🚨 UK SOX ALERT: Provision 29 deadline is approaching fast. Boards must evidence internal control effectiveness by January 2026. Learn how Symbiant can help you easily meet Provision 29 →

Symbiant System White Logo - Risk, Audit and Compliance Management Software

Risk management software

Risk Management 101: Steps, Strategies & Symbiant’s Award-Winning Approach

Strengthen resilience, streamline your processes, and stay compliant with intuitive, modular tools—powered by optional AI to surface risks, link data, and save time.

From only £100 per module/month for unlimited users*

Book a Demo
Watch the Video

Award-Winning GRC & Audit Software, Trusted Since 1999 by Companies of All Sizes

Arrow Global Medical Protection Forvis Mazars ILO Natural Resources Wales UKHSA United Arab Bank Cardiff Met Bank of England ABP TF Bank CITB Auckland Transport HM Customs University of Dundee Arrow Global Medical Protection Forvis Mazars ILO Natural Resources Wales UKHSA United Arab Bank Cardiff Met Bank of England ABP TF Bank CITB Auckland Transport HM Customs University of Dundee

What Is Risk Management?

Risk management is the process of identifying, assessing, and responding to the risks that could impact your organisation’s ability to achieve its goals. Modern businesses increasingly turn to risk management software to replace spreadsheets and manual processes, using tools that provide real-time risk scoring, monitoring, and reporting to ensure organisational resilience and compliance.

With the modern business landscape more unpredictable than ever, risks now span multiple areas: strategic, compliance, financial, operational, reputational, security, and quality. Without a clear framework, organisations can miss early warning signs and face costly disruptions. The danger is not the risk you know, it’s the one you never thought to ask about.

As the discipline has matured, risk management has branched into specialised areas such as enterprise risk management (ERM), cybersecurity risk management, operational risk management (ORM), and supply chain risk management (SCRM). Many industries now seek industry-specific risk management software, from financial services and healthcare to government and non-profits, to manage unique regulatory, security, and compliance challenges. Global standards bodies, including the International Standards Organization (ISO) and the US National Institute of Standards and Technology (NIST), have developed best practice frameworks to guide organisations in building robust, future-ready programs.

Organisations that adopt and continuously refine their risk management practices gain sharper decision-making, a higher likelihood of achieving strategic objectives, and a stronger resilience posture. Yet, with risks multiplying and diversifying across industries, the question remains: how can businesses implement a truly effective, GRC-aligned risk management process? As a multi-award-winning software provider since 1999, highly trusted by government bodies, financial institutions, charities, SMEs, and global enterprises, Symbiant offers a proven, highly trusted platform designed to answer that question, transforming risk from a static compliance task into a strategic advantage.

What Are Risks?

In the context of Governance, Risk Management, and Compliance (GRC), a risk is any event or condition, positive or negative, that could impact your organisation’s ability to achieve its objectives. Risks are not limited to worst-case scenarios; they can also be tied to opportunities that carry uncertainty.

In everyday life, we encounter risks constantly. You might trip getting out of bed, miss a flight, or run out of fuel on a journey. The same principle applies in business: some risks are worth taking because they open the door to growth, innovation, or competitive advantage, provided they’re understood and managed.

This is why modern risk management is not just about avoidance. It’s about asking:

  • What opportunities are available to us, and what could we gain?
  • How much uncertainty are we willing to accept, our risk appetite?
  • How does this align with our business goals and objectives?
  • What could go wrong, and how would we respond?


Organisations often begin by defining their objectives, then examining the risks that could affect achieving them. While financial risks are a common focus, they’re only part of the picture. Operational, compliance, reputational, security, and quality risks can be just as critical.

It’s important to remember: risks are hypothetical until realised. Once they occur, they become incidents or issues that must be addressed through established controls, contingency plans, and corrective actions. The aim of effective risk management is to identify these potential scenarios early, assess their likelihood and impact, and put measures in place to avoid, mitigate, transfer, or accept them.

With Symbiant’s multi-award-winning risk management software, this process becomes dynamic, connected, and actionable, transforming risk from a static list into a live decision-making tool that supports resilience and growth.

What Different Types of Risks Exist in Modern Organisations?

