Governance, risk, and compliance (GRC) solutions provide value by helping organisations to manage the complexity of information management, process execution, and stakeholder coordination in light of increasing volatility, regulatory complexity and change, and other concerns. The resulting benefits generally relate to improved visibility into and mitigation of risk factors while reducing manual efforts on the part of compliance management, risk management, and other stakeholders.
The expansive reach and complexity of GRC platforms adds to the challenge of implementation and deployment. Often, GRC provides a basic solution framework that must be adapted to an organization’s individual needs and use cases. As a result, organizations’ GRC implementations involve the same challenges of other enterprise applications, while also trying to match their particular mix of stakeholders, processes, requirements, and standards. The resulting delays, missteps, and unnecessary costs can significantly erode the value provided, and even lead to abandoned projects.
Blue Hill Research have released a report which highlights the good, the bad and the ugly from 21 observed GRC implementations. The full report is available here and the table below gives a useful summary of the overall findings.