The pace of the Integrated Risk Management (IRM) evolution continues to accelerate at break-neck speed. According to Gartner Research Director John Wheeler, “The IRM market is projected to grow at a 13.4% compound annual growth rate (CAGR) to reach $7.3 billion by 2020,” so we believe think that we are in the early days of continued adoption of IRM solutions. Well-known providers have strong brand recognition, but increasing challenges meeting evolving customer needs as they struggle to maintain a consistent level of quality and agility. Perhaps, first movers had an advantage dating back to 2004 as GRC emerged, but today, many lack scalability, as the needs have matured and the technical model is unsustainable.  

Presently, many organizations are at risk of making mistakes in the way they evaluate IRM technology vendors for the following reasons:

  • Overvalue brand awareness, that may not be in tune with the vendor’s ability to serve current needs
  • Buying for today, not tomorrow
  • Strict adherence to an overly rigid, check-the-box RFI/RFP process
  • Lack of focus on assessing the intangibles of a vendor
  • Missed opportunities to assess the quality of a vendor’s people and process
  • Insufficient understanding of the technical differentiators
  • Failure integrating tangible user experience measurements into the vendor evaluation
  • Not seeking a diverse organizational stakeholder matrix during the evaluation process

So what’s next? How do you counter those potential gaps in evaluating vendors in this evolving space?

  • Expand your assessment to include a quantifiable and structured due diligence of the vendor’s reputation, ideally from a mix of unbiased sources.
  • Before you start, define your strategic roadmap, specifically the role of technology enablement value, and then overlay the vendor roadmap to identify potential alignment gaps.
  • Challenge yourself to align and represent the values of your organization to those of the vendor. Consider whether the vendor align with your company’s values.
  • A vendor’s people and process are equally important to the technology. Consider how well are you measuring the strength and integrity those elements.
  • Cloud-based technology comes in different flavors. Define standard parameters for how you measure not just a company’s IaaS or PaaS model, but define measurables that differentiate proprietary vs. non-proprietary capabilities.
  • As most vendors state they can deliver the fundamentals in a maturing market, UX must be broken down into quantifiable measures to capture true differentiation and the efficiency and effectiveness of the UX.
  • Challenge yourself to engage a diverse cross-matrix set of current and future stakeholders that will be accountable to the final decision and ultimately a highly engaged long-term advocate to navigate the organization’s political waters.

Today, the many faces of risk naturally result in a cross-discipline ownership model. Further, whether you call it IRM or GRC, the current market supports a powerful business case for risk technology consolidation, which is being driven by the pace of cloud adoption and an appetite for organizations to shift from on-premise to experience pure cloud models.

As two of the most influential GRC and IRM analyst reports have been released this year, challenge yourself to supplement the reports with these considerations. The softer side of technology evaluations is the most formidable yet most powerful part of the process.

The right partner is more than just a solution provider, they are an integral part of your personal, professional and organizational success and should be fully engaged on the intersection of your risk-based strategy and performance.

Riskonnect was also positioned as a Visionary in the Gartner 2018 Magic Quadrant for Integrated Risk Management.

Gartner: Magic Quadrant for Integrated Risk Management, John A. WheelerJie ZhangEarl Perkins, 16 July 2018.