Gartner Blog Network

Why Leading Software Vendors Are Dumping GRC for IRM

by John A. Wheeler  |  November 29, 2018  |  Submit a Comment

One of the most common questions I receive from software vendors has to be “what’s the difference between governance, risk and compliance (GRC) and integrated risk management (IRM) solutions?” Gartner has been publishing research about integrated risk management (IRM) for the past two years. While the software end-user community is excited about IRM rather than outdated GRC solutions, some technology and service providers remain reluctant to acknowledge a shift in market demand has occurred.

Our Magic Quadrant and Critical Capabilities for Integrated Risk Management reports provide insight into the technology providers who are seizing the IRM market opportunity and embracing the future. The reports also show those providers who still have room for improvement. Below are seven characteristics that clearly differentiate GRC and IRM solutions.


Feedback from our end-user client inquiries as well as our Gartner Peer Insights highlight these characteristics as well as the need for technology and service providers to make the shift to IRM. That’s why we see 2018 as a defining moment for the IRM solution market  as it continues on a pace to grow to $7.3 billion by 2020*. To learn more about IRM and how you can benefit from this evolving solution set, read our latest research  “Market Trends: GRC Era Is Over as Customers Adopt Integrated Risk Management”. Also, read more about risk management topics in my latest Gartner research.

*(includes software, implementation and professional services)

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: audit-and-risk  audit-management  business-continuity-management  compliance-management  cyber-risk  cyber-security  enterprise-risk-management-program-management  grc  integrated-risk-management  irm  it-risk-management  legal-risk  operational-risk-management  risk-assessment-process-and-methodologies  risk-coverage  risk-management  risk-response-strategies  strategic-risk  technology-and-emerging-trends  third-party-risk-management  

Tags: digital  grc  integrated-risk-management  risk-management  

John A. Wheeler
Global Research Leader - Risk Management Technology
9 years at Gartner
30 years IT Industry

John A. Wheeler is global research leader for risk management technology solutions and professional services. His areas of specialty include integrated risk management, executive leadership and corporate governance. Follow him on Twitter @JohnAWheeler Read Full Bio

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.