GRC and technology. Every organization does GRC, not every organization does GRC well. You will not find an organization that states it lacks governance, does not care about risk, and forgets about compliance. Organizations may not call it GRC – but they have GRC processes from the ad hoc to the mature. What makes a mature GRC approach – either at the departmental or enterprise level – different from an immature approach is how the organization utilizes process, technology, and information. Technology makes GRC and its individual components of governance, risk management, and compliance more effective, efficient, and agile.
Over the years GRC technology has evolved and changed. There is not one vendor that delivers all of GRC, there are many market segments and niches. In 2012, GRC 20/20 recognized ten vendors from a few dozen submissions in the 2012 GRC Technology Innovation Awards. To recognize how technology is evolving, GRC 20/20 Research is proud to announce the 2nd annual GRC Technology Innovation Awards.
The 2013 GRC Technology Innovation Award process was filled with competition. The number of submissions more than doubled over 2012. With 57 submissions there were only twelve slots for winners. GRC 20/20 looked through all of the submissions, asked for clarification where needed, and selected the 12 recipients to receive this honor. Some of these recognitions go to established vendors — others go to up-and-comers. Some have mature offerings, others still need some polish — all are advancing GRC into new areas. The current award recipients show thought leadership and innovative solutions.
Particular trends to note in the 2013 selections are:
- Delivering a GRC marketplace for the exchange of ideas, content, and apps (note RSA Archer started this trend a few years back, but other vendors have picked up on it and have advanced it to new levels);
- Socializing GRC and risk management by utilizing social technologies to facilitate risk collaboration/gameification across the business and engage everyone in GRC and risk management (note BPS Resolver started this trend several years back – but it is just now gaining momentum and a few companies selected are really advancing this concept);
- GRC architecture and integration – it is not about one GRC vendor that can do everything. GRC requires the integration of different types of applications and content to make it work. This requires that we understand the business, how the business operates, and take an enterprise architecture approach to GRC.
- Engaging the employee, at the end of the day GRC is part of everyone’s job description. Forward thinking companies are looking for the user experience and how to get employees more involved and providing elegant interfaces that employees enjoy working with.
Not every vendor selected for the 2013 award fits into one of thee buckets completely, but all this year’s award recipients touch one or more of them with where they are taking GRC technology.
The 2013 GRC Technology Innovation Award recipients are (please follow hyperlinks to see more detail on each recipient):
- The GRC Marketplace: the Force.com of GRC. MetricStream’s Zaplet brings the benefits of Platform-as-a-Service (PaaS) technology to the GRC space, providing a platform to build, market, and sell specialized GRC applications using the power of cloud technology and community.
- Risk collaboration: socializing risk in the enterprise. Riskflo’s Discovery™ platform addresses the fundamental challenge of capturing, integrating and sharing the knowledge of how a risk behaves.
- Engaging Risk: providing a social GRC architecture. Integrc’s "Engaging Risk” is a combination of integrated GRC knowledge solutions that helps organizations achieve greater understanding and interaction.
- Delivering GRC Architecture. MEGA’s Holistic Operational Excellence platform (HOPEX) integrates enterprise architecture (EA) capabilities with GRC capabilities into one platform.
- Mind-mapping GRC. C2CSmartCompliance’s Compliance Mapper has a powerful GRC content mapping engine that allows an organization to graphically map regulatory and customer-generated content and click to establish bi-directional links.
- The user experience: the Apple of GRC. The Network’s Integrated GRC Suite is innovative for its design and end user experience.
- Integrating content, experience, and process. Think of Compli Portfolio™ as the “electronic binder” that integrates the work of internal and external experts in an elegant user experience to illustrate and manage an organization’s compliance and risk profile.
- Managing risk in social networks. OpenQ’s SafeGuard™ is addressing the risk of social technologies in regulated industries that have held back from using social technology because of GRC concerns.
- Advancing GRC mobility. Supporting GRC activities on the move, Blackthorn CaseNotes represents one of the most feature rich GRC mobile apps available.
- From GRC idea to “there’s an app for that.” Compliance Assurance Corporation’s Compliance Idea eXchange (CIE) enables their clients to drive innovation, with a particular focus in GRC in the insurance vert
- Advancing GRC analytics. In the era of ‘Big Data,’ SAP HANA Analytics Foundation for SAP Solutions for GRC shows innovation in addressing the burgeoning velocity, volume, and variety of GRC governance, risk and compliance data in the enterprise.
- Efficiencies in reporting. ControlPanelGRC’s AutoAuditor enables companies to be in a state of continuous audit readiness by automating manual reporting processes, and through its intuitive design AutoAuditor adapts to each company’s specific reporting demands.
GRC 20/20 wishes we could recognize more – but we had to put a cap somewhere. Twelve seemed like the appropriate number. There were many great submissions – some more innovative than others. The 2014 award nomination process will begin in October of 2013. Further, GRC 20/20 will be doing another award process called the GRC Value Awards. Nominations will be accepted starting in April 2013 and award recipients will be selected and announced in July 2013. That process will look to find who has the best-substantiated value proposition in various categories of GRC software. Stay tuned.