Client success story
How CITB Replaced Spreadsheets and Transformed Risk Management With Symbiant’s Agile, Intuitive, Easy-to-Use GRC & Audit Software
CITB turned manual, error-prone spreadsheets into a unified, intuitive, and fully customisable risk ecosystem, gaining real-time visibility, automated workflows, clearer reporting, and a platform their teams actually enjoy using.
From only £100 per module/month for unlimited users*
Symbiant: Stronger together
About CITB
The Construction Industry Training Board (CITB) is an executive non-departmental public body, sponsored by the Department for Education, responsible for developing and supporting the skills, training, and long-term capability of the construction workforce across the UK. Operating throughout England, Scotland, and Wales, CITB delivers apprenticeship programmes, training standards, funding support, and industry-wide development initiatives. Their work underpins the success of one of the UK’s most economically significant sectors, ensuring a skilled, safe, and future-ready workforce.
As a public organisation with far-reaching responsibilities, from grant funding and regulatory alignment to national workforce planning, CITB manages a diverse and evolving risk landscape. Ensuring accuracy, visibility, and strong governance is essential to delivering its mission, which is why moving from spreadsheets to Symbiant’s modern, connected, agile and highly trusted GRC, Risk Management and Audit platform was a significant step in strengthening how risks are tracked, reviewed, and reported across the organisation.
Industry:
Construction,
Public Sector
Headquarters:
United Kingdom (UK)
Established:
1964
THE CHALLENGE
The Limitations of Manual Risk Management
Before adopting Symbiant, CITB was managing risks through traditional spreadsheet-based methods, a common approach, but one that becomes increasingly restrictive as an organisation’s risk maturity grows. CITB’s manual processes could no longer keep pace with the level of oversight, accuracy, and collaboration required from a public body reporting to the Department for Education.
Spreadsheets created several operational challenges: no real-time visibility, difficulty tracking risk actions to completion, inconsistent data entry, and ongoing version-control issues. Reporting was labour-intensive and prone to error, making it harder to provide senior leadership with a clear, timely view of organisational and project risks. With multiple teams involved in risk activities, maintaining alignment across documents became increasingly complex and inefficient.
For an organisation with CITB’s scale, public accountability, and regulatory responsibilities, these manual limitations represented a significant barrier, prompting the need for a modern, connected system that could support accurate governance, consistent practice, and reliable oversight across all departments.
“As our risk management became more mature, using excel spreadsheets came with challenges like: not being able to see live updates, not being able to track risk actions to completion, lack of reporting and errors when manually inputting risks and updates, lack of version control and lack of visibility for risks, not effective for reporting or providing visibility to senior management. ”
— Anna Kornaszewska, Audit and Risk Coordinator, CITB
Why Symbiant Stood Out
What CITB Looked for in a Modern Risk Management Solution
As CITB’s risk framework matured, finding the right system meant identifying a platform that could support growth without overwhelming teams. Ease of use was a top priority, they needed a solution that staff across England, Scotland, and Wales could adopt quickly, without adding unnecessary complexity or administrative burden. The system had to be adaptable, flexible, and fully customisable, allowing CITB to shape it around their existing processes rather than forcing teams to change how they work.
Automation was another key factor. CITB wanted a platform that could streamline routine tasks including tracking risk actions, sending reminders, and updating information in real time. They also required strong reporting capabilities to support governance and provide leadership with accurate, up-to-date oversight. Collaboration mattered too; with multiple departments involved in risk activities, the system needed to enable users to work together easily and consistently.
Symbiant stood out because it delivered and exceeded all of these requirements in one intuitive, easy-to-use, agile platform. Its flexibility, automation features, real-time visibility, and user-friendly design and robust capabilities made it the ideal fit for an organisation seeking to modernise risk management without creating resistance or complexity.
“We looked for a system that is user friendly and adaptable and could be customised to suit our needs. We also looked for a system that is not too complex and would not add a significant extra burden on the users so they could come on the journey of automation with us, that can automate certain tasks like action tracking and reminders, with good reporting, real time updates and possibility for user collaboration. ”
— Anna Kornaszewska, Audit and Risk Coordinator, CITB
Seamless Implementation
How Smoothly Symbiant Integrated Into CITB’s Existing Processes
Symbiant is fully customisable and flexible and therefore, fitted seamlessly into CITB’s established processes, requiring only light configuration to align the system with the organisation’s terminology and workflows. The implementation phase was smooth and structured: unnecessary fields were removed to simplify navigation, and key screens were tailored to reflect how CITB already managed risks.
Users quickly found the system intuitive and easy to navigate. Because Symbiant mirrors natural risk workflows and avoids unnecessary complexity, teams adapted rapidly to the new way of recording, reviewing, and managing risks. The Audit and Risk team received dedicated training from Symbiant and were able to carry out additional self-customisation with confidence, ensuring the system matched CITB’s specific needs.
Overall, the combination of usability, flexibility, and targeted onboarding made adoption straightforward and well-received across the organisation.