Today’s business environment is shaped by an ever-expanding risk landscape. As new challenges emerge, so do targeted risk management practices such as Operational Risk Management (ORM) and Supply Chain Risk Management (SCRM) each designed to address specific areas of exposure. These specialisations provide tailored action plans and contingency strategies that help organisations stay agile and prepared.

While risks will differ by industry and operating model, most fall into seven broad categories:

1. Strategic Risk
These are threats that can alter or undermine an organisation’s long-term direction, business model, or ability to achieve its strategic objectives. Because strategy influences every department, a shift in one area can have a cascading effect across the entire organisation. These risks can emerge from significant technology changes, such as moving to a new platform or infrastructure; major organisational restructures or workforce reductions; leadership transitions; intensifying competitive pressures; or changes in legislation and regulation. Managing strategic risk effectively means linking these potential threats directly to organisational goals, so that early action can be taken before they disrupt overall performance.

2. Compliance Risk
Compliance risk arises when an organisation fails to meet legal, regulatory, or industry-specific obligations, from GDPR and data protection laws to environmental, labour, or financial regulations. Non-compliance can lead to significant penalties, legal action, and reputational harm. These risks often emerge when policies are outdated, controls are weak, or changes in regulations go unaddressed. Effective GRC frameworks ensure compliance is monitored, documented, and acted upon before breaches occur.

3. Financial Risk
Financial risks are those that can directly impact an organisation’s revenue, profitability, or long-term stability. They may stem from market volatility, poor investment decisions, contract disputes, fraud, or failed partnerships. Because these risks can undermine the financial health of the entire business, they require careful monitoring, forecasting, and mitigation planning. Integrated risk management software makes it easier to connect financial risk indicators with operational and strategic insights.

4. Operational Risk
Operational risk relates to threats that can disrupt the everyday running of the organisation. It can be caused by internal issues, such as process failures, employee misconduct, or technology breakdowns, or external events like supply chain disruptions, natural disasters, or geopolitical instability. Left unmanaged, operational risks can delay deliveries, interrupt services, and erode customer trust. A connected risk register linked to incident reports and action plans ensures swift, coordinated responses.

5. Reputational Risk
Reputational risk is the potential damage to an organisation’s public image, brand, and stakeholder trust. In the age of instant news and social media, one negative story can escalate quickly. Data breaches, unethical practices, environmental harm, or poor customer experiences can all spark reputational crises. Proactive monitoring through Key Risk Indicators (KRI) and aligned communication strategies can help protect and rebuild trust before lasting damage occurs.

6. Security Risk
Security risks threaten both the physical safety of an organisation’s premises and the integrity of its digital assets. Cyberattacks, data leaks, unauthorised access, and physical breaches are increasingly common in today’s connected world. These risks demand layered safeguards, from strong access controls and regular testing to incident response plans that are ready to activate when needed. A unified GRC platform ensures that security risks are tracked, assessed, and linked to corrective actions.

7. Quality Risk
Quality risk refers to the possibility that a product or service will fail to meet expected standards, damaging customer satisfaction and revenue. Causes can range from process flaws and human error to equipment failures or unreliable suppliers. Monitoring quality metrics, tracking supplier performance, and linking corrective measures directly to risk registers can prevent quality issues from becoming recurring problems.

The Six Key Steps in an Effective Risk Management Process

A strong risk management framework follows a clear sequence — from spotting potential threats to reviewing how effectively they’ve been managed. This structure ensures risks are addressed consistently and linked to organisational objectives, while also allowing for continuous improvement.

1. Risk Identification
The process begins with identifying anything that could affect the achievement of objectives. This means considering risks at every level, from strategic initiatives to day-to-day operations. Input from leadership, key stakeholders, and subject matter experts helps capture a complete picture.

Risks should be documented in a risk register that includes descriptions, potential impacts, and initial ownership, forming the foundation for the rest of the process.

2. Risk Assessment and Analysis
Once identified, each risk is evaluated for its likelihood of occurring and its impact if realised. Many organisations use structured scoring systems, such as 3×3 or 5×5 matrices, to ensure consistent evaluation.

Multiplying likelihood and impact scores generates an overall risk rating, making it easier to prioritise which risks require urgent attention and which can be monitored over time.

3. Controls Assessment and Implementation
Controls are the measures put in place to reduce the likelihood or impact of a risk. This step involves reviewing existing controls to determine whether they are adequate, as well as designing and implementing new ones where gaps exist.

