In 2011 The GRC Market Will Grow 20%, Driven More By Breadth Than Maturity

On the heels of Forrester's GRC Market Overview last month, this week we published my Governance, Risk, And Compliance Predictions: 2011 And Beyond report. Based on our research with GRC vendors, buyers, and users, this paper highlights the aggressive regulatory environment and greater attention to risk management as drivers for change. Specifically, here is a brief summary of the top five trends we will see next year:

  • Increasing vendor competition will continue to bring more choices and more confusion. Strong market growth will encourage more technology and service vendors to get into the market, which means the fragmentation (which I've discussed previously) and confusion will continue.

  • Adoption of GRC will expand horizontally across organizations more than vertically. Third party compliance and risk management, internal audit, operational risk, corporate compliance, and other relevant functions will drive broader participation in GRC programs, but this means less attention will be given to linking GRC with higher level strategy. 

  • New and changing regulations will hinder GRC maturity in the short term. Along with the previous trend, the new regulations and industry reforms happening worldwide will primarily drive organization changes at the tactical level. As we saw with SOX compliance, the increased risk and compliance maturity that will eventually come because of these new regulations will take some more time to develop.

  • Business intelligence and data governance will factor more prominently in GRC decisions. This is far from a ubiquitous condition, but a growing number of GRC deals include a focus on integration with existing applications and data sources. The aggregation and analytics required to make sense of all this information in a risk and compliance context will require more sophisticated business intelligence and data governance technology implementations.

  • Mobile, social, and cloud technologies will begin showing practical value for GRC. Forrester is tracking a powerful transformation in information technology, and while the biggest Empowered innovations are primarily helping to strengthen marketing and communications functions, risk and compliance professionals will start to drive real value from emerging technologies with applications such as mobile-device audits and assessments and social media-based training and awareness.

Please let me know if you have any comments on this post or the report. Do you see these predictions having a substantial impact on your organization? Are there any significant trends or predictions I might have missed?

Comments

2011 GRC Predictions

Chris,
I couldn't agree with you more that "Business intelligence and data governance will factor more prominently in GRC decisions." We see enabling the business user with risk intelligence as a key part of expanding the role of risk management into broader business performance management. I also think the inverse is true: GRC will factor more prominently in business intelligence decisions.

Secondly, we believe that new and changing regulations will segment the GRC market between those vendors that manage regulatory change, and those that do not, as we are increasingly being asked to help our customers implement a programmatic framework for communicating changes to regulations and managing the internal regulatory change process.