tag:,2009:/1/tag:www.readwriteweb.com,2009://1.15599- 2009-07-05T19:04:34Z Comments for Risky Business: Enterprise GRC Platforms Essential, Says Forrester Movable Type 4.23-en tag:www.readwriteweb.com,2009://1.15599 2009-07-03T22:39:00Z 2009-07-04T04:28:41Z Risky Business: Enterprise GRC Platforms Essential, Says Forrester In a new report issued on the first of the month, Forrester Research has asserted the importance of enterprise platforms for governance, risk management, and compliance (GRC). Pointing to big name corporate failures in the last decade, they argue that the value proposition for GRC software is clear, and they identified leaders in this growing... Steven Walling danger_workingonline.jpgIn a new report issued on the first of the month, Forrester Research has asserted the importance of enterprise platforms for governance, risk management, and compliance (GRC). Pointing to big name corporate failures in the last decade, they argue that the value proposition for GRC software is clear, and they identified leaders in this growing market.

The open question from the research is whether enterprises will really see the need as being so desperate. Fear may be a great motivator, but GRC platforms have yet to prove that they're a piece of IT that businesses require to succeed.

]]> GR What? Governance, risk management and compliance platforms take a broad and complex series of business tasks and whittle them down to a central point of focus for the enterprise.

Basically, they're a technological solution for keeping track of programs of corporate governance, managing known and potential risks for a business, and staying in compliance with regulatory requirements. All these platforms incorporate varying degrees of workflow management, data visualization, content management, and reporting on related performance metrics.

The Leaders

Forrester examined 14 vendors of enterprise GRC platforms, and picked AXENTIS, BWise, MetricStream, OpenPages, and Thomson Reuters as leaders in the space.

It might surprise you that GRC platforms from enterprise software giants like SAP have been beaten out by much smaller vendors. But in an emerging market, it makes perfect sense that agile young companies can dominate big players who have come late to the game.

Forrester The Forrester Wave Enterprise Governance, Risk, And Compliance Platforms, Q3 2009.pdf (page 8 of 17).jpg

Close, But No Cigar

Integrated governance, risk management and compliance platforms present a new way to handle these business processes. Forrester itself published a report that predicted GRC would first "hit the big time" just this year. All the leaders in the market thus far have sold a respectable amount of customers on the notion that they decrease risk, boost overall efficiency, and make strategy and decision making easier.

But platforms for governance, risk and compliance still come off as a specialist product for large enterprises in volatile markets, rather than a core business tool. The ever-growing pack of GRC vendors have clearly defined the value they deliver, but not that they're something the enterprise cannot do without during a period of belt tightening.

Image courtesy Forrester Research, Photo credit Gill Wildman

]]> tag:www.readwriteweb.com,2009://1.15599-comment:145363 Comment from Paul Dandurand on 2009-07-04 Paul Dandurand http://www.piematrix.com Steven,
I agree that GRC is not at the core. I think many companies see GRC as a special focus for selected individuals rather than integrating GRC best practices into everyone's day-to-day work. Aside from staying out of jail with certain requirements (i.e. Sarbanes-Oxley), adoption may come when business departments find ROI from implementing best practices that lead to lower cost or increased revenue. However, we are all guilty of spending too much time putting out fires rather than taking a breather to build processes that make our lives better with less risk. The killer app, is not the app, it's the discipline along with the process content that drives business ROI and keeps us out of trouble. Those serious about systematically avoiding fires will first need to make it a top priority. Then they would need to find process and project management platforms and GRC systems that are made for everyone. By that I mean it has to be simple for cross-enterprise user adoption. Only then I see GRC becoming a core function for business of all sizes.

]]> 2009-07-04T14:43:02Z