1. Home
  2. Risk Management
  3. ERM - Enterprise Risk Management

Managing risk is more important than it’s ever been, and it is getting more difficult

Governance, risk and compliance packages are becoming vital in the fight to preserve the increasingly intangible nature of business value and the growing risk of violating customer trust.  The increasing cost of mistakes is clear:

  • Corporate reputations are at risk. The hit to their reputation after a mishap, and the ensuing loss of customers and other stakeholders, damaged companies more than any other category of loss. Volkswagen's mistake cost them $30 billion, Takata's $24 billion, and GM's $4.1 billion.
  • Regulatory fines are skyrocketing. With the uncertain regulatory landscape, managing compliance is becoming a challenge for most risk managers. The General Data Protection Regulation (GDPR) in Europe is a prime example of the challenge. If a company or any one of its third parties breaches the data of a European citizen, the company will face a fine of 4% of annual global revenue or €20 million, whichever is greater.
  • Disruptive business models are introducing new risks. The shared economy business model stands out because of its amplified regulatory, strategic, and operational risks. After a hacker stole the information of 57 million Uber customers, Uber attempted to silence him for $100,000 and . 

No wonder with these risks, the GRC business has many platforms offering to solve? Manage? this problem. 

Forrester’s governance, risk, and compliance platform evaluation overview 

The Governance, Risk, And Compliance Platforms, Q1 2018 Report from Forrester contains a comprehensive set of 23 evaluation criteria, which they grouped into three categories:

  • Current offering. The vertical axis of the Forrester Wave™ graphic reflects the strength of each vendor's product offering, including its capabilities to deliver content management; document management; user event input/output, distribution, and communication; risk analytics; risk and control management; workflow management; audit management; dashboards and reporting; GRC breadth and depth; regulatory change management; integration capabilities; organizational context; end user experience; and language support.
  • Strategy. The horizontal axis measures the viability and execution of each vendor's strategy, which includes the vendor's product implementation, product version support and custom code, customer maturity, and partnerships.
  • Market presence. The size of each vendor's bubble on the Forrester Wave graphic represents its presence in the GRC market, based on its revenue, financial resources to support strategy, GRC staff size, global support for language and availability, and customer base. 

Using their well established Wave vendor comparison methodology -  Forrester assessed the 14 vendors, see below:

Forrester Wave™: Governance, Risk, And Compliance Platforms, Q1 2018 

Source & Copyright©2018 - Forrester

Forrester stress that, “This evaluation of the GRC market is intended to be a starting point only. We encourage clients to view detailed product evaluations and adapt criteria weightings to fit their individual needs through the Forrester Wave Excel-based vendor comparison tool.”


CTMfile take: GRC risk is probably the biggested risk today (even bigger than cyberisk). The issue for corporate treasury departments is how they integrate with the new GRC platforms.

Like this item? Get our Weekly Update newsletter. Subscribe today

Also see

Add a comment

New comment submissions are moderated.