Primarily, the risk analysis system.
While it does provide all the tools needed to complete a standard risk analysis; I find it is unique about the GLG processes in that it is actually more convoluted than doing it manually; it is worth noting at this juncture that I believe that there are discussions about overhauling this process.
This really boils down to how the scoring of harms is done. Currently, both the probability and the severity are tied to the harm - placing that harm on the matrix; which sounds reasonable.
However, in practice, the probability should be tied to the foreseeable event that would cause that harm - and there are often a great array of foreseeable events, each with different probabilities, that would all cause the same harm.
This means you have to duplicate the harm over and over again as you work through your analysis in order for it to land in the correct place on the risk matrix. This can get confusing when reviewing the analysis; even though the harms are uniquely identified, it is the titles of harms you're really reading. Review collected by and hosted on G2.com.