Software that unites GRC coming together slowly

The GRC market covers at least 20 different enterprise platforms, and a plethora of ancillary products that address the needs of a specific GRC industry.

Robert Kugel, an analyst with Pleasanton, Calif.-based Ventana Research, wrote, “There's no arguing that from a buyer's perspective (that GRC software) doesn't exist today.” A Forrester Research analyst Chris McClean report seems to agree, saying that “as companies start looking at managing risk across the enterprise, they want to pull all of that information into one place for reporting and analytics,” CFO.com reports.

Michael Rasmussen, president of GRC analyst firm Corporate Integrity, wrote about the value of adopting a single architecture for GRC platforms, saying “whether the enterprise uses the ‘GRC’ acronym or not, the fact is, every organization practices GRC. There is not a single executive that will tell you that they lack corporate governance, do not manage risk, and completely ignore compliance. The truth of the matter is, GRC has been a part of business since the dawn of business.”

Rasmussen’s report finds GRC architecture allows an organization to achieve:

Agility – An organization must address GRC on a continual and collaborative basis, yet real-time assessments no longer work alone.
Consistency – An enterprise-wide, written agenda helps define everyone’s role in the GRC process, and clearly identify individual roles.
Efficiency – When managed correctly, GRC “eases the burden on business by leveraging common processes, assessments, and information through technology integration and enablement,” the Corporate Integrity report finds.
Transparency – These days, corporate performances are related to management of key performance and risk indicators.
Accountability – “When issues arise, a lack of accountability and ownership of specific issues is a warning sign for regulators or investigators to dig deeper,” the report says. “Organizations must be able to see the big picture, and drill down into specific GRC areas.”

To demonstrate how the software development market is reacting to the increased demand for a single GRC platform, OpenPages President and CEO Michael Duffy said in a recent prepared statement regarding his company’s strong fiscal year: “Our growth and success is being fueled by customers' adoption of a platform approach to integrated risk management, which includes operational risk, compliance, information security, vendor risk management, business continuity and other critical GRC initiatives.”