GRC is Dead, Long Live GRC!
by Josh Sokol (Creator & CEO of SimpleRisk)
Recently, a friend sent me a blog post by John A. Wheeler of Gartner entitled "What Ever Happened to GRC?". In the post, John discusses the rise of GRC due to regulatory mandates and the subsequent fall into the "Swamp of Diminished Returns" due to the realization that chasing regulatory mandates with GRC technologies and services was not a sustainable investment. John believes that the next step in the "Hype Cycle" is for GRC to slide into oblivion while tools and services focused around Integrated Risk Management (IRM) will rise out of the ashes. I couldn't agree more.
As I wrote about in the SimpleRisk Founder's Story, I came to the same conclusions as John has back in March of 2013 when I needed to start a formal risk management program, but couldn't afford the bloated and overpriced GRC tools. Spreadsheets weren't going to scale for me and so I ended up writing SimpleRisk.
SimpleRisk has always been focused around Risk Management. In fact, it was several years before we even began integrating any Governance or Compliance functionality into the tool. It was released as an open source tool out of an altruistic belief that risk management should be accessible to companies of all sizes, not just the Fortune 1000 companies. But what we've realized over the years is that it wasn't the enormous price difference that brought users to SimpleRisk. It was the fact that they could perform risk management activities that were light years better than spreadsheets, but represented in a simple and intuitive way that even non-technical users could understand and interact with. Installations took minutes, not weeks, and the ROI was nearly immediate.
Don't get me wrong. There has always been and will always be a need for the Governance and Compliance capabilities that GRC tools represent. But the focus needs to be on the Risk Management. I believe that we will begin seeing a shift to tools with an open and integrated architecture with flexible workflows that enable risk management across the enterprise. While we see those other bloated GRC products falling off the "Cliff of Obsolecense", I truly believe that SimpleRisk is poised to save companies massive amounts of money while providing an intuitive interface and allowing them to focus their time and efforts on risk management rather than managing risk tools. If you find this idea resonates with you, consider giving SimpleRisk a free 30 day trial today!