This report is an update to Chartis’s 2014 report on enterprise governance, risk, and compliance (GRC). Much of the core content remains the same. As the twelve-month update describes, most of Chartis’s predictions in 2014 have proved to be accurate:
- Across all industries, corporations are looking to link risk and compliance to performance. This is leading to a convergence of GRC with Finance – GFRC.
- Human behavior-based GRC solutions have been lacking. In the financial services sector alone the aggregate impact of the top 50 operational loss events is estimated to be $60bn (source: Chartis report on Operational Risk Management Systems 2015). 98% of these losses (by value) and 82% (by frequency) were due to misconduct and inappropriate human behavior.
- “Big data” and “big analytics” are rapidly being applied to enterprise GRC across all industry sectors. In the last 12 months Chartis has seen a top 10 financial institution use natural language processing and artificial intelligence tools for internal audit, a European energy company using continuous real-time technologies for health, safety and environment control monitoring, a global pharmaceutical company using high-performance supercomputers for risk identification in a “data lake” using graph analytics, and a manufacturing company using complex event processing (CEP) technology and in-memory analytics for supply chain risk management.
However, the most important trend continues to be that of integrated GRC. “Enterprise” GRC requires integration, alignment and linkage. The concept of “connected GRC” is more important now than ever before and it can only be achieved through next generation data management, business intelligence and analytics technologies. Interestingly enough, other industry analysts seem to be missing these important trends. Some sections of the marketplace have been intimidated by the proliferating possibilities of connected GRC, and have retreated to the comfort of silo-based approaches, while others are completely underestimating the impact of the waves of technology innovation in the new digital age. This viewpoint looks at the world from the perspective of traditional GRC vendors (supply side) and is out of touch with the leading practices and innovations happening in end-user organizations (demand-side). This is not a forward-looking view of the market.
At Chartis, we view our primary audience to be end-user organizations and the risk, compliance and technology professionals looking to improve and enhance their GRC processes and systems. This report covers these trends in depth and provides a refreshed competitive landscape for enterprise GRC solutions. This report uses Chartis’s RiskTech Quadrant® to explain the structure of the market. The RiskTech Quadrant® uses a comprehensive methodology of in-depth independent research and a clear scoring system to explain which technology solutions meet an organization’s needs. Chartis considers MetricStream to be one of the leading vendors offering enterprise GRC solutions.