Enterprise SaaS for governance, risk, and compliance

Riskonnect Enterprise GRC

Making enterprise risk, governance, and planning workflows easier to follow and finish.

Role

UX Consultant

Timeline

Jan 2021 to May 2022

Company

Riskonnect Asia-Pacific

Tools

Figma · Miro · Jira

01 · Overview

The story in short.

Riskonnect Asia-Pacific builds enterprise software for risk, governance, and planning. The products were powerful but complex, and users were getting lost between modules and multi-step workflows. I worked across research, IA, and UI to make completing tasks feel more natural.

Problem

Users were navigating dense, multi-step screens to complete routine tasks. Critical data was hard to find, page structure varied between modules, and people were getting lost mid-flow.

Context

Enterprise risk, audit, compliance, and planning teams use the platform daily. Many are power users. They don't want fewer features, they want fewer surprises.

Design challenge

Reduce friction without dumbing the platform down. The redesign needed to respect power-user workflows while bringing visual and behavioural consistency.

02 · Research

Listening before deciding.

I started by understanding both the users and the business context.

Ran UX reviews, design analysis, and research sessions
Identified issues in navigation, page structure, and multi-step workflows
Workshopped business needs with stakeholders to turn them into product changes
Mapped recurring blockers across modules

Key insights

The same data was scattered across modules without a clear home.

Most pain was in routine recurring tasks, not edge cases.

Power users were creating their own spreadsheets to compensate for missing views.

Heuristic audit summary

Visibility of status

Inconsistent. Pages don't expose progress.

Match to real world

Module naming differs from team vocabulary.

Consistency

Three table behaviours across modules.

Recognition over recall

Filters reset on navigation.

03 · Users

Who I designed for.

Primary persona

Ananya

Senior Risk Officer · 38

Power userDetail-orientedAudit-ready

“I don't need fewer features. I need fewer surprises.”

Goals

Surface critical risks fast
Generate clean reports
Stay audit-ready

Frustrations

Buried data
Inconsistent tables
Exports for everything

User journey

1Land

Open dashboard

What needs me today?

Emotion

Alert

2Triage

Review open items

Filter by severity.

Emotion

Focused

3Update

Update treatments

Document, then move on.

Emotion

Steady

4Report

Generate report

Hope it formats right.

Emotion

Cautious

5Share

Send to leadership

On time, finally.

Emotion

Confident

Pain points

Too many clicks to reach common screens.
Inconsistent table and form behaviour across modules.
No clear empty or loading states.

Design goals

Make routine workflows fast and predictable across modules.
Surface critical metrics on entry, not after navigation.
Bring visual and interaction consistency across the platform.

04 · Design

From idea to interface.

Ideation

Redesigned dashboards and task flows by creating a shared design system. Iterated through wireframes, prototypes, and design documentation with engineering and business stakeholders.

Information architecture · Integrated GRC suite

UI direction

Calm neutrals with a stronger data-first hierarchy. Generous spacing, consistent table behaviour, and colour reserved for status and severity.

Final UI · GRC dashboard

Riskonnect GRC/ ERM / Dashboard

AI onQ3 2026

ERMCompliancePolicyIT RiskThird-partyAuditAI Governance

Active risks

248

+12

High severity

↓ 4

Controls failing

↓ 2

Audits open

Risk heatmap

Likelihood × Impact

AI suggestions

↗Emerging risk: vendor SOC2 expiry in 30 days.
↗Suggested control: MFA for 3rd-party access.
↗Regulation update: GDPR Art. 28 changes.

Risk	Module	Owner	Status	Sev
Vendor SOC2 gap	Third-party	A. Singh	Open	High
GDPR retention policy	Compliance	M. Lee	In review	Med
AI model bias review	AI Governance	J. Park	New	Med
MFA enforcement	IT Risk	S. Tan	Closed	Low

Task efficiency

↑ 75%

Modules unified

10+

Three-year ROI

280%

Nav depth

↓ 4 → 2

05 · System

Reusable, documented, shippable.

Shared component library with dashboard cards, dense and comfortable table modes, filter chips, status badges, and a consistent modal pattern. It was used across modules to bring the experience together.

AI in GRC · Calm, in-context helpers

Risk Suggestions

Surface emerging risks based on current trends and relationships.

Control Recommendations

Suggest controls grounded in context, exposure, and best practice.

Monte Carlo Simulation

Model probability and impact of risks across scenarios.

Regulatory Mapping Agent

Map regulation changes to affected policies and obligations.

Audit Coordination Agent

Organise audit requests, evidence, and responses in one place.

Framework Alignment

NIST, ISO 27001, SOX, HIPAA, GDPR, COSO — out of the box.

06 · Validation

Testing what actually works.

Prototype: Clickable prototypes used in stakeholder reviews to test direction before development.

Testing: UX reviews and analysis sessions. Iterative improvements based on stakeholder and engineering feedback.

07 · Impact

What changed after the redesign.

Restructured dashboards and task flows with a shared design system, clearer information hierarchy, and consistent module behaviour. The product became easier for users to move through.

Outcome 01

Task success improved by about 25% on key workflows.

Outcome 02

Shared design system adopted across modules.

Outcome 03

Cleaner stakeholder-to-engineering handoff through documented prototypes.

Outcome 04

Routine workflows became more predictable across the platform.

08 · Learnings

What I'd take into the next one.

Enterprise users aren't asking for fewer features. They're asking for fewer surprises. Consistency and clear cross-module connections win.

Next case study

MRI Property Management B2B Platforms

Making information-heavy property-management dashboards easier to use without losing important detail.

Continue