Considerations in Selection of Risk Management Solutions
Risk management is pervasive throughout organisations. There are many departments that manage risk with a variety of approaches, models, needs, and views into risk. This makes enterprise and operational risk management a challenge. Organizations often fail in enterprise risk management strategies when they force everyone into one flat view of risk, they also fail when they allow different views of risk but do not consider risk normalisation and aggregation as they roll-up risk into enterprise reporting.
This is further complicated by the variety of technology solutions available to manage risk. Some are broad enterprise or operational risk platforms. In this context some solutions can be very narrow and limiting in which different departments lose capabilities they need, while other solutions can be very broad and adaptable. There are a variety of very focused risk solutions that excel at specific areas of risk management. Organizations are often best served to take a federated approach to risk management that allows different departments some level of autonomy and supports their department level risk management strategies but also enable a common information and technology architecture to support overall enterprise and operational risk management activities and reporting.
Whether for a department risk management need, or to manage enterprise and operational risk across the organization, risk management solutions are in demand. Recent RFP and inquiry trends that GRC 20/20 is involved with show a growing demand for integrated cross-department risk management solutions. There are several hundred solutions available in risk management with varying capabilities and approaches. Organizations need to clearly understand the breadth and depth of their requirements, map these into risk solutions capabilities, and understand that there is no one size fits all solution for risk management no matter what solution providers may say. It has become a complex segment of the GRC market to navigate, understand, and find the solution(s) that are the perfect fit for your organization.
In this Research Briefing GRC 20/20 provides market definition and a framework for organizations evaluating or considering risk management solutions.
- Defining & Understanding Risk Management
Definition, Drivers, Trends & Best Practices
- Market Overview
Market Definition & Segmentation
- Critical Capabilities of a Risk Management Platform
What Differentiates Basic, Common, & Advanced Solutions
- Considerations in Selection of a Risk Management Platform
Decision Framework & Considerations to Keep in Mind
The GRC Pundit helps organizations . . .
- Define and scope the risk management market
- Understand risk management drivers, trends, and best practices
- Relate the components of what makes a risk management platform
- Identify core features/functionality of basic, common, and advanced risk management platforms
- Map critical capabilities needed in a risk management platform
- Predict future directions and capabilities for risk management
- Scope how to purchase risk management platforms in a decision-tree framework
- Discern considerations to keep in mind as you evaluate risk management solutions
This Research Briefing is aimed to assist . . .
- GRC professionals with the responsibilities to identify, assess, manage, monitor and/or provide assurance on risk.
- GRC solution providers offering risk management solutions
- GRC professional service firms advising organizations on risk management
- GRC content & intelligence providers that provide risk content and templates
Michael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 23+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.