Controls should be clearly linked to their associated risks, with responsibilities assigned and performance monitored regularly.

4. Risk Mitigation and Treatment
This stage focuses on putting action plans into practice. There are four common approaches:

Acceptance – Acknowledging the risk within agreed tolerance levels.
Transfer – Shifting responsibility to a third party, such as through insurance.
Avoidance – Eliminating the activity or decision that creates the risk.
Mitigation – Taking steps to reduce the likelihood or impact.
The chosen treatment strategy should be documented, monitored, and adjusted as needed.

5. Monitoring, Review, and Reporting
Risks evolve, and new ones can emerge quickly. Ongoing monitoring ensures that changes in risk levels, control effectiveness, or organisational context are detected early.

Regular reviews , quarterly or more often, help ensure risk data stays accurate, while reporting keeps leadership and stakeholders informed. Lessons learned from past incidents or near misses should feed back into the process, making the organisation more resilient over time.

Why Modern Risk Management Requires a Clear, Connected Framework

Still relying on Excel and manual processes to manage governance, risk, compliance, or audits? Symbiant replaces spreadsheets with a connected, scalable GRC platform that turns your data into insight and your risk team into a strategic powerhouse. Affordable, audit-ready, and built to grow with you.

Achieve business objectives effortlessly, build organisational resilience ans simplify complex processes.

Optimising your GRC Processes
Symbiant is a world-leading, highly trusted, award-winning GRC and Audit platform—designed to help organisations achieve objectives, reduce risk, and stay resilient with confidence, clarity, and cost-efficiency. Fully modular, agile, and easy to embed, Symbiant fits effortlessly around your existing structure, simplifying processes, breaking down silos, adapting to your exact requirements, and scaling seamlessly as your needs evolve. Symbiant’s optional AI Assistant is fully integrated and purpose-trained on real-world risk, audit, and compliance challenges. It understands your data while keeping it secure, helping to surface hidden threats and unidentified risks. It identifies root causes and predicts the consequences of control failures, helping you understand how risks may cascade across your organisation and where additional vulnerabilities could emerge. It effortlessly connects information across business functions—bringing together disconnected data from risk, audit, compliance, and other sources across your organisation, to deliver actionable insights. Proven in complex environments and trusted by organisations of all sizes worldwide, Symbiant has been delivering the most powerful, flexible and affordable GRC solutions since 1999—starting at just £300/month with 10 user seats.

Why Spreadsheets Fail for Risk Management

For many organisations, spreadsheets are the default tool for managing governance, risk, and compliance (GRC) processes. At first glance, they seem simple, low-cost, and familiar. But when it comes to today’s complex, fast-moving risk environment, spreadsheets quickly become a liability.

Key limitations include:

Lack of Real-Time Insight – Spreadsheets are static snapshots. By the time data is updated, the risk landscape may have already changed.
Version Control Nightmares – Multiple copies circulate across email and shared drives, making it difficult to know which version is current and accurate.
Poor Collaboration – GRC requires cross-departmental input, but spreadsheets aren’t built for multi-user, real-time collaboration without risking data corruption.
Disconnected Data – Risks, controls, incidents, and objectives often live in separate files, making it impossible to see the bigger picture or identify interdependencies.
Error-Prone – Manual entry, hidden formulas, and copy-paste processes increase the risk of mistakes that could undermine decision-making.
No Audit Trail – Tracking changes, responsibilities, and historical actions is difficult, making compliance audits more stressful and less transparent.

In short, spreadsheets reduce GRC to a series of isolated tasks, rather than an integrated, intelligence-driven capability. They may appear cost-effective, but the hidden costs of inefficiency, missed risks, and compliance failures can be substantial.

What a Modern GRC System Should Deliver

A well-designed (GRC), Risk Management and Audit platform should go far beyond storing information. It should actively support strategic decision-making, improve organisational resilience, and streamline compliance processes.

Key capabilities include:

Single Source of Truth – Centralised, connected data where risks, controls, incidents, and objectives are always accurate, consistent, and accessible in real time.
Contextual Risk Intelligence – Every risk should be linked to the objectives it influences, giving decision-makers the full context needed for prioritisation.
Dynamic, Real-Time Reporting – Dashboards, heatmaps, and scoring that update automatically as information changes.
Cross-Functional Collaboration – Secure, role-based access that enables teams across departments to work together without silos or duplication.
Auditability and Accountability – Comprehensive records of changes, actions, and decisions to create a clear, defensible audit trail.
Scalability and Flexibility – The ability to evolve alongside organisational growth and changing risk maturity without requiring full system overhauls.
Action-Oriented Tools – Features that move beyond documentation to drive mitigation, control testing, and performance tracking.

