Gartner Blog Network

GRC Focus Begins to Fade

by John A. Wheeler  |  October 6, 2015  |  2 Comments

To GRC, or not to GRC? That is the question I posed to risk management & security professionals as I circumnavigated the globe over the past two months. Governance, Risk & Compliance (GRC) technology has matured greatly over the past decade, but the answers to my question point to some interesting gaps in GRC technology usage today.

My journey to find answers to my simple question took me to four corners of the world – North America, Latin America, Australia/New Zealand and Europe. It was in these regions that Gartner hosted is annual Security & Risk Management Summits and I had the privilege to speak to more than 700 IT leaders about GRC technology. Here’s a summary of the answers I received.grcusagedifferences

Not surprisingly given a over a decade of maturity, 54% of companies are using GRC technology. However, what is surprising is the fact that 75% of companies are not using technology to integrate GRC.

What does that mean? It means that an overwhelming number of companies today do not have a clear, comprehensive view of their operational/IT risks as well as a way to govern and comply to regulatory and industry mandates.

At this week’s Gartner US Symposium in Orlando, my fellow analysts unveiled this year’s annual CIO survey results that point to a need for more “platform thinking” in businesses. This is also true with GRC. A platform approach that will provide a comprehensive view of risk and compliance while allowing for the agility to integrate a diverse set of GRC technology tools is clearly needed now.

To learn more about “platform thinking” for GRC, read “Market Guide for GRC Software Platforms” available at

Category: cyber-risk  digital-risk  grc  operational-risk-management  risk-management  security  trends-predictions  

Tags: grc  risk-management  

John A. Wheeler
Research Director, Integrated Risk Management
6 years at Gartner
28 years IT Industry

John A. Wheeler is a Research Director with responsibility for leading analyst coverage of integrated risk management (IRM) technology solutions and professional services. His areas of specialty include risk management, executive leadership and corporate governance. Follow him on Twitter @JohnAWheeler Read Full Bio

Thoughts on GRC Focus Begins to Fade

  1. If that can all be had via “small” data fine, however we often find we need to expand the available data to make for a richer analytics set to drive better insights. Intelligent use of newer technologies, often utilizing big data constructs, have proven to be very useful in capturing those sources and boiling them down to the “small data” approach you voice.

  2. Jan Lange says:

    Any compliance professional needs tools and systems in order to be effective. Looking at the market for grc applications you will quickly get an impression that the market is dominated by BIG solutions for BIG companies and BIG money. This is what we tried to change.

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.