The Forrester Wave™: Governance, Risk, And Compliance Platforms, Q4 2023, is now live!

When Odysseus left Ithaca and sailed to fight in the Trojan War, he had no idea how the gods would impact his journey — or that it would take him over 20 years to return home. For 10 years, the Greek army tried to breach Troy’s walls until Odysseus devised the Trojan Horse and ended the war. But as he prepared to go home, Odysseus angered the sea god Poseidon, and Poseidon’s curse and Odysseus’ excessive pride resulted in another 10 years of trials and tragedy before he returned to Ithaca and fought to reclaim his throne.

Governance, risk, and compliance (GRC) has endured its own 20-year odyssey (but with much less hubris and divine anger). When the US passed the Sarbanes-Oxley Act in 2002, our epic hero GRC set sail to fight fraud and poor financial control. Over time, regulators, companies, and investors learned better practices and began expanding GRC principles broadly across business disciplines — with plenty of setbacks and confusion along the way.

Today, we talk about “interconnected” and “holistic” GRC as the visionary end state for an organization to operate ethically and efficiently. It’s a simple idea but, as with Odysseus, one that is often poorly realized, drawn out, or falls apart as organizations grapple with the dynamic challenges of doing business. Now, with innovations in AI, risk intelligence data, and advanced GRC platform capabilities, the vision of holistic GRC is becoming more attainable and practical for firms of all sizes.

Since our last Forrester Wave™ evaluation, three key trends have emerged in the GRC odyssey:

  1. De-risking risk management. Changes to workflow, visualizations, and GRC analyst experience improve how platforms reduce friction and scale. Vendors have focused on developing feature-rich platforms that support vast requirements, but differentiated vendors do this while providing a healthy degree of preconfigured applications, content, and best practices to meet customers at their respective levels of maturity.
  2. Reimagining GRC processes with artificial intelligence. The GRC market has talked about machine learning and AI for over a decade, but it was relegated to workflow automations and data integrations. With generative AI’s rise, GRC platforms are rapidly embracing AI for content creation, behavior/event prediction, and knowledge articulation across GRC use cases. We are only at the beginning of seeing how AI will reimagine GRC.
  3. Demonstrating a holistic approach to GRC. Companies can’t afford to implicitly govern their business and need an effective platform that works with their technology stacks to communicate vertically and horizontally within an enterprise. Leading vendors are showcasing clear views of platform technical depth and breadth that address GRC as a complete program rather than a discrete technology.

Whether you are already using a GRC platform or embarking on your first experience, read this report for more insight on the GRC market and the 15 vendors that matter most. You don’t need to consult the Oracle of Delphi to find out which vendors are best suited to your requirements. Instead, schedule a guidance session or inquiry with me to learn more!