A truly modern GRC system should be a decision-enablement platform, one that helps you detect risks sooner, respond faster, and ensure your risk management efforts are directly aligned with business strategy, not just compliance checklists. Symbiant delivers exactly that. Symbiant is a world-leading, highly trusted, award-winning GRC and Audit platform, designed to help organisations achieve objectives, reduce risk, and stay resilient with confidence, clarity, and cost-efficiency. 

Fully modular, agile, and easy to embed, Symbiant fits effortlessly around your existing structure, simplifying processes, breaking down silos, adapting to your exact requirements, and scaling seamlessly as your needs evolve. 
Symbiant’s optional AI Assistant is fully integrated and purpose-trained on real-world risk, audit, and compliance challenges. It understands your data while keeping it secure, helping to surface hidden threats and unidentified risks. It identifies root causes and predicts the consequences of control failures, helping you understand how risks may cascade across your organisation and where additional vulnerabilities could emerge. 
It effortlessly connects information across business functions—bringing together disconnected data from risk, audit, compliance, and other sources across your organisation, to deliver actionable insights. 

Proven in complex environments and highly trusted by organisations of all sizes worldwide, Symbiant has been delivering the most powerful, flexible and affordable GRC solutions since 1999—starting at just £300/month with 10 user seats. 

Risk Manager at your fingertip

Empowering Risk Managers with
AI-Assisted Precision

Symbiant’s optional AI Assistant is fully integrated and trained on real-world risk, audit, and compliance challenges. It keeps your data secure while uncovering hidden threats, identifying root causes, and predicting the consequences of control failures. By connecting data across functions, it reveals how risks may cascade—turning scattered information into clear, actionable insight.

Starting from just £100/month*
Unlimited users. Unlimited requests.

View Symbiant AI

Streamlined Risk Management with Symbiant AI​

Symbiant’s AI Assistant intelligently connects risk-related data across departments, functions, and modules—eliminating silos and creating a single source of truth. It automatically links risks to business objectives, incidents, controls, and audit activities, uncovers underlying root causes, and predicts potential consequences—delivering a unified, actionable view of risk that supports faster, smarter decisions.

Actionable Insights with Symbiant AI

Generate powerful, data-driven reports enriched with AI-recommended controls, root causes, and potential consequences. Symbiant AI not only scores risks—it reveals what’s driving them and what could happen if controls fail. Audit teams can instantly access every connected risk within a specific entity, eliminating manual searches and saving valuable time.

Maximise Time Efficiency

Save up to 90% of your time with automation, finding duplicate risk entries in seconds, refining poorly written data, rewriting risk descriptions for clarity, and automatically populating fields with details tailored to the risk and your business objectives.

Symbiant AI Predicts & Protects

It assess your current controls and their effectiveness, suggests improvements and recalculates residual risk scores for optimal mitigation.

Ensure Privacy and Security

Symbiant’s AI-Powered Assistant is fully GDPR-compliant and built to protect your privacy. It does not collect or store your data. Instead, it creates a temporary cache folder to fulfil each query and immediately deletes the information once the task is complete.

Your data always stays securely within your environment, giving you full control and peace of mind while benefiting from AI assisted insights.

R A U D I T M A N A G E M E N T I S K M A N A G E M E N T C O M P L I A N C E M A N A G E M E N T A I - P O W E R E D A S S I S T A N T A u t o m a t i o n C o l l a b o r a t i o n A I - P o w e r e d R e a l - T i m e I n s i g h t s U n i f i c a t i o n C o s t - E f f e c t i v e

Hover to Explore our Solutions.

Symbiant

All-in-One GRC & Audit
Management Powerhouse

Symbiant’s flexible, modular platform streamlines governance, risk, compliance, and audit—so you can reduce complexity, adapt fast, and stay focused on achieving your objectives.

