Blog post

GRC 20/20 Hindsight No Longer Effective in a Post COVID-19 World

By John A. Wheeler | March 05, 2021 | 0 Comments

Technology and Emerging TrendsTech and Service ProvidersSecurity and Risk Management LeadersRisk ManagementLegal and ComplianceIRMintegrated risk managementEnterprise risk managementAudit and Risk

Now that we are recovering from the COVID-19 pandemic crisis, our clients are now looking forward to deploy new ways of managing risk. What we at Gartner have learned from their response to business disruption caused by the virus is clear. They can no longer look to the past as an exclusive indicator of what risks may lie ahead.

As a result, compliance-driven GRC (governance, risk and compliance) programs and technology solutions do not provide the foresight needed to prepare for a future of new, disruptive risk events. While GRC may provide 20/20 hindsight into how well an organization complies with regulation, it lacks the risk insights to equip senior executives and board members in making better business decisions.

Simply put, business leaders need a better way to manage risks. For them, the way forward is IRM – integrated risk management.

How do we know that IRM is the way forward? Our clients are telling us that their risk management priorities have shifted dramatically due to COVID-19. In a recent Gartner survey of risk managers, the top 3 risk management priorities for their companies require an IRM approach (see figure below). Risk Management in a Post COVID-19 World

Operational resilience, business model resilience and cross-functional risk response link directly to 3 of the 4 primary IRM objectives beyond compliance – performance, resilience and assurance. The remaining list of priorities tie directly to the need for a more predictive, proactive approach to risk management.

These priorities are fueled by increasing interest from business leaders who now recognize preparedness for a major event like COVID-19 requires an integrated view of risk from strategic to operational to technological. As a result, we are receiving many more client inquiries from Chief Financial Officers, Chief Digital Officers, Chief Operating Officers and Chief Executive Officers on ways to increase performance while maintaining resilience via IRM technology. At the same time, Chief Risk Officers, Chief Legal Officers, Chief Compliance Officers and Chief Information Officers are asking how they can provide greater assurance to board members and more efficient compliance response to regulators via IRM technology (see figure below).

Our research shows that these business leaders are willing to invest in better IRM capabilities to provide faster and more effective risk response going forward. IRM technology providers that can provide these capabilities in new and innovative ways will win these new buyers.

Stay tuned for our upcoming research reports on Technology Innovators and Top Use Cases in Integrated Risk Management currently targeted to publish in Q3 2021. In the meantime, here are a few recent research reports (Gartner subscription required) that provide a view of how IRM can help organizations with more predictive, proactive risk management.

Emerging Technologies: Digital Risk Management Is the Next Big IRM Opportunity

Technology Outlook for Integrated Risk Management

Cool Vendors in Integrated Risk Management

Why Leading Providers Have Shifted Technology From GRC to IRM

Market Opportunity Map: Security and Risk Management Software, Worldwide



The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed