Know how certain you are — not just how risky it feels.
Certainty-Based CBGRC gives boards, executives and risk owners a clearer way to see whether controls are actually working. It connects strategic outcomes, human behaviour, operating infrastructure, evidence and treatment decisions into one assurance view.
Certainty position
Controls are assessed by people, infrastructure and verified evidence.
A Sentric-style approach to CBGRC
The approach follows the same practical consulting idea: align strategic intent with business operations, ICT enablers, people, processes and systems — then use evidence to show whether the organisation can rely on them.
Starts with what the organisation must achieve, then shows which risks threaten those outcomes.
Tests whether staff behaviour, attitudes, capability and knowledge make the control real in practice.
Uses evidence, records and assurance signals to show whether information and controls can be trusted.
Builds a plain-language view that boards, executives, auditors and operational owners can act on together.
What the tool makes visible
CBGRC turns risk assessment into an evidence-led certainty model. It does not replace judgement; it gives risk owners and boards a stronger basis for judgement.
BACKS
Behaviour, Attitudes, Competency, Knowledge and Systems show whether people can and will operate the control.
GPPT
Governance, Policy, Process and Technology show whether the organisation has the infrastructure to make control operation repeatable.
Verified certainty
Evidence confidence converts control claims into an Overall Certainty Score so weak assurance is not hidden by a green rating.
Designed for accountable risk ownership
The managed-service boundary is clear: CBGRC can support assessment and treatment planning, but risk acceptance and treatment decisions remain with the authorised Risk Owner.
Board clarity
Shows the board where certainty is strong, weak, declining or unsupported by evidence.
Risk-owner sign-off
Keeps accountability with the person authorised to accept, treat or escalate the risk.
Treatment discipline
Targets treatment actions to the certainty gaps that matter most, rather than generic control lists.
Contact
For information about Certainty-Based CBGRC, the TAS7250 site, or access to the demonstration tool, contact:
peterwday@outlook.com
Open the CBGRC tool
The landing page and the application file sit in the same directory. Use the button below to run the attached CBGRC file.
Run CBGRC →