Our Solution at a Glance:

Risk Management Software

The Symbiant Risk Management Software module enables organisations to identify, understand, and manage risks with ease and efficiency. It provides a streamlined approach to monitoring, assessing, and mitigating risks, ensuring informed decisions and compliance.

View Solution

AI-Powered Assistant

Symbiant AI connects data across your organisation, delivering actionable insights and seamless workflows. From logical, data-driven risk scoring to uncovering root causes and predicting the domino effect of control failures, Symbiant AI empowers smarter, faster decisions. Eliminate duplicate risks in seconds, refine controls, identify emerging risks, and so much more—all tailored to your business.

View AI Overview

Audit Management Software

The Symbiant Audit Management Software module streamlines audit planning, action tracking, and time management. It automatically pulls relevant data, allows easy report customisation, and generates professional audit reports.

View Solution

Compliance Management Software

The Symbiant Compliance Management Software module simplifies the management of compliance tasks. It helps organisations track regulations, manage audits, and ensure adherence to legal requirements, driving efficiency and minimising risk.

View Solution

R A U D I T M A N A G E M E N T I S K M A N A G E M E N T C O M P L I A N C E M A N A G E M E N T A I - P O W E R E D A S S I S T A N T A u t o m a t i o n C o l l a b o r a t i o n A I - P o w e r e d R e a l - T i m e I n s i g h t s U n i f i c a t i o n C o s t - E f f e c t i v e

Risk Management Software

The Symbiant Risk Management Software module enables organisations to identify, understand, and manage risks with ease and efficiency. It provides a streamlined approach to monitoring, assessing, and mitigating risks, ensuring informed decisions and compliance.

View Solution

AI-Powered Assistant

Symbiant AI connects data across your organisation, delivering actionable insights and seamless workflows. From logical, data-driven risk scoring to uncovering root causes and predicting the domino effect of control failures, Symbiant AI empowers smarter, faster decisions. Eliminate duplicate risks in seconds, refine controls, identify emerging risks, and so much more—all tailored to your business.

View AI Overview

Audit Management Software

The Symbiant Audit Management Software module streamlines audit planning, action tracking, and time management. It automatically pulls relevant data, allows easy report customisation, and generates professional audit reports.

View Solution

Compliance Management Software

The Symbiant Compliance Management Software module simplifies the management of compliance tasks. It helps organisations track regulations, manage audits, and ensure adherence to legal requirements, driving efficiency and minimising risk.

View Solution

"Our experience with Symbiant for Risk was so good that we asked them to build a bespoke health and safety incident reporting platform [...] designed to our exact specifications with advanced reporting capabilities at a competitive price. Symbiant delivers value for money, ease of use, and top-tier information security. I’d recommend them to anyone."
"Symbiant has revolutionised how we manage risk, offering endless customisation, real-time visibility, and eliminating the need for spreadsheets. Helpful reminders ensure no action is missed. [...] The Symbiant Team provided excellent support, tailoring the system to our needs. Highly recommend for a powerful, flexible, and cost-effective solution!"
Evolution Money client using Symbiant’s agile, affordable Governance, Risk, Compliance (GRC) and Audit Management Software with integrated, optional AI Assistant.
"Whilst Symbiant offers its own Risk Register module, we customised it to meet our exact needs. [...] Now, we can capture, rate, and review risks and controls in our preferred style, with reports providing clear overviews of company or departmental risks. The design process with Symbiant was seamless and fluid."
Marsh improves risk visibility and audit efficiency with Symbiant’s modular Governance, Risk, Compliance (GRC) and Audit Management Software.
"A welcome change from spreadsheets – Symbiant centralises our risk registers, assessments, and controls library with the ability to link risks and incidents. [...] The tracker and email notifications help risk owners self-manage, while custom reports and dashboards simplify gathering MI. A truly useful software."
Simply Business leverages Symbiant’s affordable, modular GRC and Audit Management Software to enhance compliance and risk control.
"We considered several risk management tools and chose Symbiant for its flexibility and scope. [...] While risk management was our primary need, audit tracking has been a valuable addition. The monthly contracts and competitive pricing are a bonus. Excellent support from Symbiant—very happy so far!"
Carter Jonas uses Symbiant’s GRC platform to streamline risk management and compliance oversight.
"Symbiant helps us identify, assess, and treat risks across various business initiatives, including change management, acquisitions, and customer projects. [...] The Risk Suite automates our risk management process, overcoming global time zone challenges with its online, collaborative platform, enabling rapid input from stakeholders."
Risk, Audit and Compliance Management Software - Emerson
''Having implemented Symbiant into our global business a year ago it has provided the complete solution we required to manage our risk and internal audit functions. It’s a powerful tool, very user friendly and supported by a great team. It’s a product I would certainly recommend!''
Innovation Group relies on Symbiant’s risk and compliance software to stay aligned and agile.
''We have been using Symbiants’ risk software for 10 years now and have been impressed with the high level of service and the outstanding features of the software. You would struggle to find better so don’t be put off by their incredibly low pricing.''
Nature’s Way uses Symbiant’s Governance, Risk, Compliance (GRC) and Audit Software to improve risk oversight and support regulatory compliance.
''Unbelievably inexpensive…''
Gartner comment on Symbiant's platform. Symbiant is an affordable, agile Governance, Risk, Compliance (GRC) and Audit Management software with an optional AI Assistant
''We are very impressed with Symbiant. Its simplicity and ease of use aligned with its flexibility and extensive reporting capabilities make it a very useful tool.''
ICAEW Chartered Accountants trust Symbiant for smart, audit-ready governance and risk software.
''I selected Symbiant over multiple industry solutions as it offered a very fast implementation in a most cost effective way. I understood the software in no time by seeing the helpful videos available on the site, started with the small pack and later upgraded it. I feel EXTREMELY satisfied as the product keeps updating itself and bring new changes as per new requirements from customers.''
GWC client using Symbiant’s modular, affordable Governance, Risk, Compliance (GRC) and Audit Management Software with optional AI Assistant.

