John Wheeler

A member of the Gartner Blog Network

John Wheeler
Research Director
4 years at Gartner
25 years IT Industry

John A. Wheeler is a Research Director with responsibility for covering risk management and executive leadership topics. His areas of specialty include enterprise risk management, internal audit, corporate governance and IT/operational risk. Follow him on Twitter @JohnAWheeler Read Full Bio

Coverage Areas:

Why Risk Management Needs an IT Application Strategy Now

by John A. Wheeler  |  December 4, 2013  |  4 Comments

Everyone has one. Somewhere in their kitchen or garage at home is the infamous “junk drawer”. Over time, the drawer fills up with gadgets, tools, scraps of paper with to do lists and various other items that vary in their usefulness. However, invariably there are moments when you rush to the drawer looking for that one item that you need and it becomes a struggle to find. Then, when you rifle through the drawer, you begin to wonder how all these items found their way to the drawer in the first place. More often than not, the items do have a specific use and value or they would not have been placed in the drawer. It becomes junk when we forget why we needed the item or how it can be used on a regular basis.

This junk drawer analogy is a perfect description of the state of the Risk Management IT Application Portfolio at many companies today. During the past decade, risk management has matured as a formal discipline and the related software applications have also evolved. It has resulted in the creation of a software category commonly known as GRC – governance, risk and compliance.

Similar to ERP software solutions that support financial management or supplier management functions, GRC software solutions run the gamut from broad based risk and compliance platforms to purpose-built risk analytics applications. As companies have built their risk management programs across the enterprise, they have filled their GRC “junk drawer” with a range of applications that vary in their usefulness and relationship to one another.

At Gartner, we have recognized a clear desire by companies and risk management organizations to clean out their GRC “junk drawer”. To do this, risk management organizations need an organized, structured IT application strategy. What we recommend is a pace-layered application strategy for GRC that classifies your software applications into three primary layers – systems of record, systems of differentiation and systems of innovation.

By doing so, you can begin to manage the applications at the pace of change demanded by the risk management program as well as the business at large. You will also be in a much better position to maximize the usefulness of your risk-related applications and prevent your GRC “junk drawer” from filling up again.

GRC junk drawer


Category: Enterprise risk management GRC IT risk management     Tags: ,

4 responses so far ↓

Leave a Comment