Blog post

Are Millennials the “GRC Generation”?

By John A. Wheeler | May 12, 2015 | 2 Comments

Technology and Emerging TrendsTech and Service ProvidersStrategic riskSecurity and Risk Management LeadersRisk ManagementRisk cultureOperational risk managementIT risk managementIRMintegrated risk managementGRCEnterprise risk managementCyber securityCyber riskAudit and Risk

This week, the Pew Research Center announced that the Millennials have officially surpassed Generation X as the largest generation in the U.S. workforce (see graphic below). For the past few years, sales and marketing professionals have highlighted how the Millennial generation is altering consumer buying trends by their different views of the world. Now, in the U.S. at least, these unique views will alter the very nature of our workplaces. The Millennial viewpoint raises the profile of a technology devoted to increasing trust and transparency in corporate environments – governance, risk and compliance (GRC).

To see the connection between GRC technology and the Millennial generation, we need to look at how Millennials perceive corporations and the workplace. In a recent study by the Brookings Institution, the authors highlighted the fact that Millennials are the least trusting of big business, most ethically aware, and most supportive of governmental regulation than any other generation. In addition, they are less focused on the bottom line – both the company’s and their own. The authors state, “Those companies that dedicate their future to changing the world for the better and find ways to make it happen, will be rewarded with the loyalty of Millennials as customers, workers and investors for decades to come.”

These viewpoints will propel the use of GRC technology to help companies better manage risk in areas such as anti-corruption, ethical treatment of workers, proper financial reporting and reducing cyber crime. In fact, the Brookings study also points out that 3 of the top 10 ideal employers for Millennials today are governmental agencies focused on these risks – the State Department, FBI and CIA.

When comparing this new generation to previous ones, many technology professionals may view the Baby Boomers the “ERP generation” with their constant focus on the bottom line. And others may consider Generation X as the “CRM generation” with increased attention on customer relationships. Now, we have a new “GRC generation” and they most certainly will alter the focus of businesses in the coming years.


The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed


  • Dan Clayton says:

    The thing that is missing in the technology enabled GRC world is the component definition, not the capability. There continues to be a void at the heart of GRC where governance, risk and compliance roles overlap. but no definition has been provided to define this overlap of service and responsibility at the 1 unit level. Answer the 1 unit level question and you can drive a stake in the vacillating circles of responsibility that keep drifting into silos. This is a business issue/opportunity not one of technology.

    • Vidya Phalke says:

      I think there has been enough effort on GRC model, components, taxonomy — OCEG et al can be looked at. However what sets apart the Millennial situation is the mega-awareness and hyper-connectivity which means GRC will be automatically pervasive. So I agree this is not a topic of technology but more of an opportunity to harness and embed GRC. Uber CEO story drives the point home