GRC 20/20

20/20 vision provides perfect clarity in sight: clarity, so you are able to see and process the surrounding context and react accordingly.

Clarity of Governance, Risk Management and Compliance

GRC 20/20 Research, LLC (GRC 20/20) provides clarity of governance, risk management, and compliance through objective market research, benchmarking, training, and analysis. 

GRC is “a capability to reliably achieve objectives [GOVERNANCE] while addressing uncertainty [RISK MANAGEMENT] and acting with integrity [COMPLIANCE].”

 Every organization does GRC.

All organizations have some approach to governance, risk management and compliance – from the ad hoc to the structured. The concern should be how mature your organization’s approach to GRC is at department and enterprise levels. 

Achieving higher levels of GRC maturity begins with understanding context (e.g., regulatory environments, risk environments) along with objectives, culture and values of the organization to establish a GRC strategy, process, information, and technology architecture. GRC happens across the organization and can take the form of a cross-department enterprise GRC strategy but is also frequently focused on department/process needs that address specific GRC needs. In its most mature state, GRC is part of the organization’s strategy and operations and supported by a range of technology, knowledge and services enabling the organization to achieve greater efficiency, effectiveness, and agility in GRC processes and broader business operations. 

The GRC market, as a market for technology, knowledge and services, is a macro-market with many sectors and sub-sectors. It is not about one product or solution that tries to be all things to the organization. While there can be a core GRC platform, GRC technologies are varied and have a variety of functions. Approximately 80 percent of the GRC market is focused on department/process or specific issues, and less than 20 percent is focused on top-down enterprise GRC strategies. The GRC market has over 500 solution providers that GRC 20/20 has mapped into sectors and sub-sectors.

GRC 20/20 monitors market size, demand, growth, and directions as well as differentiating solutions on their value and capabilities to meet specific needs. GRC 20/20 brings real-world expertise, independence, creativity and objectivity to help organizations understand and apply strategies and technology to meet the GRC challenges they face. Whether focused on a specific issue, process, department, or enterprise-wide GRC strategy, clients seek GRC 20/20 advice in achieving sustainable and pragmatic innovation.

GRC 20/20 is a:

  • Buyer advocate, representing the needs of those purchasing GRC solutions to help them navigate provider hyperbole to identify solutions and services that are practical and deliver on requirements.
  • Solution strategist, helping technology, knowledge, and service providers understand the demand and needs of buyers to enable product, market, competitive, sales, growth and partner strategies.
  • Market evangelist, to educate and evangelize GRC strategies that deliver results and value for the enterprise or individual departments with a focus on thought leadership and advocacy for the role of technology in making GRC processes efficient, effective and agile.

Through ongoing research and industry interaction, GRC 20/20 is the authority in understanding how organizations implement GRC practices that are effective, efficient and agile. GRC 20/20 advises the entire ecosystem of GRC roles within organizations, technology and knowledge solution providers, and professional service firms. Organizations engage GRC 20/20 when they need insight, guidance and advice in dealing with a dizzying array of disruptive issues, challenges, processes, information and technologies while trying to maintain control of a distributed and dynamic business environment. GRC 20/20 analysts and research enable organizations to identify and select the right combination of GRC technology, knowledge and service providers to maintain a position of integrity aligned with business values, objectives, strategy and performance.

Unlike the major market research and analyst firms, GRC 20/20 aims to be:

  • Affordable. GRC 20/20 rates are 1/3rd to 1/4th of what you will find at major analyst firms. Organizations do not need to pay $1,000+ an hour for analyst time – that is simply robbery.
  • Deep. GRC 20/20 does not believe that the GRC market can be represented in a single two-dimensional comparison of a handful of select GRC solutions. Major analyst firms have misrepresented the market this way. We are the only GRC market research and analyst firm to provide detailed selection criteria, comparisons, market sizing, and growth for both the entire GRC market as well as specific sectors of the GRC market.
  • Pragmatic. GRC 20/20 understands that organizations have a range of GRC roles and processes each focused on specific governance, risk management and compliance challenges. While an enterprise GRC strategy and architecture is the ideal, most GRC needs are focused on department as well as specific risk and compliance needs.
  • Grounded. GRC 20/20 prides itself on real-world experience with advisors that have experience in the trenches of the organization and know what works and does not work as well as how to get the job done. GRC 20/20 research is not done in academic ivory towers, disconnected from the real world.
  • Collaborative. GRC 20/20 understands we live in a social world of professional communities and circles. GRC 20/20 actively engages businesses, non-profit associations, solution providers, professional service firms, and others in research activities and collaboration to gain complete clarity of the GRC market along with perspectives and experience that feeds into our market models and advice.
  • Social. GRC 20/20 knows that to be collaborative requires engagement in discussion, debate, and thought leadership in social communities and professional associations that GRC professionals participate in. GRC 20/20 analysts do not sit back in cloistered offices and avoid rolling up their sleeves and getting involved in the real world.
  • Reachable. GRC 20/20 is easy to access. Clients of GRC 20/20 can call, email, text, instant message, tweet, use a palantir, or even send smoke signals if necessary to communicate with us to get you answers when you need them. GRC 20/20 offers free inquiries to buyers of GRC solutions to provide the clarity they need to take the next step. GRC 20/20 fields several hundred inquiries each year from buyers of GRC solutions and services – the GRC consumer.
  • Transparent. GRC 20/20 represents and works with the ecosystem of buyers as well as GRC solution, knowledge, and service providers. GRC 20/20 revenue comes from a mixture of these elements and we are fully committed to objectivity in research and not afraid to disclose relationships.