Full RSS Feed
Receive
the Free CMSWire NewsletterIt’s taken a couple of weeks to get it, but Gartner’s Magic Quadrant for the GRC space is finally out. Leaving aside the list of vendors that made it into the "'Leaders' quadrant," Gartner says that over the course of this year, the market shifted from a tactical focus on regulatory compliance to a wider focus on enterprise risk management.
The Magic Quadrant, which came out in the middle of the month but which has only been publicized now, contains the usual caveat from Gartner that it only represents a snapshot of the market at the moment and that, while the Leaders Quadrant is important, for companies looking at GRC software, all quadrants should be considered.
The Enterprise GRC Market
A number of specific trends have been noted over the past year in the GRC market. Many companies, in light of recent developments in areas such as finance. are looking for better corporate governance and compliance, with many of those looking to consolidate all their GRC functions onto one platform.
GRC is defined in this case as “the automation of the management, measurement, remediation and reporting of controls and risks against objectives, in accordance with rules, regulations, standards, policies and business decisions.”
Companies are looking at this through the perspective of one standard such as Sarbanes-Oxley (SOX) compliance, or across regulations applied to specific industries.
Other considerations are creeping in, too, such as audit management, IT governance or policy management, which many enterprises are looking at incorporating into the single-platform GRC approach in the future.
ERGC Trends
Gartner says it is monitoring the possible convergence of IT GRC and Enterprise GRC (EGRC) to see how closely they converge, but as of this year, the convergence has not happened yet. Divergence between the two areas remains a fact of life at the moment, based on differences in management and reporting requirements for top-down vs. bottom-up approaches.
While top-down approaches tend to be dominated by business executive requirements, bottom-up approaches have been dominated by IT requirements typically led by IT, or information security operations.
Convergence, Gartner says, will happen when enterprises stop buying multiple tools for multiple tasks and agree to buy a product that can deal with both approaches.
As a result, Gartner has identified the following trends in the market:
- Demand for software that can offer Sarbanes-Oxley compliance, not just in the US, but also similar compliance for similar regulations outside of the US
- A professional client base that wants GRC analytics aligned with enterprise objectives
- Software to manage the increasingly regulatory environment, particularly in relation to anti-corruption and bribery measures
- Software that will offer transparency in decision making
- Regulatory content services and change management
- Market consolidation with larger vendors becoming dominant
Inclusion in this year’s Quadrant required enterprises to meet the following criteria:
- Ability to offer four primary GRC functions including: Audit management, compliance management, risk management and policy management
- Credible market presence that resulted in at least US$ 11 million in annual revenue for the calendar year 2010 from GRC software and 50 customers
So who were the leaders?
BWise
BWise (news, site) is here because of its mature EGRC platform to which it continues to add functionality, as well as a large customer base and substantial revenues. Gartner says it is the only vendor besides the large ERP vendors to offer an organic CCM solution that integrates with its EGRC platform.
Continue reading this article:
Email It
