GigaOm Radar for Governance Risk and Compliance Solutionsv1.0

1. Summary

Risk and risk management should be a driving force within IT departments. However, for most enterprises, risk management is considered a tax levied on technology infrastructure already swimming in oceans of technical debt.

Yet if the recent pandemic showed us anything, it is that managing risk—particularly unforeseen scenarios—is critical both to life safety and to how effectively a business can recover from unexpected impact.

With the effects of the pandemic still in play, but with the economy recovering, we take a look at companies selling software platforms that manage governance, risk, and compliance (GRC), from the perspective that in these “unprecedented times,” GRC software should take on new importance and be seen in a new light.

The companies we looked at all specialize in providing software designed to identify and report on risk by tracking and measuring how well a company is doing against a set of criteria and controls. These metrics range from financial audits to IT security measurements and can be scoped to fit the GRC requirements of small, medium, and large companies. In some cases, the software allows auditors to manage multiple audits, including multiple audits across multiple companies.

GRC is the assessment and measurement of risk, including the ability to report on what is controlled and what cannot be, the outcome of that position in terms of compliance, and the overall governance of business processes. There are many frameworks that can be used to measure many different types of business processes.

Leading GRC solutions streamline the process of determining what risks are in scope, gathering the status of the controls in place that are used to manage the risk, and report on progress.

This is a particularly interesting time in the field of risk management because of how technology is converging in ways that allow the measurement of risk to become more automated and programmatic.