25 Years. Thousands of Users. One Trusted Platform.

With over 25 years of innovation in Governance, Risk, and Compliance (GRC) and Audit Management, Symbiant is trusted by organisations across every sector. Our clients love how our powerful, affordable, award-winning and fully customisable risk software helps them stay compliant, make smarter decisions, and reduce complexity, without the costly overheads.

Winner 2023 - Business Risk and Audit Best Risk & Audit Management Software 2023 Best GRC Software Solution 2023 Business Risk and Audit Winner 2023 (Style 2) Business Risk and Audit Winner 2023 (Style 3) Winner 2023 - Business Risk and Audit Best Risk & Audit Management Software 2023 Best GRC Software Solution 2023 Business Risk and Audit Winner 2023 (Style 2) Business Risk and Audit Winner 2023 (Style 3)
View Testimonials
View Case Studies

Upgrade Your GRC & Audit. Downgrade Your Cost.

The Most Affordable GRC & Audit Software on the Market​

30-day contract / Cancel anytime*​

FLEXIBLE, NO LONG-TERM COMMITMENT

Built for long-term partnerships, designed for your freedom—30-day contracts, no strings attached. Our scalable packages allow you to add modules or users as needed, with no long-term commitment.

*Cancel anytime with just 30-days notice.

From £300/month.

AFFORDABLE
Get up and running with a full-featured GRC Risk, Audit, and Compliance solution in just hours—starting from £300/month.

Price Plans

Symbiant AI Assistant

SUPERCHARGE THE WAY YOU WORK
Unlimited requests, unlimited possibilities.

Symbiant AI Assistant is fully integrated and optional add-on for just £100/month.

Symbiant AI

Your Central Hub for GRC, Risk, Audit & Compliance Excellence

Discover More in Symbiant’s GRC Knowledge Centre

Looking for even more insights, tools, and practical guidance? Visit the Symbiant GRC Knowledge Centre, your all-in-one hub for governance, risk, compliance (GRC), and audit resources.
Explore our guides, in-depth glossary definitions, industry-specific best practices, and demonstration videos, all organised by industry, organisation size, and compliance framework (including ISO 27001, GDPR, Cyber Essentials, and more).

Whether you’re a charity, SME, or global enterprise, you’ll find tailored content to help you streamline processes, strengthen compliance, and achieve your business objectives, all backed by Symbiant’s award-winning, enterprise-grade GRC, Risk Management & Audit software.

Visit the Knowledge Centre

unbeatable pricing

Pricing Disclaimer

* Modules are charged at a standard monthly fee, not on a per-user basis. All users can access each module at any required level. Please note that costs exclude VAT, AI features, and additional modules you may wish to use. User seats are required.