How to Use The Forrester Wave to Evaluate GRC Software

February 4, 2016 By
All organizations are affected by governance, risk and compliance (GRC), whether they realize it or not. When a company complies with a regulation, decides how it will meet objectives, or takes steps to overcome potential obstacles, it is de facto managing GRC. The challenge facing all organizations is how to manage GRC in a better way.

For GRC, and any other business function, there are three elements that must work together to achieve success. The three elements are: People, Processes, Tools. A company must have the right people with the right attitudes, skill sets and willingness to learn and adapt to make anything successful. But even the brightest minds can find a way to fail if the right processes are not in place. A process must be thorough, yet easy-to-understand, and achieve a clearly defined end-result. Finally, the right tools must be in place to facilitate everything. These tools help people collaborate and manage information and data, through centralization and automation, which in turn saves time and money.

If you want to manage GRC better and feel that you have a good grasp of the first two elements, but are struggling with the third (Tools) because of all the commercial software out there for GRC or Risk, there is good news. Forrester Research has released The Forrester Wave™: Governance, Risk, And Compliance Platforms, Q1 2016 report, which you can download from the Enablon website. To make the most of the research as part of your GRC software evaluation process, we provide five ways to use the report. These will save you time and make sure that you get the most value from the research.

1) Narrow Down the List of GRC Software Vendors

This is the most useful feature of the Forrester Report. There are many GRC software vendors in the market. Add all vendors that also claim to offer a Risk solution, and you can end up easily with more than 25 serious vendors. Like many organizations, your company does not have a huge amount of time to systematically evaluate all vendors. But you can narrow down the list of vendors to a manageable number by using insight from a neutral and objective source. The report already narrows down the list of the most significant GRC vendors to 14. Seven of them are identified as GRC platform leaders. By consulting the report, you can further narrow down the list to a few top vendors that you can then evaluate separately.


2) Compare GRC Software Vendors Through Their Strengths and Weaknesses

Once you have narrowed down the list to a few top GRC platforms, you can use the report to obtain an initial assessment of the strengths and weaknesses of each individual vendor. This allows you to compare vendors and have an idea of how they stack up against each other. More importantly, you can assess your specific needs against the individual strength and weaknesses of the vendors to be better prepared when you inquire more about their offering.

3) Drill Down on Specific GRC Functionality

The Forrester Report does more than identify the most significant GRC platform vendors and the leaders. It also provides detailed scores on individual criteria. This is helpful because organizations can have different priorities regarding GRC needs. Some may place more importance on content management, others may have a greater need for audit management, while some firms may place a strong emphasis on technical functionality. The report allows you to see how individual vendors score for the features and functionality that are especially relevant to you. In addition, the Forrester Wave tool provides detailed product evaluations, feature comparisons, and customizable rankings.

4) Learn More About the Four Core Capabilities to Manage Risks

You may already have a good idea of what you are looking for in a GRC software. But learning from the perspective of a renowned analyst firm can certainly help. The Forrester Report provides a list of four mandatory aspects of functionality for a GRC platform. Familiarizing yourself with these four capabilities ensures that you do not neglect anything during the GRC software evaluation process. This new information may lead you to revise your priorities and needs regarding what you value the most in a GRC platform, and therefore improve the evaluation process.

5) Be Future-Ready by Being Aware of GRC Trends

The Forrester Report highlights areas where GRC platform vendors have opportunities to benefit clients even more. It provides GRC trends that vendors and clients alike should be aware of. By learning more about these trends, you can be better prepared when engaging with individual GRC software vendors and inquire about relevant issues that you may need to address in the future through your GRC software. It is not enough to simply evaluate GRC vendors for current capabilities. You must also evaluate them for the future trends and software characteristics that will become important.

If you’re still trying to figure out whether your organization needs a GRC solution, read our post on the four signs to look for. If you feel that your organization can benefit from using a GRC software, download The Forrester Wave™: Governance, Risk, And Compliance Platforms, Q1 2016 report, from which you will learn:

  • Forrester’s 30-criteria evaluation of the most significant 14 GRC vendors.
  • Evaluation analysis and vendor profiles.
  • Lessons learned and trends in the field of risk management.
  • What risk professionals are looking for when selecting a GRC platform provider.

Download Report

Categories: Risk

Leave a Reply