I recently published my”2008 GRC Drivers, Trends, & Market Directions”research illustrating the dynamic and growing nature of GRC adoption within organizations and the direction and size of the overall GRC market for products and services. Below are the summary highlights from this piece of research. . .
Organizations Embrace GRC Principles
The Governance, Risk, and Compliance (GRC) market is in significant momentum as organizations embrace collaboration across silos of GRC and generally recognize that something needs to be done.
GRC is About Organizational Collaboration
GRC is more than a catchy acronym used by technology providers and consultants to market their solutions – it is a philosophy of business. This philosophy permeates the organization – its oversight, its processes, and its culture. Organizations are approaching GRC to get an enterprise view of risk and compliance that requires that GRC initiatives involve a federation of professional roles working together in a common framework, collaboration, and architecture to achieve:
- Sustainability. Organizations demand a sustainable process and infrastructure for ongoing governance, risk, and compliance processes that are becoming more onerous.
- Consistency. Organizations require that multiple roles in the organization start working together in an integrated framework.
- Efficiency. GRC aims to ease the burden on business by leveraging common processes, assessments, and information.
- Transparency. Business demands transparency across key-performance and risk indicators so it can monitor the organization’s health, take advantage of opportunity, and avert or mitigate disaster.
Drivers Influencing Corporate Directions in GRC
Good governance is built upon diligent risk and compliance management processes. In today’s business environment, ignoring a federated view of GRC results in business processes, partners, employees, and systems that behave like leaves blowing in the wind. Through ongoing research and interactions with organizations around the world, GRC 20/20 has identified the following drivers that are the primary influencers driving organizations to consider and adopt GRC strategies:
- Growth of Corporate Social Responsibility.
- Increasing governance demands.
- Rating agencies focused on enterprise risk management.
- Increasing risk profile in a distributed world.
- Connecting performance management to risk management.
- Increasing regulatory compliance profile.
- Impact of the extended enterprise.
- Inefficient, manual, and siloed risk and compliance initiatives are ineffective.
Silos of GRC Lead to Greater Exposure to Risk
A reactive and siloed approach to GRC is a recipe for disaster and leads to . . .
- Lack of visibility. A reactive approach to risk and compliance leads to siloed initiatives that never see the big picture.
- Wasted and/or inefficient use of resources. Silos of risk and compliance lead to wasted resources.
- Unnecessary complexity. Varying risk and compliance approaches introduce greater complexity to the business environment.
- Lack of flexibility. Complexity drives inflexibility – the organization is not agile to the dynamic business environment it operates in.
- Vulnerability and exposure. A reactive approach leads to greater exposure and vulnerability.
2008 Trends Maturing GRC Practices
Organizations are driven to ‘think’ GRC. The complexity of business, increasing risk and regulatory profiles, as well as the nature of extended and global business requires that organizations reengineer how they approach governance, risk, and compliance by leveraging processes as GRC. The 2008 GRC trends within global enterprises addressing GRC include:
- GRC 2.0 – the GRC.EcoSystem.
- Maturation of GRC technology.
- Next generation policy and procedure management.
- Enterprise investigations and loss management.
- Policing the extended enterprise.
- Software as a Service grows as a GRC implementation model.
- Beginning of GRC outsourcing.
- Risk & regulatory intelligence.
- GRC is growing organically within organizations.
- GRC is spanning industry verticals and business processes.
The GRC Market in Momentum
The GRC market is growing and expanding – though, from a market size perspective, it remains difficult to define and put boundaries around. GRC 20/20 sizes the GRC market in 2008 at approximately $52.1 billion. This is broken down into the three primary categories of GRC 20/20’s GRC EcoSystem:
- GRC Professional Service Market is $40.6 billion in 2008.
- GRC Technology Provider Market is $9.3 billion in 2008.
- GRC Information/Content Provider Market is $2.2 billion in 2008.
NOTE: If you are interested in purchasing this research to dive deeper into these points, click on the following link “2008 GRC Drivers, Trends, & Market Directions”
P.S. – I am involved in the OCEG GRC Forums. There is limited space available, but if you are a senior internal GRC executive/practitioner at a large company I invite you to register for this event . . .
OCEG GRC FORUM: HOW TO ENSURE INFORMATION TECHNOLOGY SUPPORTS GRC PROGRAMS
OCEG continues it’s innovative thought leadership through the OCEG GRC Forums. These forums afford senior GRC and IT professionals the opportunity to collaborate on ways to improve how GRC can be enabled by technology. In one day intensive workshops, leading companies along with subject matter experts will take a “deep dive” and develop strategic plans that address the challenges of improving GRC program information flow and consistency.
Five key issues will be considered with a focus on how technology is leveraged to improve the overall GRC program:
- Corporate risk mitigation emphasis
- Organizational change emphasis
- Global markets emphasis
- M&A emphasis
- Technology-driven business emphasis