Gartner (finally) released their new Magic Quadrant for Integrated Risk Management this week. We were not surprised to see a very strong ranking for two of the software vendors that we support at Iceberg.
When it comes to Gartner’s MQ’s, I’m usually interested in the definitions and context around their evaluation than in the rankings themselves. Analyst John Wheeler has done a good job describing customer challenges and requirements, and how the different vendors are responding. Three highlights:
- Wheeler defines IRM as “technology, processes and data” that enable the “simplification, automation and integration of strategic, operational and IT risk management across an organization”. This echoes what we’re hearing from customers: that executives and boards are focused on improving non-financial risk management.
- “The change management associated with establishing a risk-aware culture and implementing new policies is often the most difficult aspect of adopting IRM.” We see this time and time again, and recommend that organizations carefully plan and budget for change management and user adoption.
- “IRM goes beyond traditional, compliance-driven GRC technology solutions to provide actionable insights that are aligned with business strategies, not just regulatory mandates.” To get the most value out of your GRC/IRM investment, you need to be focused on outcomes. Specifically, your program needs to be designed to deliver information that helps executives and boards make more effective business decisions.
The full report is available here to organizations with a Gartner subscription, or check out any of your favourite GRC/IRM vendor web sites.