There are no published lessons in this course yet.

Or log in to access your purchased courses

Join GRC 20/20 for this in depth analysis of the GRC Market and its segments . . .

  • Discover drivers and trends in GRC across segments, industries, geographies, and roles/departments.
  • Identify the current market size and growth of the overall GRC Market as well as segments of the market.
  • Understand how COVID-19 is impacting the market for GRC related solutions and what to expect over the next few years.
  • Determine what industries and departments are more active in the current market and how to engage them.

The 2020 State of the GRC Market is GRC 20/20’s flagship Market Research Briefing that presents the latest market analysis and segmentation for the GRC market and its segments. This is the most current look at the GRC market with new segmentation, sizing, and forecasting as well as a detailed look at buying behavior and the impact of COVID-19.

This Market Research Briefing is a two-hour briefing that delivers detailed market analysis and intelligence. It illustrates howGRC 20/20 segments the market into solution categories with different capabilities, and reviews new sizing and forecasting data on the GRC market and select segments within the market.

GRC 20/20’s market intelligence, research, and analysis spans hundreds of research interactions each quarter with organizations looking for GRC related solutions as well as with review and analysis of solution provider offerings. In this Research Briefing, we will be looking specifically at:

  • GRC market definition and segmentation across segments of GRC related technology.
  • GRC sizing and forecasting for the overall GRC Market as well as certain segments of the market.
  • Overall GRC market drivers and trends by industry, role/department, and geography.
  • GRC feature/capability expectations for next generation GRC technology.
  • Impact and projection of the market from COVID-19 and how this is increasing demand in some segments over others.
  • Analysis of buyer interest in inquiries and RFPs that GRC 20/20 has advised on in 2020.


  1. GRC Market Definition, Overview & Segmentation
  2. GRC Market Drivers & Trends by Industry, Role/Department & Geography
  3. GRC Market Sizing, Forecasting & Predictions
  4. Impact of COVID-19 on the Market


This Market Research Briefing of the GRC Market is designed for anyone interested in understanding the GRC market and its segments, adoption and growth of GRC solutions, market drivers and trends, size sizing and forecasting, and recent inquiries and RFP analysis.


  • Audit Management & Analytics. Capability to manage audit planning, staff, documentation, execution/field work, findings, reporting, and analytics.
  • Automated / Continuous Control Monitoring & Enforcement. Capability to automate the detection and enforcement of internal controls in business processes, systems, records, transactions, documents, and information.
  • Business Continuity Management. Capability to manage, maintain, and test continuity and disaster plans, and implement these plans expected and unexpected disruptions to all areas of operation.
  • Compliance & Ethics Management. Capability to manage an overall compliance program, document and manage change to obligations, assess compliance, remediate non-compliance, and report.
  • Enterprise GRC Management. Capability to manage an integrated architecture across multiple GRC areas in a structured strategy, process, information and technology architecture.
  • Environmental Management. Capability to document, monitor, assess, analyze, record, and report on environmental activities and compliance.
  • ESG/CSR. Capability to manage the corporate social responsibility, accountability, and sustainability initiatives of the organization.
  • Finance GRC Management. Capability to manage, monitor, and report on the organization’s financial controls and reporting.
  • Health & Safety Management. Capability to manage, document, monitor, assess, report, and address incidents related to the health and safety of the workforce and workplace.
  • HR GRC Management. Capability to govern human resources manage HR processes in context of risk and compliance.
  • IT GRC/Information Security Management. Capability to govern IT in context of business objectives and manage IT process, technology, and information risk and compliance.
  • Internal Control Management. Capability to manage, define, document, map, monitor, test, assess, and report on internal controls of the organization.
  • Issue Reporting & Case Management. Capability to notify on issues and incidents and manage, document, resolve, and report on the range of complaints, issues, incidents, events, investigations, and cases.
  • Know Your Customer Management & Analytics. Capability to manage, analyze, monitor, and report on KYC and AML risks and exposure.
  • Legal GRC Management. Capability to govern, manage, monitor, and report on the organization’s legal operations, processes, matters, risks, and activities.
  • Physical Security Management. Capability to manage access, risk and losses to individuals and physical assets, facilities, inventory, and other property.
  • Policy & Training Management. Capability to mange the development, approval, distribution, communication, forms, maintenance, and records of policies, procedures and related awareness activities.
  • Quality Management. Capability to manage, assess, record, benchmark, and track activity, issues, failures, recalls, and improvement related to product and service quality.
  • Reputation & Responsibility Management. Capability to document, manage, monitor, assess, and attest to corporate social responsibility and sustainability commitments.
  • Risk Management Management & Analytics. Capability to identify, assess, measure, treat, manage, monitor, and report on risks to objectives, divisions, departments, processes, assets, and projects.
  • Strategy & Performance Management. Capability to govern, define, and manage strategic, financial, and operational objectives and related performance and risk activities.
  • Third Party Management Management. Capability to govern, manage, and monitor the array of 3rd party relationships in the enterprise, particularly risk and compliance challenges these relationships bring.

GRC 20/20 Speaker

Michael Rasmussen, GRC pundit

GRC 20/20 ResearchMichael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 27+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” – being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.

©GRC 20/20 Research, LLC. All Rights Reserved.

No part of this publication may be reproduced, adapted, stored in a retrieval system or transmitted in any form by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of GRC 20/20 Research, LLC. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines established in client contract. The information contained in this publication is believed to be accurate and has been obtained from sources believed to be reliable but cannot be guaranteed and is subject to change. GRC 20/20 accepts no liability whatever for actions taken based on information that may subsequently prove to be incorrect or errors in analysis. This research contains opinions of GRC 20/20 analysts and should not be construed as statements of fact.  GRC 20/20 disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information.  Although GRC 20/20 may include a discussion of related legal issues, GRC 20/20 does not provide legal advice or services and its research should not be construed or used as such.