Now in its 9th year, the Garter MQ for Enterprise Governance, Risk and Compliance Platforms is one of the most dynamic there is. While enterprises always expected a wide range of capabilities across these platforms to monitor risk and business performance, the rise of social computing and the datasets that this throws up, means that big data is also entering the mix and is set to transform the market over the next 3 years.
EGRC Magic Quadrant 2012 v 2013
Before looking at the Quadrant in a little bit more detail, there are a couple of points worth noting in relation to last year’s MQ that should be kept in mind.
The first is that last year Gartner speculated that it might not produce a Magic Quadrant this year at all, but rather produce a MarketScope, such is the maturity of the market.
MarketScope reports help users understand how the status of an emerging, or mature, market aligns with their own state of maturity and plans, rather than providing comparisons between vendors and products.
Clearly, the evolution of this year’s market has not proceeded at the pace that Gartner anticipated as it still saw value in producing a Magic Quadrant this year.
Gartner does not go into any detail as to why, but it may be that the convergence of big data, social computing and GRC is reshaping the market in such a way that a comparative look is still worthwhile.
The other thing to note this year is that instead of 9 vendors in the Leaders’ Quadrant, there are only 7. This year’s Leaders include, in alphabetical order: EMC, IBM, MetricStream, Nasdaq OMX (BWise) SAP, Software AG, Thomson Reuters.
You will notice that Oracle has been dropped entirely as it did not provide information, or customer references, for reasons that Gartner didn’t share, or doesn’t know. SAS moved into the Visionaries Quadrant, which in a market that looks set to change quite substantially in the immediate future, is probably a good place to be.
This is especially true if you consider that one of the criteria for inclusion in the Visionaries’ Quadrant is the availability of an aggressive roadmap that includes non-regulatory compliance and business performance needs.
The EGRC Market
The Enterprise Governance, Risk and Compliance (EGRC) market is a mature market that is still evolving rapidly as enterprise needs change. To reflect that change, Gartner says it has shifted the focus of its analysis towards the feedback it received from reference customers about their needs and expectations.
This is a subtle, but significant, shift away from the normal practice of assessing the relative merits of different functionalities, and provides an MQ that reflects the ability of vendors to address key use cases as well as vendor performance in meeting market challenges.
GRCM v EGRC
The result, Gartner says, is an MQ that better reflects the needs and expectations of buyers. It is also a Magic Quadrant that contains significant shifts in vendor positioning since last year.
Overall, there are two sets of products in the GRC marketplace that often crossover, but are quite distinct. They are:
- GRC Management (GRCM): These are products for the oversight and operation of risk management and compliance programs.
- EGRC: For the automation and monitoring of systems across the entire enterprise — not just IT — offering a holistic view of GRC issues across the enterprise globally.
As the EGRC market evolves most vendors are meeting customer demand by the provision of an integrated platform with core modules for risk management, compliance and policy management, audit management, and regulatory change management.
These can then be built out by the addition of interoperable modules. Gartner also points out that as products develop, some vendors are starting to provide functionality for industry and function-specific applications that are overlaid onto the platforms as core modules.
Keeping this in mind, the key EGRC function is to automate the processes associated with documentation and risk management. Key functions include:
- Risk management: Supports risk management professionals with the documentation, workflow, assessment and analysis of the business impact of risks.
- Audit management: Supports internal auditors in developing long-range audit plans, planning and execution of individual audits.
- Compliance and policy management: Supports compliance with documentation, workflow, reporting and visualization of controls and associated risks.
- Regulatory change management: The ability to respond to changes in the rules and regulations.
- Incident or case management: Used to track the occurrence and resolution of incidents.
As well as this, EGRC platforms are integrated with other business applications like business intelligence, enterprise content management, controls automation, and other specialized GRC management applications like IT GRC applications.
- The Future of Digital Marketing: 8 Trends
- How Is Hadoop Like Teenage Sex? [Infographic]
- 6 Predictions for SharePoint, Office 365 in 2014
- What You Need to Know about Enterprise Mobility for 2014
- Hey CMO! Hey CIO! Work Together or Lose Everything
- 5 Ways Marketers Can Improve the CMS Experience
- 2014 Predictions: What Side of the Future Are You On?