Enterprise GRC Solutions 2012

In 2012, organizations continued to expand usage of enterprise governance, risk, and compliance (EGRC) software. With so many governance, risk, and compliance-related stories in the news this year (LIBOR, BP, HSBC), this is probably not a shock. Following the financial crisis, it is perhaps not surprising that the focus of the drive to improve GRC has been on financial institutions. However, the pressure from regulators and shareholders on organizations in energy, healthcare, and other non financial sectors is also increasing.

While in the financial services sector the emphasis is on quantitative risk analysis and financial risk measurement, non-financial services  firms have focused on qualitative and subjective approaches. However, there is an increasing trend towards cross-fertilization of skills and techniques between financial and non- financial industries. Financial institutions are embedding more and more qualitative approaches (particularly around operational risk management), while non-financial firms (e.g. those in the energy, commodities, and telecommunications sectors) are adopting more quantitative techniques for enterprise GRC.

At the same time, firms are reversing last decade’s trend towards greater centralization of GRC. With greater decentralization of GRC responsibilities, firms are accordingly shifting their GRC investment from the second and third lines of defense (risk functions and audit function) to the first line of defense (front?office).

Firms also increasingly see GRC as a crucial input into their business that will direct strategy and help to determine executive compensation. Firms are also more aware of the threat from interrelated risks and need technology systems that can help them discover these linked risks. As a result, risk management is increasingly integrated with business strategy and execution processes. Forward-thinking firms are looking to leapfrog competitors by effectively identifying, analyzing, monitoring and responding to risk exposures and turning compliance into an opportunity to add value.

The strategic profile of Chief Risk Officer (CRO) and Chief Compliance Officer (CCO) is rising and CROs and CCOs increasingly report directly to the board or CEO. Their higher profile has increased pressure on them to improve risk management initiatives and has resulted in greater demand for EGRC software. To achieve their goals, firms need robust technology systems. This report covers the specific technologies required for firms to improve their GRC processes, including enterprise GRC platforms, continuous monitoring and assessment functionalities, collaborative feedback systems, policy and procedure management, regulatory change management, and real-time risk intelligence.

The report also covers the competitive landscape for EGRC solutions. Organizations are expanding usage of GRC software, but remain unsatisfied with current solutions. Many vendors advertise “enterprise GRC solutions”, but there is significant confusion among risk technology buyers as to whether vendors really have all the necessary functionalities for ‘G’ ‘R’,and ‘C’. The plethora of competing claims made by risk technology vendors can make it difficult for buyers to decide which solution best suits their GRC requirements.

This report uses Chartis’s RiskTech Quadrant™ to explain the structure of the market. The RiskTech Quadrant™ uses a comprehensive methodology of in-depth independent research and a clear scoring system to explain which technology solutions meet an organization’s needs. The RiskTech Quadrant™ does not simply describe one technology solution as the best enterprise GRC solution; it has a sophisticated ranking methodology to explain which solutions would be best for buyers, depending on their implementation strategies and business needs.

This report covers the leading vendors offering Enterprise GRC solutions, including ActiveRisk, BPS Resolver, Chase Cooper, Cura Technologies, Detica NetReveal, EMC-RSA, Enablon, IBM, MEGA, MetricStream, NASDAQ OMX-BWise, NICE Actimize, Oracle, Palantir, Protiviti, SAI Global, SAP, SAS, Software AG, Thomson Reuters, Wolters Kluwer FS,Wynyard, and YarcData.