This is the busiest I have ever been as a GRC analyst and market researcher. Lot's of RFPs and projects happening, in fact tracking several dozen current RFP and GRC process improvement initiatives within organizations. For example, there are approximately a dozen RFPs in the policy management sector of GRC right now.
I am hard at work on redefining the whole GRC market with my GRC 3.0. I will have a completely revised market model with market reports available about the end of April. This research shows that the GRC market is broad, with about 500 solution providers – but even more professional service firms. There are many sectors and sub-sectors to the market.
NOTE: I am discussing the GRC market. GRC itself is broader than technology, content, and consulting services. What I am discussing is the market for GRC technology, content, and consulting services as it serves and supports broader GRC initiatives. And every organization does GRC. It does not matter if you use the GRC label or something else. The simple truth is every organization has some approach (even a bad one) to aspects of Governance, Risk Management, and Compliance. There is no argument over if any organization does GRC or not – everyone does. It is a question of maturity. How mature and integrated (not consolidated) is an organizations approach to GRC.
FURTHER NOTE: While there is a concept of the GRC Platform, the GRC market is much broader than this. It includes sectors for risk management, audit management, compliance management, policy management, investigations/issue management, identity and access, 3rd party management, IT risk/compliance/security, fraud, and many others. In fact, many of these areas have sub-sectors. Compliance management has sub-sectors for regulatory change management, assessments, and more.
AND ANOTHER NOTE: GRC 20/20 gives full and free inquiry access to buyers of GRC technologies – across the GRC market landscape. If you are an organization looking for advice on the solutions, services, and best practices in GRC at the enterprise, department, or specific issue/risk area – send me an email. Inquiries are specific questions that can be answered via email or phone in less than a 1/2 hour. Free inquiries are only available for consumers of GRC solutions and services. Currently GRC 20/20 fields several hundred such inquiries each year.
As I am hard at work on GRC 3.0 – I thought I would share my latest messaging about GRC 20/20 Research in this newsletter. I would love to hear your thoughts on how GRC 20/20 Research can provide you the deepest market research, benchmarking, and training in the GRC space. . .
GRC 20/20 is about Clarity of GRC Vision
20/20 vision is perfect clarity. Clarity, so you are able to see and process your surrounding context and react accordingly.
Clarity of Governance, Risk Management and Compliance
GRC 20/20 Research, LLC (GRC 20/20) provides objective market research, benchmarking, training, and analysis on topics related to governance, risk management and compliance (GRC).
GRC is “a capability to reliably achieve objectives [GOVERNANCE] while addressing uncertainty [RISK MANAGEMENT] and acting with integrity [COMPLIANCE].” This is the OCEG definition for GRC Capability and integrates with their definition of Principled Performance.
Every organization does GRC – though it may not be called GRC. The truth simply is that every organization has some approach to governance, risk management and compliance. The question is how mature is the approach. To achieve higher levels of GRC maturity requires an understanding and integration of the context of the business and its environments with GRC strategy, process, information, and technology architecture. GRC happens at an enterprise level, but is most frequently focused on department/function/role needs and address specific risk and regulatory issues.
The GRC market is the demand for technology, content, and service/consulting solutions that address specific aspects/components of GRC or the overall strategic vision for GRC the enterprise. GRC is a macro-market with many sectors and sub-sectors. It is not about one product category that tries to be all things to the organization. Over eighty-percent of the market is focused on department or specific risk and regulatory issues, and less than twenty-percent is focused on top-down enterprise GRC strategies. There are over 500 solution providers that GRC 20/20 has mapped into the sectors of the GRC market, and monitors market size, demand, growth, and directions.
GRC 20/20 brings real-world expertise, independence, creativity and objectivity to help organizations understand and apply strategies and technology to meet GRC challenges. Whether focused on a specific issue, department-level strategy, or an enterprise-wide GRC strategy, clients seek GRC 20/20 advice in achieving sustainable and pragmatic innovation. GRC 20/20 advises the entire ecosystem of GRC solution buyers, solution providers/vendors, content, and professional service firms. We serve the needs of organizations that seek insight, guidance and advice in dealing with a dizzying array of disruptive issues, challenges, processes, information and technologies while trying to maintain control of a distributed and dynamic business environment.
GRC 20/20 is a:
- Buyer advocate, representing the needs of those purchasing GRC solutions to help them navigate provider hyperbole to identify the solutions and services that are practical and deliver on requirements.
- Solution strategist, helping technology, content, and service solution providers understand the demand and needs of buyers to enable product, market, sales, growth, and partner strategies.
- Market evangelist, to educate and evangelize GRC strategies that are practical for the enterprise or specific departments, provide ideas and the role of technology in making GRC processes efficient, effective and agile.
Through ongoing research and industry interaction, GRC 20/20 is the authority in understanding how organizations approach governance, risk management and compliance practices that are effective, efficient and agile. We advise organizations about how to identify and select the right combination of GRC technology, content, and professional services to maintain a position of integrity aligned with business values, objectives, strategy and performance.
Unlike the major market research and analyst firms – GRC 20/20 aims to be:
- Affordable. GRC 20/20 rates are 1/3rd to 1/4th of what you will find at the major analyst firms. Organizations and solution providers do not need to pay $1,000+ an hour for analyst time.
- Deep. GRC 20/20 does not believe that the GRC market can be represented in a single two-dimensional comparison of a handful of select solutions. Major analyst firms have misrepresented the market this way. We are the only GRC market research and analyst firm to provide detailed selection criteria and market sizing and growth for different sectors/sub-sectors of the GRC market.
- Pragmatic. GRC 20/20 understands that there are many niches to the GRC market and tha
t most buyer activities are not trying to do enterprise GRC. GRC 20/20 prides itself on real-world experience – advisors that have experience in the trenches of the organization and know what works and does not work. GRC 20/20 research is VOID of being academic ivory towers disconnected from the real world.
- Collaborative. GRC 20/20 understands we live in a social world field with professional communities and circles. GRC 20/20 actively engages organizations buying solutions, non-profit associations, solution providers, professional service firms, and others to get complete clarity of aspects of the GRC market and how it should be modeled.
- Social. GRC 20/20 knows that to be collaborative requires engagement in social networking. To be actively involved in discussion, debate, and thought leadership in the social communities GRC professionals participate int. GRC 20/20 analysts do not sit back in cloistered offices and avoid getting involved in the real GRC world.
- Reachable. GRC 20/20 is easy to access. Clients of GRC 20/20 can phone, email, text, instant message, tweet, or even send smoke signals if necessary to communicate with us and help you get the answers to your questions when you need them. In fact, GRC 20/20 offers free inquiries to buyers of GRC solutions and services to help them get the understanding they need to take the next step. GRC 20/20 fields several hundred inquiries each year with buyers of GRC solutions and services, and many more from providers of GRC solutions and services
- Transparent. GRC 20/20 represents and works with the ecosystem of buyers and GRC solution, service, and content providers. GRC 20/20 revenue comes from a mixture of these elements, and is fully committed to objectivity in research, and is not afraid to disclose solution provider relationships.
I would love to hear your thoughts on analysts in the GRC market . . .