Enterprise Governance, Risk and Compliance Platforms
Originally Published: July 01, 2009
With increasing expectations for more effective enterprise-wide risk management, the demand for software platforms related to enterprise governance, risk and compliance (GRC) is on the rise. In this article, Forrester Research, Inc. provides summaries of its analysis of their evaluation of fourteen enterprise GRC platform vendors to determine the strengths and weaknesses of each one.
GRC products have been transforming to meet the growing demands from business professionals. While the original GRC products aimed to address the needs of a specific segment within a company, the demand today is for more flexible platforms that support several risk and compliance domains. The common technologies that these enterprise-wide platforms require include data mapping, workflow management, content management and reporting to track and evaluate GRC status.
In addition to the platform technologies, vendors offer varying applications to meet the distinctive functions business are searching to find. Companies that have implemented GRC platforms generally have experienced results that include greater efficiency, reduced risk and improved strategy.
All fourteen of the vendors studied in the assessment had to meet the criteria of having broad GRC capabilities, a substantial number of GRC customers and significant thought leadership and mindshare. Forrester evaluated these fourteen vendor platforms based on eighty separate criteria which were grouped into three categories: current offerings, strategy and market presence. The results of the study were then used to classify the fourteen vendors as leaders, strong performers, contenders or risky bets in the GRC platform market.
Forrester determined that AXENTIS, BWise, MetricStream, OpenPages and Thompson Reuters are all leaders that show strength not only in technical components but in their amount of customer deals as well. These vendors are also noted as having innovative thought leadership and strategic guidance within the industry.
Archer, Cura, MEGA, Methodware, Protiviti, and Strategic Thought were found to be strong performers who have shown impressive growth and improvement in recent years and offer impressive technologies and excellent customer satisfaction. However, these vendors lack the broad GRC implementations that the vendors in the leaders' category offer.
SAI Global, SAP, and Trinitech are the final vendors in the study who were all found to be members in the contenders' category. These vendors are young players in the GRC platform market, although they have been providing solutions related to compliance and risk management in the past. These vendors' continual integration of new GRM platforms with their existing risk management capabilities will result in more customer deals in the future.