Enterprise risk management teams are encountering “significant challenges” when trying to select a tool that meet the needs of a diverse set of stakeholders, according to research from Gartner.
The lengthy vendor selection process reflects a diverse range of requirements and stakeholders that are commonly involved with GRC tool selection, it says. Approximately five functions or risk sub-functions typically use ERM’s primary GRC solution 20% of the time or more, with similar numbers consulted in the purchasing decision.
“ERM departments find that selecting and implementing GRC tools is challenging, with the vendor evaluation process alone taking over six months in most organisations,” said Zachary Ginsburg, director of research in the Gartner Legal Risk and Compliance Practice. “Then, for a typical department, it can take at least an additional nine months to attain full functionality from a GRC tool.
“Because GRC tools and third-party point solutions can be integrated via purpose-built data connectors or APIs, ERM and other functions can often choose the tools best designed to meet their needs and still have data integration. Therefore, heads of ERM should consider prioritising their own functional needs when purchasing a GRC tool. In doing so, they may circumvent inefficiencies or costs that would be involved in accommodating a tool that’s not an ideal fit for their own workflows.”
Printed Copy:
Would you also like to receive CIR Magazine in print?
Data Use:
We will also send you our free daily email newsletters and other relevant communications, which you can opt out of at any time. Thank you.
YOU MIGHT ALSO LIKE