This year, Active Risk made a decision not to participate in Gartner’s Magic Quadrant for eGRC.
It’s simple really. After much discussion with our customers, and having been deeply involved in the risk management industry since our inception, we have found and believe that version of risk management defined by Gartner’s eGRC Magic Quadrant is not comprehensive enough – or strategic enough – to meet the needs of the greater risk management industry, or the vast majority of the customers we serve.
At Active Risk we are 100% focused on providing world-class Enterprise Risk Management (ERM) solutions. We believe that the ERM approach to risk management encompasses the core components of GRC (compliance, regulatory and IT related risk management), but do so much more.
It has been our experience with our customers that effective risk management is concerned with both protecting value, but also creating it, and we believe Enterprise Risk Management offers the best opportunity to capture and create value across an organization. We feel, and our customers support, that the GRC approach is too focused on IT risk and compliance, and fails to look at all the areas critical to business success for our customers.
We made our decision not to participate in the eGRC process because we believe that:
- Our customers want solutions which help them achieve their goals, not ones which are over-focused on compliance, and the down-side of risk.
- There is a mountain of evidence that clearly signals risk management is in the middle of a paradigm shift. A shift that moves the practice of risk management away from being focused on compliance, and towards risk management as a competitive differentiator, a value creator, and a true enterprise process. We don’t feel the eGRC MQ reflects the current or future state of risk management.
- The criterion used by Gartner to complete their analysis of the risk market does not reflect the breadth and depth of risk management in the real world, and we have not found it reflects what our customers are asking for. For our customers risk management is an enterprise process, involving all departments, and all levels. Our customers have told us, and we believe that the vast majority of the solutions listed in the eGRC MQ are compliance-based solutions that don’t reflect the enterprise nature of risk management, don’t reflect their business needs, and don’t add value. As we feel risk management is more than just IT and compliance, we decided not to participate.
- Within operationally-based industries (energy, mining, aerospace, government, engineering, etc.) there is a need for risk management solutions which are capable of managing risks associated with areas like Capital Projects, HSE, Operations, Programs, Strategic and ERM. We don’t believe the GRC vendors address our customer’s reality, or meet the new requirements for robust, enterprise-wide risk management. This is the customer base we best serve, so we are focused on what they need first.
Practically speaking, Active Risk is engaged in enterprise risk management activities every day, with some of the largest firms on the planet. We are focused on Value Creation, and making Risk Management simple, valuable and personal. We want our customers to see risk management as a competitive advantage and something which helps them achieve their goals.
Our customers have asked for deeper, more functional solutions which help them identify those catalyst risks which can cascade across the business and wreak havoc. And they have asked us to give them solutions which can help uncover hidden opportunities and areas for growth. Simply, they have asked for something we don’t feel is represented well within the Gartner MQ.
Fundamentally we believe the risk management market has evolved beyond what the eGRC Magic Quadrant provides and is now firmly focused on the broader-based Enterprise Risk Management practice. Our customers, and the market are now looking for the next generation of risk management solutions, and we are at the forefront.
We would welcome the opportunity to work with Gartner to amend or adjust their existing MQ, or help to develop a new Magic Quadrant which looks at risk management in a broader, more encompassing way and share the benefit of our experience and that of our customers.
Until then, we remain 100% committed to making risk management simpler and more valuable for our customers, and we believe we do that better than anyone else. As risk management continues to evolve away from compliance and towards performance, we will continue to evolve with it, and continue to provide the most robust, simple and valuable risk management solutions available.