Global markets are in turmoil, investigations into corporate and executive wrong doing, demands for increased oversight and regulation . . . while the economic climate in general is in question there is no doubt that organizations need stronger corporate governance, enterprise risk, and compliance oversight.

The challenge for risk and compliance managers is to make sense of a GRC market with over 1300 providers of technology and consulting services.  The challenge for technology providers, professional service firms, and knowledge providers is to make sure their message and value is clearly articulated so they can be heard above the swarm of competitors.

One thing is certain . . . buyers of risk and compliance products and services have specific issues they need to deal with.  Specific economic and treasury risks, specific operational risks, specific compliance issues.  Providers that tout a generic swiss army knife approach will find their offerings in a tailspin – shot down by competitors that know how to solve the specific problems organizations are trying to solve.

GRC 20/20’s research has identified 27 issue and corresponding solution areas that organizations are looking for specific help from technology, consulting, and knowledge providers.  This cross-industry view represents the core of GRC 2.0 the GRC EcoSystem.  While these are not all of the risk and compliance issues organziations face – these are the most challenging ones driving organizations to look for consulting help and technology solutions. These 27 areas are . . .

3rd Party Management Anti-money Laundering Audit Management Brand & Reputation
Business Continuity/Resiliency Corporate Compliance Corporate Governance Corporate Social Responsibility
Corruption & Fraud Crisis Management Employment/Labor Enterprise Risk Management
Environmental Ethics & Integrity Financial Assurance & Control Geo-Political Risk Management
Global Trade & International Dealings Health & Safety Information Risk & Compliance Insurance & Claims Management
Investigations Legal Matter Management Operational Risk Management Physical Security
Privacy Quality Treasury Risk Management  

While organizations struggle in these 27 core areas – they want to make sure that their investment in technology can be leveraged for other risk and compliance issues.  They are tired of wasteful spending and fragmented approaches to GRC – organizations want to be assured that their investment can be the backbone of a risk and compliance architecture.

GRC 20/20 has defined a core GRC architecture of 13 technology architecture categories that can be leveraged across risk and compliance processes to provide for sustainability, consistency, efficiency, transparency, and accountability.   These 13 core GRC technology architecture categories are. . .

Assessments & Surveys Audit Management Control Documentation & Repository Control Monitoring & Enforcement
Enterprise Asset Management GRC Dashboards & Reporting Hotline & Whistleblower Identity & Access Management
Investigations, Event, & Loss Management Policy & Procedure Management Risk & Regulatory Intelligence Risk Analytics & Modeling
Training & Awareness Management      

We encourage you to comment on GRC 20/20’s GRC EcoSystem model as we wrap up the written research that will be published in the next few weeks.  If you have comments on the GRC EcoSystem model – please send them to [email protected].

Leave a Reply

Your email address will not be published. Required fields are marked *