For those that follow my research, governance, risk management, and compliance (GRC) is something every organization does though not every organization does well. Every organization has some approach to GRC whether they call it GRC or something else. Many do not have a name for it. It can be an unstructured, reactive, non-integrated, fire fighting approach to a structured, integrated, collaborative approach. From my perspective, every organization does GRC in some form or fashion. The question is how can it be more efficient, effective, and agile in the organization.

The official definition for GRC, as found in the OCEG GRC Capability Model, is that GRC is a capability to reliably achieve objectives [governance], while addressing uncertainty [risk management], and act with integrity [compliance].

GRC is about people and process, and not primarily about technology. I have been referred to as the Father of GRC being the first to use the acronym back in February 2002 while at Forrester. Yes, I talk about GRC technology but technology is used to enable GRC and make it more efficient, effective, and agile. It really bothers me when organizations tell me they just bought GRC. You do not buy GRC, you do GRC. Technology just enables it. Though technology is used in every aspect of GRC from manual processes burdened with documents, spreadsheets, and emails to structured enterprise GRC programs.

That being said, there is a wide range of technologies to enable GRC and make it more efficient, effective, and agile. GRC 20/20 has mapped over 800 technology solutions into various aspects of the GRC market. No one does everything. There are enterprise GRC platforms, audit management platforms, IT GRC, EH&S solutions, policy management, compliance management, case management, third party management, and many more. GRC 20/20, in our research and interactions, helps organizations identify their requirements and select the right technologies to meet those requirements. We answer between 5 and 15 inquiries every week from organizations looking for technologies to enable aspects of GRC.

GRC 20/20 is announcing the advent of GRC 4.0. This is the 4th generation of GRC related technologies in the market. The key aspects of GRC 4.0 is the enablement of GRC across the organization and its relationships to provide 360° contextual awareness of GRC activities, processes, and alignment with business strategy and objectives. A key aspect of GRC 4.0 is the use of artificial intelligence, cognitive computing, machine learning, and natural language processing to further automate and enable GRC in organizations.

GRC 20/20 will be presenting on the latest GRC 4.0 definition, market drivers, trends, segmentation, sizing, and forecasting in the following upcoming Research Briefings . . .

  • 2017 GRC Market 4.0: The Good, The Bad & The Ugly in GRC Drivers & Trends
    October 23 @ 10:00 am – 12:00 pm CDT. Analysis & Details on GRC Buying Trends & Needs GRC 20/20’s latest market drivers, trends, inquiries, and RFP analysis for GRC 4.0. The most current look at the next generation of the GRC market for the next five years. 2017 has been the busiest year to date in the GRC market. GRC 20/20 has seen a record number of inquiries and RFPs across GRC domains in 2017 and forecasts increased activity into 2018.  This research briefing provides a breakdown of…
  • 2017 GRC 4.0 Market Sizing, Forecasting, Analysis & Segmentation
    October 30 @ 10:00 am – 12:00 pm CDT
    GRC 20/20’s latest market sizing and segmentation for GRC 4.0. The most current look at the next generation of the GRC market with new segmentation, sizing, and forecasting for the next five years. This Market Research Briefing is a two-hour briefing that delivers an analysis of the GRC market segmentation, drivers, trends, sizing, growth, forecasting, and market intelligence. GRC 20/20 has spent the last several months doing a complete overhaul of our market data, models, segmentation and mapping of solutions, sizing, and forecasting.…

1 comment

Leave a Reply

Your email address will not be published. Required fields are marked *