Gartner Blog Network

GRC vs. IRM Solutions – What’s the Difference?

by John A. Wheeler  |  February 13, 2018  |  1 Comment

One of the most common questions I receive from software vendors has to be “what’s the difference between GRC and IRM solutions?” Gartner has been publishing research about integrated risk management (IRM) for the past two years. While the software end-user community is excited about IRM rather than outdated governance, risk and compliance (GRC) solutions, some vendors remain reluctant to acknowledge a shift in market focus has occurred.

Our upcoming Magic Quadrant for Integrated Risk Management will provide insight into the vendors who are seizing the IRM market opportunity and embracing the future. The Magic Quadrant will also clearly show those vendors who still have room for improvement.  Below are seven characteristics that clearly differentiate GRC and IRM solutions.


Feedback from our end-user client inquiries as well as our Gartner Peer Insights highlights these characteristics as well as the need for vendors to make the shift to IRM. That’s why we see 2018 as a defining moment for the IRM solutions market as it continues on a pace to grow to $7.3 billion by 2020. To learn more about IRM and how you can benefit from this evolving solution set, read our latest research (subscription required) “Market Trends: GRC Era Is Over as Customers Adopt Integrated Risk Management”.

Category: cyber-risk  cyber-security  grc  integrated-risk-management  irm  strategic-risk  trends-predictions  

Tags: grc  integrated-risk-management  irm  

John A. Wheeler
Senior Director, Advisory - Integrated Risk Management
8 years at Gartner
29 years IT Industry

John A. Wheeler leads analyst coverage of integrated risk management (IRM) technology solutions and professional services. His areas of specialty include risk management, executive leadership and corporate governance. Follow him on Twitter @JohnAWheeler Read Full Bio

Thoughts on GRC vs. IRM Solutions – What’s the Difference?

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.