“ Symbiant has fitted really well into our existing processes. Implementation was quite smooth following some modification to standard to meet our needs (mainly removing fields we were not intending to use so the screens are easier to navigate and aligning terminology) and a testing phase with a few selected users and feedback from that. The users found the system intuitive and user friendly and quickly adapted to this new way of recording and managing risks. Audit and risk team were trained by the Symbiant team and so did a degree of self-customisation. ”
— Anna Kornaszewska, Audit and Risk Coordinator, CITB
Symbiant risk register module
How the Risk Registers Module Transformed CITB’s Risk Oversight
CITB’s experience with the Risk Registers module has been overwhelmingly positive, with several features making a significant impact on how risks are captured, assessed, and monitored across the organisation. The ability to structure risk registers clearly, grouping risks by area, type, and category, has brought order and consistency to what was previously a fragmented spreadsheet process. This structure, combined with Symbiant’s scoring approach, has helped the team focus on the risk gap and better understand where attention and mitigation efforts are most needed.
The dashboards within the module have also become essential, giving users instant visibility of risk distribution across the organisation. Being able to see trends, concentrations, and shifts at a glance has strengthened CITB’s oversight and supported clearer conversations with leadership.
Equally, reporting has been a major advantage. Users highly appreciated how quickly they could produce clear, accurate reports without manual formatting or version-control worries. The combination of intuitive dashboards and powerful reporting has allowed CITB to move from reactive updates to far more proactive, informed risk management.
“ The ability to easily structure risk registers by area and risks by type, and using risk scoring to drive a focus on the risk gap. The dashboards in this module are a great way to see at a glance the breakdown of risks across the organisation. Also the reporting from Symbiant was highly appreciated by all users. ”
— Anna Kornaszewska, Audit and Risk Coordinator, CITB
A Strategic Expansion to 150 Users
How Expanding to 150 Seats Strengthened Collaboration Across CITB
CITB’s decision to expand Symbiant to 150 seats reflects not just increasing usage, but growing confidence in the platform across the organisation. The expansion wasn’t accidental, it was driven by demand from teams who wanted to be part of a more structured, transparent, and collaborative risk environment.
Initially, additional seats were added to bring more staff into risk management activities. More recently, CITB made a deliberate decision to expand further by 50 seats specifically to bring project risks into Symbiant, a major step, as project risks had previously been managed separately. This move enables CITB to analyse all risks together, improve visibility, and report on organisational and project risks in one unified system.
Symbiant’s flexibility, customisable layouts, and ability to set different access levels made this expansion easy and practical. Teams could join without being overwhelmed, while managers retained full oversight.
User feedback has been consistently positive. Staff valued how easy the system is to navigate and how clearly it presents review schedules. Based on early feedback, CITB even extended their review cycle options from a fixed 31-day interval to flexible 1, 2, or 3-month cycles, an example of how the system adapts to how teams naturally work.
The expansion shows a clear trajectory: as more people experienced Symbiant, more departments wanted access. This has strengthened collaboration, increased visibility, and made risk management a shared, organisation-wide effort.
“ The expansion reflected wider use of the system – initially we’ve expanded numbers to allow for additional staff in areas becoming involved with risk management, whereas the latest 50 seats have been added with the intention of bringing project risks onto the system (which to date have been managed separately). This will support wider visibility of those risks and ability to analyse the whole population and report on them alongside other risks. Flexibility in presentation and ability to assign differing user access were factors in that decision. In general, feedback has been positive – we had the risk review dates configured initially to give us a prompt for all risk reviews every 31 days but that prompted some feedback so that’s recently been expanded so users will now be able to identify risks as requiring review every 1,2 or 3 months. ”
— Anna Kornaszewska, Audit and Risk Coordinator, CITB
Flexible, Easy-to-Use System That Grows With You
Why CITB Recommends Symbiant GRC & Audit Software to Other Organisations
CITB’s advice to other organisations is clear: Symbiant is an intuitive, user-friendly platform that can be fully customised to match the exact needs and complexity of your risk and audit processes. They recommend taking advantage of this flexibility early on, shaping entry screens, terminology, and reporting layouts so the system aligns naturally with how your teams work.
One of Symbiant’s biggest strengths, from CITB’s perspective, is its ability to grow with the organisation. As their needs evolved, they were able to adapt the system effortlessly, from updating review date options to expanding the platform so it could accommodate project risks alongside organisational risks. This scalability has made Symbiant a long-term fit, not just a short-term tool.
CITB also praised the support provided throughout their journey. The Symbiant team were responsive, helpful, and quick to assist whenever needed, making both implementation and ongoing use smooth and stress-free. Reporting has been another standout benefit, reducing manual effort and giving teams clearer, more accurate insights without the usual spreadsheet maintenance.
Implementation was made even easier thanks to fast, reliable data import, bringing risks over from Excel with minimal manual work. CITB also values the ability to link related risks, noting that there is further potential to leverage these connections for deeper insight into risk flows and dependencies.
For organisations looking for a system that is affordable, flexible, easy to use, and genuinely supportive, CITB’s experience shows why Symbiant is the best choice.
“ The system is intuitive and user friendly and can be fairly easily customised to suit the needs of the organisation – we would definitely recommend doing that so the system aligns to the organisations needs and how complicated or otherwise it wants entry screens, reporting etc. It can grow with the organisation by flexing the functionality as we’ve done by updating the review date functionality and building so it will take project risks. Symbiant support is great and the team is very responsive and helpful. Reporting function is really good and saves us time and effort. During implementation, importing risks from Excel was quick and easy so minimal manual input was required. It is useful to be able to link risks, but we’ve probably not made the most of that in terms of how/if the system can provide better insight on risk flows and dependencies. ”
— Anna Kornaszewska, Audit and Risk Coordinator, CITB
Award winning grc & Audit management software
25 Years. Thousands of Users. One Trusted Platform.
With over two decades of continuous innovation in Governance, Risk, Compliance (GRC), and Audit Management, Symbiant has become a trusted partner to businesses, charities, and government bodies worldwide. Built on more than 23 years of client-driven development, our award-winning, fully customisable platform is designed to simplify complexity, strengthen compliance, and enable smarter decision-making. By combining powerful functionality with a modular, low-cost model, Symbiant delivers enterprise-grade capability without the overheads, making robust risk management accessible and agile for every organisation.
Risk Management Software
The Symbiant Risk Management Software module enables organisations to identify, understand, and manage risks with ease and efficiency. It provides a streamlined approach to monitoring, assessing, and mitigating risks, ensuring informed decisions and compliance.
AI-Powered Assistant
Symbiant AI connects data across your organisation, delivering actionable insights and seamless workflows. From logical, data-driven risk scoring to uncovering root causes and predicting the domino effect of control failures, Symbiant AI empowers smarter, faster decisions. Eliminate duplicate risks in seconds, refine controls, identify emerging risks, and so much more—all tailored to your business.
Audit Management Software
The Symbiant Audit Management Software module streamlines audit planning, action tracking, and time management. It automatically pulls relevant data, allows easy report customisation, and generates professional audit reports.
Hover to Explore our Solutions.
Symbiant
All-in-One GRC & Audit
Management Powerhouse
Symbiant’s flexible, modular platform streamlines governance, risk, compliance, and audit—so you can reduce complexity, adapt fast, and stay focused on achieving your objectives.
Our Solution at a Glance:
Risk Management Software
The Symbiant Risk Management Software module enables organisations to identify, understand, and manage risks with ease and efficiency. It provides a streamlined approach to monitoring, assessing, and mitigating risks, ensuring informed decisions and compliance.
AI-Powered Assistant
Symbiant AI connects data across your organisation, delivering actionable insights and seamless workflows. From logical, data-driven risk scoring to uncovering root causes and predicting the domino effect of control failures, Symbiant AI empowers smarter, faster decisions. Eliminate duplicate risks in seconds, refine controls, identify emerging risks, and so much more—all tailored to your business.
Audit Management Software
The Symbiant Audit Management Software module streamlines audit planning, action tracking, and time management. It automatically pulls relevant data, allows easy report customisation, and generates professional audit reports.
Trusted Across Industries
Real Results with Symbiant: GRC Success Stories from Our Clients
Symbiant powers governance, risk, compliance, and audit functions across a wide range of sectors—from financial services and logistics to local authorities and regulators. Explore our case studies to see how our modular GRC, Risk and Audit Management software helps teams effectively achieve business objectives, work smarter, reduce costs, and stay ahead of emerging risks.
See how organisations like SRBS, Whistl, Marsh Finance & more, use Symbiant to improve compliance, manage risk more effectively, and simplify audit processes—on one agile platform built around their unique needs.
” We have had nothing but good experiences and we have a very strong relationship with the team at Symbiant. We continue to use Symbiant for a few reasons. 1. Cost – I don’t know of a GRC solution as broad as ours for a similar price. 2. Customisation – we are able to make changes to have the system look, feel, and run to our requirements with ease. 3. Support – the team at Symbiant Support are friendly, knowledgeable, understanding, and quick to respond.”
— Ben Moulds, Risk, Assurance and Compliance Manager, Whist
” Our previous risk system had very limited functionality, was very difficult to use and was expensive. […] Reporting was manual, inefficient and error prone.With Symbiant, we now have a system which is simple, easy to use, cost effective, and connects risks, controls, incidents and action tracking in one tool. […] Reporting is quick and easy, and the system is very well designed and user friendly. The Symbiant team were very helpful and collaborative when adapting the system to meet our specific needs.”
— Camilla Owen, Head of Non-Financial Risk (1st Line of Defence)
— Megan Macpherson, Risk Analyst, SRBS”Before we moved to Symbiant, we were spreadsheet-based, which was a very manual and time-consuming process […]. We also had a bespoke ‘waterfall report’ made to show changes in risk scores month by month — it makes it very clear to see any changes over the last six months.”
”We sought a Risk and Compliance software solution due to the cumbersome and manual process of managing everything through spreadsheets and folders. […] Our account manager at Symbiant actively listens to our requirements and proposes enhancements to improve functionality. Symbiant has revolutionised our R&C department’s operations, easing our workload and enhancing compliance levels.”
— Dan Simpson, Risk & Compliance Director
unbeatable pricing