run. No tuning project, no redeployment, no waiting for a release.
The platform also knows the difference between suspicious and merely seasonal. Year-end close does not look like a normal Tuesday, and RiskForge expects that, so the busiest week of your year is not the loudest. How the engines exchange what they learn is the part of RiskForge we keep off the public internet. We show it live in the demo.
Built for the Mittelstand.
Deployment is per customer, in EU data centres, isolated from every other customer. The platform connects to S/4HANA and ECC. Typical time from connection to first useful findings is measured in weeks, not in the multi-year programmes associated with classic GRC suites. There is nothing to install inside SAP beyond the hook, and rule checks work before any learning completes.
See RiskForge on your own processes.
A 30-minute walkthrough against realistic SAP scenarios: payment runs, journal entries, transports. No slides, just the actual product.