Integrated Risk Management is GRC Redefined
On October 17, John Wheeler of Gartner described the replacement of GRC software as a market segment with the label “Integrated Risk Management”.
Some of the key findings by Gartner included that 40% of companies are not using GRC software; 65% of the survey participants were not familiar with what GRC means; and 65% felt their investment in risk management tools was falling behind.
I spoke with our CEO, Bob Morrell as he quotes that 65% number a lot:
“When we started the company eight years ago, we wanted to develop systems to support Enterprise Risk Management. It’s strategic, the board cares deeply about it, and over the years it’s been made a requirement. But, unlike anybody else in our space, we started with risk as our focus and then we went deep and built out what was termed GRC. Unfortunately few really understand what that term means.
“For a time we used the term enterprise-wide risk management, but a more accurate term is enterprise-deep. But that just sounds odd. So when Integrated Risk Management was resurfaced by Gartner, it is what we’ve focused on since we started the company and provides the best description of what we do. Our solutions are down in the trenches with operations, managing a claims, operational risks, and so on, but we’re also meeting the needs of the board and C-level.”
Riskonnect has seen how organizations are addressing risk, and in particular how they are trying to address the plethora of systems that have been installed over time to address specific risk issues, but without the advantage of a single “point of truth” across the organization.
Most recently there has been an upsurge in interest in merging internal audit, SOX compliance, and other compliance activity in with other risk management solutions within a single system. Namely sharing common data while still maintaining secure independent views into data, based on the role of the participants. This has been brought to the forefront as people see common issues such as failure to maintain oversight over who is responsible for the different aspects of risks. At its most basic level, does the person responsible for some aspect of risk management still work for the organization.
Clients at the Riskonnect User Conference in early November will be hearing from other clients who have already embarked on the path of implementing an Integrated Risk Management framework, with some clients having started on this path with Riskonnect 3-4 years ago and who continue to expand the role of the Riskonnect software across their organization.
Can your risk management software be this adaptive to change?