Global markets are in turmoil, investigations into corporate and executive wrong doing, demands for increased oversight and regulation . . . while the economic climate in general is in question there is no doubt that organizations need stronger corporate governance, enterprise risk, and compliance oversight.
The challenge for risk and compliance managers is to make sense of a GRC market with over 1300 providers of technology and consulting services. The challenge for technology providers, professional service firms, and knowledge providers is to make sure their message and value is clearly articulated so they can be heard above the swarm of competitors.
One thing is certain . . . buyers of risk and compliance products and services have specific issues they need to deal with. Specific economic and treasury risks, specific operational risks, specific compliance issues. Providers that tout a generic swiss army knife approach will find their offerings in a tailspin – shot down by competitors that know how to solve the specific problems organizations are trying to solve.
GRC 20/20’s research has identified 27 issue and corresponding solution areas that organizations are looking for specific help from technology, consulting, and knowledge providers. This cross-industry view represents the core of GRC 2.0 the GRC EcoSystem. While these are not all of the risk and compliance issues organziations face – these are the most challenging ones driving organizations to look for consulting help and technology solutions. These 27 areas are . . .
|3rd Party Management||Anti-money Laundering||Audit Management||Brand & Reputation|
|Business Continuity/Resiliency||Corporate Compliance||Corporate Governance||Corporate Social Responsibility|
|Corruption & Fraud||Crisis Management||Employment/Labor||Enterprise Risk Management|
|Environmental||Ethics & Integrity||Financial Assurance & Control||Geo-Political Risk Management|
|Global Trade & International Dealings||Health & Safety||Information Risk & Compliance||Insurance & Claims Management|
|Investigations||Legal Matter Management||Operational Risk Management||Physical Security|
|Privacy||Quality||Treasury Risk Management|
While organizations struggle in these 27 core areas – they want to make sure that their investment in technology can be leveraged for other risk and compliance issues. They are tired of wasteful spending and fragmented approaches to GRC – organizations want to be assured that their investment can be the backbone of a risk and compliance architecture.
GRC 20/20 has defined a core GRC architecture of 13 technology architecture categories that can be leveraged across risk and compliance processes to provide for sustainability, consistency, efficiency, transparency, and accountability. These 13 core GRC technology architecture categories are. . .
|Assessments & Surveys||Audit Management||Control Documentation & Repository||Control Monitoring & Enforcement|
|Enterprise Asset Management||GRC Dashboards & Reporting||Hotline & Whistleblower||Identity & Access Management|
|Investigations, Event, & Loss Management||Policy & Procedure Management||Risk & Regulatory Intelligence||Risk Analytics & Modeling|
|Training & Awareness Management|
We encourage you to comment on GRC 20/20’s GRC EcoSystem model as we wrap up the written research that will be published in the next few weeks. If you have comments on the GRC EcoSystem model – please send them to firstname.lastname@example.org.