Chalres Dickens might as well have been speaking about the risk and compliance market (GRC market) when he stated “It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness.” 

What was considered foolish a few years back – basically conservatively running a business – now is reaping rewards and once again shows the wisdom in living within ones means (in this case a business).  Vendors that took on too much debt and went to the well of venture funding time and time again now find themselves sinking slowly into the abyss with a millstone of expensive operations and stakeholder expectations sinking them to its depths.

However, those that ran a very conservative business are reaping rewards and seizing opportunity in the current economic environment.  Two such vendors that have publicly come forward with this are Archer Technologies andCompliance 360.  There are others succeeding as well, but there are far more that are treading water hoping some ship of acquisition passes by in the next few months.  Others are sinking with that millstone of debt and excessive expectations.

2009 will bring renewed focus on corporate governance, enterprise risk, and compliance management (GRC).  Organizations will continue to seek help from professional service firms to implement GRC and ERM strategies.  Further, in a tight economy, organizations will continue to implement processes and technology that assist in streamlining risk and compliance operations at lower costs.

Interestingly, while compliance will remain a priority I see enterprise risk management pulling ahead in 2009.  This is because of the economy and the fact that organizations need to have a transparent view of risk and performance across the organization.  It also is a result of the complexity and distributed nature of business as well as current challenges such as  Standard & Poor’s risk evaluations impacting enterprise risk strategy. This is driving the risk consulting market more than the technology market at this point.  I see a greater technology spend on enterprise risk management solutions/technology in the 2nd half of 2009.  Right now organizations are recovering from economy shock, a new administration (in the U.S.), and seeking advice on enterprise risk strategy.  My newsletters illustrate a broader trend in risk over compliance – I have a 10% higher read rate on my mailing list of 5500+ subscribers on the Ultimate ERM Platform than I did on the Ultimate Compliance Platform – despite the ERM newsletter went out between Christmas and New Years (bad-timing for a newsletter).

Compliance though remains a priority for organizations.  The SEC in particular has been very vocal that organizations should not cut corners on compliance.  Organizations are struggling to gain an understanding on how they can streamline processes for management of policies as well as communication of them.  There is increased interest in automating compliance and control monitoring within business systems and processes.  Further, organizations desire to get an enterprise view into loss, issues, and incidents – which is a necessity to truly manage and measure enterprise risk.

The single focus area of risk and compliance that will get the most attention in 2009 is managing risk and compliance across extended business relationships (e.g., 3rd parties, supply chain, vendors, outsourcers, service providers).  This focus area of risk and compliance has been my busiest over the last several months. I have had well over a dozen conversations with large international organizations trying to figure out how to manage employment/labor, code of conduct, anti-corruption, quality, safety, and security across extended business relationships.

This is just a quick summary of the complexity, challenges, and potential for the risk and compliance(GRC) market in 2009. For those interested, I will be doing an online 2-hour workshop on this topic February 2nd – 2009 Fundamentals, Trends, & Market Directions.

Leave a Reply

Your email address will not be published. Required fields are marked *