One of the most common questions I receive from software vendors has to be “what’s the difference between governance, risk and compliance (GRC) and integrated risk management (IRM) solutions?” Gartner has been publishing research about integrated risk management (IRM) for the past two years. While the software end-user community is excited about IRM rather than outdated GRC solutions, some technology and service providers remain reluctant to acknowledge a shift in market demand has occurred.
Our Magic Quadrant and Critical Capabilities for Integrated Risk Management reports provide insight into the technology providers who are seizing the IRM market opportunity and embracing the future. The reports also show those providers who still have room for improvement. Below are seven characteristics that clearly differentiate GRC and IRM solutions.
Feedback from our end-user client inquiries as well as our Gartner Peer Insights highlight these characteristics as well as the need for technology and service providers to make the shift to IRM. That’s why we see 2018 as a defining moment for the IRM solution market as it continues on a pace to grow to $7.3 billion by 2020*. To learn more about IRM and how you can benefit from this evolving solution set, read our latest research “Market Trends: GRC Era Is Over as Customers Adopt Integrated Risk Management”. Also, read more about risk management topics in my latest Gartner research.
*(includes software, implementation and professional services)
Category: audit-and-risk audit-management business-continuity-management compliance-management cyber-risk cyber-security enterprise-risk-management-program-management grc integrated-risk-management irm it-risk-management legal-risk operational-risk-management risk-assessment-process-and-methodologies risk-coverage risk-management risk-response-strategies strategic-risk technology-and-emerging-trends third-party-risk-management
Tags: digital grc integrated-risk-management risk-management
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.