And the results are in... The Forrester Enterprise GRC Platform Wave 2009

Chris McClean

The launch of any new research report is exciting, but I’m especially happy to see the publication of the The Forrester Wave™: Enterprise Governance, Risk, And Compliance Platforms, Q3 2009.

The evaluation speaks for itself. Forrester goes through great pains to assure a fair, detailed process that looks into the strengths and weaknesses customers care about most — and this Wave is no exception. But considering the amount of time and effort we spent putting this report together, I wanted to provide some additional thoughts on what I learned during the process:

Read more

Categories:

Granted, the regulatory environment is changing. How will this affect us?

Chris McClean


We are now approaching the half-way point of 2009, and most of us are still trying to figure out the nature and scope of regulations that will descend in reaction to the massive corporate failures of the last 9 months. Considering the hefty burden brought by Sarbanes-Oxley in reaction to — by comparison — less egregious issues, it’s no wonder risk and compliance professionals are waiting with nervous anticipation.

Read more

Categories:

New Security and Risk Podcast - The GRC Technology Puzzle

It’s bad enough when your boss puts you on the spot about a recent project you’ve finished...it’s even more interesting when that conversation is recorded for the general public.

Listen to Research Director Rob Whiteley interview me about one of my recent reports in our new podcast, The GRC Technology Puzzle: Getting All The Pieces To Fit.

For those of you interested in why analysts write the reports they do and how they might have done things differently, our podcasts provide a behind-the-scenes look at what customer conversations, market trends, and other issues motivate our research.

This report specifically tackles the increasingly complicated GRC technology landscape, a market segment that includes literally hundreds of vendors vying for their share of corporate budgets. The highlight is a graphic that illustrates the different categories of technology available on the market and the distinct role they play in a broad GRC program.

Categories:

Archer Sets Its Sights On IT GRC Rival, Acquires Brabeion

Chris McClean

Top contenders in the IT governance, risk, and compliance market merged on Tuesday as Archer Technologies announced it is acquiring Brabeion Software. Forrester projected consolidation as a key GRC market trend for 2009, and we explored the issue further for IT GRC vendors in our report, "Consolidation Looms for the IT GRC Market."

Read more

Categories:

Thomson Reuters Gets A Jump On Holiday Shopping, Acquires Paisley

Chris McClean

Keep an eye out in the next week for Forrester’s GRC Trends 2009 report, which will take a look at how a decidedly rocky end of 2008 will impact those responsible for various aspects of corporate governance, risk management, compliance, audit, and finance... as well as the product and service firms that serve them.

One trend that we call out in the report is the impending consolidation of the GRC technology landscape, which is a top-of mind issue for many leading vendors in the space.

Wednesday, Thomson Reuters got an early start on this trend with a definitive agreement to purchase Paisley. A leader in the GRC platform and audit management markets, Paisley will be a strong addition to the company's Tax and Accounting group.

Read more

Categories:

This week in history - volcanos, hurricanes, and the risk of Black Swans

Chris McClean

Pouring over endless details of risks, regulations, taxonomies, and technologies can sometimes give us a narrow view of the world, so it seems worthwhile to take a minute to mark the 125th anniversary of the cataclysmic eruption of Krakatoa this week. For those of us that want to think big but can’t remember that far back, this week is also the 3rd anniversary of Hurricane Katrina’s devastating sweep across a wide stretch of the US Gulf Coast.

Read more

Microsoft and BearingPoint see space to play in the Enterprise GRC market

Chris McClean

Earlier this week in a joint press release, Microsoft and BearingPoint announced the new BearingPoint Enterprise Governance, Risk, and Compliance product offering. Ok... it will be a while before the more veteran enterprise GRC vendors start really losing sleep over this deal. But BearingPoint continues to be a top risk consulting firm, and Microsoft’s reach through the business user community will be an attractive benefit for compliance and risk professionals trying to get hundreds or thousands of staff members to contribute to the GRC program. There’s potential here for sure.

Read more

Categories:

A Culture of Compliance

UBS Explains Risk Management Gone Wrong

Mary Beth Kemp

Big news in risk management this week as UBS released a report to shareholders describing the situation that has led to roughly $37 billion in write-downs so far related to the company's subprime exposures (see articles in Reuters , Forbes , the Wall Street Journal , and BusinessWeek).

Overarching causes described in the report are not surprising; control failures, an overly aggressive focus on short-term growth, and excessive risk taking are among the high level issues addressed. Also in the report, however, are scores of more detailed explanations of control failures in more than 20 different categories. Specific problems on the list include:

Read more

Legislators to the rescue

One of the most substantial trends we expected to see in governance, risk, and compliance in 2008 is the tightening of regulations in response to major risk management failures. Yesterday, we saw a clear example of that, as the US Senate approved a bill that would nearly double the size of the Consumer Product Safety Commission, largely in response to the massive toy recalls that took place last year.

Also this week, the UK’s Medicines and Healthcare Products Regulatory Agency showed signs of cracking down on disclosure of drug trial results after problems persisted with certain anti-depressant drugs in relation to teenage suicide (even though criminal charges will not be filed).

The sub-prime issue may likely be the next major target for legislative changes, although most discussion seems to be focused on consumer protection at this point, not tighter control over lenders.

Read more