GigaOm Radar for Governance, Risk, and Compliancev2.0

1. Summary

Governance, risk, and compliance (GRC) is an approach to the assessment and measurement of operational business risk. It includes the ability to report on what can and can’t be controlled and whether an organization is meeting its governance and compliance objectives. Accomplishing this mission, however, can be time consuming and resource intensive.

GRC software solutions provide an integrated suite of capabilities to help enterprises implement and manage their GRC programs. They are designed to help a company unify its approach to assessing and managing risk, and to ensure that the results are made available to stakeholders to enable better decision making. For example, a GRC solution will provide reports related to assurance, internal audits, risk assessments, and compliance monitoring, all of which promote better operational and business decisions.

A GRC solution will also help an organization to establish, automate, and manage risk assessments, which can substantially help the company meet regulatory and audit requirements by providing strong evidence of its risk reduction strategies and their success.

The GRC market is continuing to evolve and grow as organizations become increasingly aware of the importance of robust governance and compliance plans, but it is not just governance and compliance that is driving demand. Organizations also see the role that good processes and controls can play when it comes to resilience, agility, and threat management. Moreover, the commercial necessity of adopting better GRC has become apparent because it has also become increasingly important to customers and suppliers who, for their own GRC reasons, must verify that everyone in their supply chain is meeting robust standards.

The evolution of GRC is highlighted in a number of key areas. Cybersecurity, resilience, and governance are at the heart of many GRC strategies and are also the focus of a number of new players in the GRC market. These are vendors who see security as the obvious first step into GRC for organizations who have not adopted it previously.

This emphasis on security is also driving automation into many solutions because security, perhaps more than any other part of an organizational GRC approach, benefits from continuous automated monitoring and control.

A related sector, environmental and social governance (ESG), is also becoming an area of interest for many organizations as they become more cognizant of their wider responsibilities to the environments in which they operate. This is a developing area, with standards only beginning to emerge. However, for those organizations who take ESG seriously, finding solutions that allow them to track their progress is essential.

For today’s organizations, the robust adoption of a GRC solution can benefit them both technically and commercially, making their operations and systems more efficient and resilient while ensuring they meet the governance demands of their customers, all of which can lead to a real commercial advantage over their competitors.

This GigaOm Radar report is an update of our previous report on the GRC market. It highlights key vendors and equips IT decision-makers with the information needed to select the best fit for their business and use case requirements. In the corresponding GigaOm report “Key Criteria for Evaluating GRC Solutions,” we describe in more detail the key features and metrics that are used to evaluate vendors in this market.