Blog post

Why Leading Software Vendors Are Dumping GRC for IRM

By John A. Wheeler | November 29, 2018 | 0 Comments

Third-party risk managementTechnology and Emerging TrendsTech and Service ProvidersStrategic riskSecurity and Risk Management LeadersRisk ManagementOperational risk managementLegal riskLegal and ComplianceIT risk managementIRMintegrated risk managementGRCCyber securityCyber riskCompliance managementBusiness Continuity ManagementAudit managementAudit and RiskEnterprise Risk Management Program ManagementRisk Assessment Process and MethodologiesRisk CoverageRisk Response Strategies

One of the most common questions I receive from software vendors has to be “what’s the difference between governance, risk and compliance (GRC) and integrated risk management (IRM) solutions?” Gartner has been publishing research about integrated risk management (IRM) for the past two years. While the software end-user community is excited about IRM rather than outdated GRC solutions, some technology and service providers remain reluctant to acknowledge a shift in market demand has occurred.

Our Magic Quadrant and Critical Capabilities for Integrated Risk Management reports provide insight into the technology providers who are seizing the IRM market opportunity and embracing the future. The reports also show those providers who still have room for improvement. Below are seven characteristics that clearly differentiate GRC and IRM solutions.


Feedback from our end-user client inquiries as well as our Gartner Peer Insights highlight these characteristics as well as the need for technology and service providers to make the shift to IRM. That’s why we see 2018 as a defining moment for the IRM solution market  as it continues on a pace to grow to $7.3 billion by 2020*. To learn more about IRM and how you can benefit from this evolving solution set, read our latest research  “Market Trends: GRC Era Is Over as Customers Adopt Integrated Risk Management”. Also, read more about risk management topics in my latest Gartner research.

*(includes software, implementation and professional services)

Comments are closed