Gartner Blog Network


Gartner Launches Integrated GRC Research Program

by John A. Wheeler  |  June 8, 2015  |  3 Comments

In conjunction with the start of our 2015 U.S. Security & Risk Management Summit today in Washington, DC, Gartner launched its integrated “OneGRC” research program. This year, I will be leading a select group of Gartner research analysts in evaluating the Governance, Risk & Compliance (GRC) market and its related segments. The result of our efforts will be a slate of research reports (see below) that will publish over the next 12 months.

GRC coverage overview

Gartner’s “OneGRC” Research Program – 2015/2016

Our “Hype Cycle for GRC Technologies” and “Market Guide for GRC Software Platforms” will highlight a number of technologies and software vendors that span the wider GRC software market. We will also publish a set of reports (Magic Quadrants, Critical Capabilities and Market Guides) focused specifically on seven market segments within GRC. These seven market segments include:

1. IT Risk Management

IT risks are those within the scope and responsibility of IT, the IT department or IT dependencies that create uncertainty in daily tactical business activities, as well as IT risk events resulting from inadequate or failed internal IT processes, people or systems, or from external events. ITRM software applications automate IT risk assessments, policy management, compliance mapping and reporting, security operations analysis and reporting, and incident management.

 2. Operational Risk Management

Operational risks are those risks that “relate to the uncertainty of daily tactical business activities, as well as risk events resulting from inadequate or failed internal processes, people or systems, or from external events.” ORM software applications allow organizations to aggregate and normalize data from multiple data sources, including operational and financial systems, as well as from external sources such as regulatory alerts and loss event databases.

 3. IT Vendor Risk Management

Vendor risk management programs help organizations manage the risks of third parties with adequate controls for business continuity management, vendor performance, vendor viability and data protection. Failure to comply with these mandates can have significant audit-related repercussions, which can undermine shareholder value and corporate viability. The IT VRM market addresses risks related to regulatory compliance and information security that arose from enterprises’ increased use of, and reliance on, third-party IT service providers and IT vendors. Solutions in this market have capabilities ranging from risk assessment to risk monitoring and risk rating.

4. Business Continuity Management Planning

BCM is the practice of coordinating, facilitating and executing activities that ensure an enterprise’s effectiveness in identifying risks that can lead to business disruptions, implementing disaster recovery solutions and recovery plans, responding to disruptive events, and recovering mission-critical business operations. Business continuity management planning (BCMP) software automates processes such as risk assessment, business impact analysis (BIA), and recovery plan development, exercising and invocation. BCMP tools can greatly benefit organizations by jump-starting their BCM programs and quickly improving their overall continuity capability.

5. Audit Management

Internal auditors act as auditors, consultants and advisors to the business. In general, internal auditors have three roles: auditing, providing advice to middle and senior management, and providing consultation to business process stakeholders. When risk owners and management do not identify risk or adequately mitigate the risk, it is imperative for the internal auditors to provide independent and objective insight on risk. The audit management solution market caters to this need by automating internal audit operations through its core and value-added offerings. These solutions automate audit planning, scheduling, work paper management, time and expense management, reporting, and issue management.

6. Corporate Compliance and Oversight

The scope of compliance management programs continues to increase. Regulatory compliance and change management gets more and more complicated. The recent increase in focus on commercial compliance (increasingly required by business partners) and organizational compliance requirements (such as ethics and CSR) has made the compliance manager’s role ever more challenging. Corporate compliance and oversight software support the goals and activities of compliance leaders, providing automated policy development and management; compliance risk assessment; control rationalization, assessment and attestation; regulatory change management; and investigative case management.

7. Enterprise Legal Management

Enterprise legal management software applications are focused on supporting the legal and compliance departments, corporate secretaries, board of directors and senior management. They provide support through better documentation, spend management, information availability and collaboration via an integrated set of applications that include matter management, e-billing, financial/spend management, legal document management and business process management.

The full set of these “OneGRC” research reports will give our readers the best view of the entire GRC software marketplace as they work towards integrating their GRC software solutions. More information about this “OneGRC” research program will be provided this week at our U.S. Summit as well as at our upcoming Summit events across the globe.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: audit-management  business-continuity-management  compliance-management  digital-risk  enterprise-risk-management  grc  it-risk-management  it-vendor-risk-management  legal-risk  operational-risk-management  risk-management  security  strategic-risk  third-party-risk-management  

Tags: grc  grc-software  risk-management  

John A. Wheeler
Global Research Leader - Risk Management Technology
8 years at Gartner
30 years IT Industry

John A. Wheeler is global research leader for risk management technology solutions and professional services. His areas of specialty include integrated risk management, executive leadership and corporate governance. Follow him on Twitter @JohnAWheeler Read Full Bio


Thoughts on Gartner Launches Integrated GRC Research Program


  1. […] Read the complete article at: Gartner Launches Integrated GRC Research Program […]

  2. Une information difficile à obtenir selon l’analyste du Gartner Augusto Barros. Il mentionne dans un post de blog « qu’il est délicat d’essayer de comprendre la valeur de ces nouveaux produits sont.

  3. […] weeks have been quite active in our world of Governance, Risk & Compliance (GRC) research. As announced earlier this year, Gartner conducted a “OneGRC” integrated research effort that spanned 70+ software […]



Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.