New GRC strategies, mergers, acquisitions . . . the last few weeks have been hopping for a market research analyst.Every time I sat down to blog on my thoughts someone else has come out without an announcement resulting in a whirlwind of buyer, market, and press questions.Between sessions at the OCEG GRC 360 Executive Forum I have found time to gather my thoughts and provide them to you briefly.
However, this is just a pause in the storm of GRC related activity happening.There are a few other announcements I expect to hit the press in the next month or two as other GRC vendors revise their approach as well as focus on more consolidation through acquisitions.
For now – let us look at the announcements by IBM/OpenPages, Wolters Kluwer/FRS Global, and Thomson Reuters – in the order they were made public.
IBM has struggled for years with a consistent technology approach to GRC.While I have found that IBM Global Services has fairly consistently delivered a GRC related vision for services, IBM has struggled on the technology side.Five years a go IBM was really pushing Workplace for Business Controls and Reporting as their GRC platform.This did not received by the market very well and IBM thus let a GRC strategy drift in different areas of the organization.IBM acquired FileNet in 2006 – FileNet was starting to make some very focused traction in GRC before the acquisition but fell off the GRC radar after the acquisition.Overall, GRC was hijacked by IBM Tivoli and largely took on an IT risk and compliance view and was not truly enterprise GRC.
OpenPages has been one of the primary market leaders in GRC technology for several years.In the number of GRC related projects Corporate Integrity gets involved with, OpenPages is in the top three vendors (along with Archer and BWise) to consistently get into the final selection in GRC RFP/RFIs.OpenPages has had particular success in focusing on the financial control as well as operational risk management aspects of GRC.
My two cents . . . the acquisition of OpenPages by IBM could be good or bad.It validates the market growth and interest for GRC and is spurning a lot of other activity by other large solution providers looking at GRC.However, I was disappointed that the IBM announcement itself did not reference GRC.It focused on risk management with some limited discussion on compliance – but did not reference the concept of GRC to provide efficiency, effectiveness, and agility to harmonize GRC processes across the business.There seems to be particular interest in enhancing the relationship between business intelligence/strategy (the Cognos side of IBM) with OpenPages risk management capabilities – this is highly interesting and relevant.However, there is a chance that OpenPages itself gets lost in the aftermath of an acquisition and loses market momentum.My advice to IBM is to clearly define and articulate a GRC message and strategy and maintain the OpenPages brand and market momentum.Further, OpenPages has tried with limited success to penetrate the IT Risk and Compliance market – IBM should make OpenPages the process and content hub for an IT GRC strategy that connects with the wide array of IBM’s security and IT management technologies.
Wolters Kluwer Financial Services Acquires FRS Global
In the GRC market – content is king.Many of the vendors have great technologies to manage risk and compliance processes, establish accountability, and implement workflows.The major area lacking in many platforms is content.In the world of IT risk and compliance there is a lot of content for control libraries (e.g., Unified Compliance Framework) but most GRC platforms do not have much to offer when it comes to domain/industry content for risk and compliance.Several major content providers such as SAI Global, Thomson Reuters, and Wolters Kluwer have been acquiring a range of GRC technology providers and integrating their content with them (Lexis Nexis has worked more on OEM/partner strategies in the GRC space as with their partnership with QUMAS).
Wolters Kluwer has articulated a very specific GRC strategy in their ARC Logics brand that branches across the range of their GRC technologies they have acquired (e.g., Axentis, Ci3 Sword, MediRegs, TeamMate).Part of their strategy is to focus broadly across industry as well as have deep industry focus on specific industries.Financial services is a specific industry of focus (as well as healthcare and others).The acquisition of FRS Global is a very positive execution on their strategy to integrate content and technology and deliver value to financial services organizations specifically.FRS Global will extend the impressive risk capabilities found in the ARC Logics Sword product to deliver regulatory reporting for financial services as well as enhance risk management capabilities. Combined with the breadth of Wolters Kluwer financial services content – this acquisition will further enhance Wolters Kluwer ability to deliver GRC value to financial services organizations.
Thomson Reuters Launches Governance, Risk, and Compliance Business Unit
It is about time.Thomson Reuters was one of the first companies to articulate an integrated GRC technology and content strategy.However, this was locked inside the Thomson Reuters Tax and Accounting business unit and failed to branch out into other areas of Thomson Reuters.During this time Thomson Reuters has acquired other technologies and content providers (e.g., Complinet).When you look at the vast content resources that Thomson Reuters delivers, they could be the leader for GRC if they can successfully and integrate content and technology.
I have had some concerns if they could successfully maintain technology.The Tax and Accounting business unit was focused on deep content needs and technology always appeared as a band-aid in the GRC deals I have seen them involved in.I have not seen the investment and advancement of the Paisley product they acquired a few years back.
This new business unit is just what is needed.Thomson Reuters has articulated a beautiful vision of technology and content integration, which combines their GRC technology platforms into a single business unit and articulates integration with WestLaw and other Thompson Reuters leading GRC content.My gut feel is that this focus on a GRC business unit will allow broader implementation of GRC content into technology but also allow the technology itself to be a priority of investment and development.This should not only keep Thomson Reuters competitive in the market but allow them to be a primary leader in it if they can execute on this vision.