Many enterprises typically consider a Governance, Risk and Compliance Management (GRCM) application to satisfy a specific requirement, such as SOX compliance, an industry-specific regulation or Opertional Risk Management (ORM) for a business process. However, enterprises often have other GRCM activities in mind, such as audit management, additional regulations, IT governance, remediation management and policy management.
In a 2012 Gartner survey of 211 Enterprise GRC platform users, the four leading uses were audit management (45%), ERM (40%), ORM (40%), compliance with SOX or similar laws (33%), and IT risk management (25%).
Some Enterprise GRC platform vendors are also starting to add content and capabilities to meet industry-specific operational GRC needs, such as Basel II/III, Solvency II, EH&S compliance, healthcare compliance, and NERC/FERC compliance. Overall, Enterprise GRC platform vendors are adding capabilities across a wide spectrum of financial, IT, operational and legal needs.
There is a trend emerging within the GRC market for consolidation of players, with a shift from the dominance of the market by smaller best-of-breed players to one dominated by larger well-established vendors. IBM, Oracle and SAP are all present in the “Leaders” Magic Quadrant with IBM ranked the highest, of all its competitors, up the quadrant in terms of “ability to execute” and its “completeness of vision”.
IBM’s principal GRC Platform is OpenPages.
“IBM continues to integrate OpenPages with its growing portfolio of business analytics and risk management software products, including Algorithmics risk modeling, Cognos reporting, Q1 Labs for security information and event management, and SPSS predictive analytics. Opportunities for deeper integration among these products exist within IBM’s road map and will serve to further solidify IBM’s position in the Leaders quadrant if it follows through.”
Source: Gartner October 2012 Survey of Governance, Risk and Compliance Platforms.