Risky Business: Enterprise GRC Platforms Essential, Says Forrester
In a new report issued on the first of the month, Forrester Research has asserted the importance of enterprise platforms for governance, risk management, and compliance (GRC). Pointing to big name corporate failures in the last decade, they argue that the value proposition for GRC software is clear, and they identified leaders in this growing market.
The open question from the research is whether enterprises will really see the need as being so desperate. Fear may be a great motivator, but GRC platforms have yet to prove that they're a piece of IT that businesses require to succeed.
GR What?
Governance, risk management and compliance platforms take a broad and complex series of business tasks and whittle them down to a central point of focus for the enterprise.Basically, they're a technological solution for keeping track of programs of corporate governance, managing known and potential risks for a business, and staying in compliance with regulatory requirements. All these platforms incorporate varying degrees of workflow management, data visualization, content management, and reporting on related performance metrics.
The Leaders
Forrester examined 14 vendors of enterprise GRC platforms, and picked AXENTIS, BWise, MetricStream, OpenPages, and Thomson Reuters as leaders in the space.It might surprise you that GRC platforms from enterprise software giants like SAP have been beaten out by much smaller vendors. But in an emerging market, it makes perfect sense that agile young companies can dominate big players who have come late to the game.
-thumb-550x357-6363.jpg)
Close, But No Cigar
Integrated governance, risk management and compliance platforms present a new way to handle these business processes. Forrester itself published a report that predicted GRC would first "hit the big time" just this year. All the leaders in the market thus far have sold a respectable amount of customers on the notion that they decrease risk, boost overall efficiency, and make strategy and decision making easier.But platforms for governance, risk and compliance still come off as a specialist product for large enterprises in volatile markets, rather than a core business tool. The ever-growing pack of GRC vendors have clearly defined the value they deliver, but not that they're something the enterprise cannot do without during a period of belt tightening.
Image courtesy Forrester Research, Photo credit Gill Wildman
Share
Facebook
Sponsored by
-
Is the Relational Database Doomed?
February 12, 2009 / 132 Comments -
4 Ways Companies Use Twitter for Business
March 26, 2009 / 53 Comments -
A New Era For Corporate Culture: iPhone Use Doubles in the Enterprise
January 26, 2010 / 3 Comments -
Will the iPad Be as Much of an Enterprise Success as the iPhone?
January 27, 2010 / 12 Comments -
LTech: Moving Sharepoint To Google Apps
January 28, 2010 / 0 Comments
-
Is the Relational Database Doomed?
February 12, 2009 / 132 Comments -
Windows Azure Drive: A Sign of Things to Come for Microsoft
February 2, 2010 / 1 Comments -
Dachis Group Acquires Headshift: Say Hello to a Social Business Consulting Powerhouse
September 1, 2009 / 9 Comments -
OpenCalais to Add Semantic Metadata to Oracle Databases
September 1, 2009 / 4 Comments -
Google Wants You to Do Side-by-Side Comparisons in Search
August 19, 2009 / 7 Comments
Comments
Subscribe to comments for this post OR Subscribe to comments for all ReadWriteEnterprise posts
Steven,
I agree that GRC is not at the core. I think many companies see GRC as a special focus for selected individuals rather than integrating GRC best practices into everyone's day-to-day work. Aside from staying out of jail with certain requirements (i.e. Sarbanes-Oxley), adoption may come when business departments find ROI from implementing best practices that lead to lower cost or increased revenue. However, we are all guilty of spending too much time putting out fires rather than taking a breather to build processes that make our lives better with less risk. The killer app, is not the app, it's the discipline along with the process content that drives business ROI and keeps us out of trouble. Those serious about systematically avoiding fires will first need to make it a top priority. Then they would need to find process and project management platforms and GRC systems that are made for everyone. By that I mean it has to be simple for cross-enterprise user adoption. Only then I see GRC becoming a core function for business of all sizes.
Greate article, Steven, however in your final opinion statement you have underestimated business' appetite for change. Rather, we find that recent "belt tightening" has been a catalyst. Organizations eager to not find themselves in this handbasket again are reviewing their systems and processes for opportunites to improve, and GRC emerges repeatedly as a leading opportunity.
Having said that, senior teams that identify their top ten corporate risks and assess them periodically is a good start, but most will admit it is as futile as looking for your long lost keys under a nearby street lamp simply because the light is better there.
In fact, we all participate in GRC activity every day; it's just never been given a single name or assigned a vocabulary. Now we are building the vocabulary which will enable us to socialize GRC and manage the long tail, not just the top ten.
Risk Management: it's not just for managers anymore.
Steven, it is clear to me that many organizations and executives still view risk management, or in it's widest scope, GRC, as a cost to the business. Something that should or has to be done, as opposed to something that drives competitive advantage and business performance.
You allude to the fact that GRC is something the enterprise can do without during a period of belt tightening - at Strategic Thought we believe the opposite - that risk management delivers competitive advantage and increased business performance. To give you a single, simple and clear example of what this means in ROI terms, we have helped a number of our customers reduce their total insurance costs from between 3%-8% using our enterprise software. It doesn't take too much extrapolation to understand how the magnitude of this type of cost saving is driving differentiation in the market for those companies willing to embrace change. This example is one of around 20 specific value propositions we offer customers in GRC.
Focus on Reward side (the upside) of GRC is therfore where the hidden value is - the trick is in selecting a vendor that speaks such language.
One newcomer and therefore not on the Forrester report is Xactium.com the cloud enterprise GRC specialist using the Force.com platform for a comprehensive GRC solution.
The company's claim of applications in weeks not months is true (see MF Global) and offers all the advantages of Gartner quadrant leading cloud computing.
Thank you for your sharing.!