Pay attention to GRC
There’s a new category of enterprise computing beginning to take shape and I believe it will be important to the front office and CRM. The category in question is GRC which stands for governance, risk, and compliance. Governance became a big deal when too many corporations let down their shareholders as well as other stakeholders like employees and imploded due to management misconduct. Companies like Tyco and Enron will be GRC whipping-boys and shorthand for bad management for a long time.
GRC is a software response to legislation like Sarbanes-Oxley that attempts to set standards for corporate transparency and financial best practices. But SOX really only deals with a small part of the picture and there are many other areas including IT, HR, procurement, sales and more that need the same kind of rigorous record keeping and auditability that will prove to all stakeholders — including boards of directors — that a management team is working properly.
What’s interesting to me about GRC is that it shows many of the signs of becoming a big market that CRM did more than ten years ago. Back in the late 1990’s there were vendors of point solutions like SFA but no well integrated suite of solutions that provided the 360 degree view of the customer and shared customer data and all that. GRC is in the same predicament and I expect we will see similar arguments about point solutions and integrated suites and because this is 2007 there will also be a platform discussion as well.
Backing up a bit, this all makes sense to me. GRC is an idea made up of three things that need to be seen as one. It makes no sense to calculate risk if you don’t have controls to manage it and managing risk is at the heart of governance though it is not necessarily its soul. The soul of governance is understanding the risk portfolio across multiple departments like HR and IT and managing it across all the stove pipes and that takes software.
In CRM we’ve already seen the first indicators that GRC is coming in products like compensation management, expense management and CPQ (configuration, pricing and quotation). These applications place some basic financial controls on some departments but they are not enough — all you have to do is understand that most compensation management vendors integrate with finance but not HR to see that.
I think GRC is going to be a big deal for CRM and for ERP and it might actually give those two disciplines a better way to interface. If I am right, almost every company in this country and well beyond it, will need a GRC sysstem/platform/whatever and that potentially means a market at least as big as CRM.
Currently, the action in the GRC market is low level and fragmented. Gartner manages to have a magic quadrant for GRC but it seems like they have three different analysts contributing three different perspectives — sort of like the blind men and the elephant. What’s interesting to me is that several analysts have invested serious brain cycles developing market maturity models and forecasting revenues but there has been little substantial thought put into defining the space and the business processes that make it up. All that will come, it’s an early market after all.
Nevertheless, I think it would be prudent to begin some self-education about all things G, R and C. As usual the early birds will get to make the important definitions and capture the early market.