Upload
gamallof
View
222
Download
0
Embed Size (px)
Citation preview
8/2/2019 ForresterWave Enterprise GRC Platforms Q4 2011
1/16
Making Leaders Successul Every Day
Nemer 30, 2011
The Frrester Wae: EnterprseGernance, Rsk, AndCmpance Patfrms, Q4 2011 Chrs McCean
fr Secrt & Rsk Prfessnas
http://www.forrester.com/8/2/2019 ForresterWave Enterprise GRC Platforms Q4 2011
2/16
2011 Forrester Research, Inc. All rights reserved. Forrester, Forrester Wave, RoleView, Technographics, TechRankings, and Total EconomicImpact are trademarks o Forrester Research, Inc. All other trademarks are the property o their respective owners. Reproduction or sharing o thiscontent in any orm without prior written permission is strictly prohibited. To purchase reprints o this document, please email [email protected]. For additional reproduction and usage inormation, see Forresters Citation Policy located at www.orrester.com. Inormation is
based on best available resources. Opinions refect judgment at the time and are subject to change.
Fr Secrt & Rsk Prfessnas
ExECuTivE SuMMARy
Innovation among top enterprise GRC platorm vendors has kept up an impressive pace as vendors aim
to stay one step ahead o their customers own advancements in governance, risk, and compliance (GRC)
programs. O the 13 companies in Forresters 59-criteria evaluation o enterprise GRC vendors, BWise,
MetricStream, IBM OpenPages, and RSA Archer emerge as Leaders because o their strong vision o GRC
value and ability to evolve quickly to address customers changing needs. A large pack o StrongPerormers ollows this group some right on their tail with highly competitive products and leading
capabilities in certain key areas. Tese include Mega, Tomson Reuters, Methodware, Compliance 360,
Protiviti, SAP, ARC Logics, and SAS. Enablon is the lone vendor in the Contender category, with
technical capabilities and vision enough to win deals against much more seasoned GRC competitors.
TAblE oF CoNT ENTSCstomers Stretc Te Fnctons O GRC And
Vadate Te Patorm Approac
Enterprse GRC Patorm Evaaton Overve
Evaaton AnassVendor Profes
Noteort Specasts
Sppementa Matera
NoTES & RESouRCES
Frrester cndcted prdct eaatns n Jne
2011 and nterewed 13 endr cmpanes: ARC
lgcs, bWse, Cmpance 360, Enan, Mega,
Methdware, MetrcStream, ibM openPages,
Prtt, RSA Archer, SAP, SAS, and Thmsn
Reters.
Reated Researc Docments
Ten Prrtes Fr yr Crrent And Ftre
Cmpance Prgram
J 19, 2011
Tpc oerew: Gernance, Rsk, And
Cmpance
March 14, 2011
Market oerew: GRC PatfrmsNemer 9, 2010
The Frrester Wae: Enterprse Gernance,
Rsk, And Cmpance Patfrms, Q3 2009
J 1, 2009
Nemer 30, 2011
The Frrester Wae: Enterprse Gernance, Rsk,And Cmpance Patfrms, Q4 2011As leaders, bWse, MetrcStream, ibM openPages, And RSA Archer Cntne TPsh The Enepe
b Crs McCean
wth Stephane baaras and Nchas M. Haes
2
3
69
13
13
http://www.forrester.com/go?docid=60184&src=57692pdfhttp://www.forrester.com/go?docid=60184&src=57692pdfhttp://www.forrester.com/go?docid=57690&src=57692pdfhttp://www.forrester.com/go?docid=57690&src=57692pdfhttp://www.forrester.com/go?docid=57318&src=57692pdfhttp://www.forrester.com/go?docid=47911&src=57692pdfhttp://www.forrester.com/go?docid=47911&src=57692pdfhttp://www.forrester.com/go?docid=47911&src=57692pdfhttp://www.forrester.com/go?docid=47911&src=57692pdfhttp://www.forrester.com/go?docid=57318&src=57692pdfhttp://www.forrester.com/go?docid=57690&src=57692pdfhttp://www.forrester.com/go?docid=57690&src=57692pdfhttp://www.forrester.com/go?docid=60184&src=57692pdfhttp://www.forrester.com/go?docid=60184&src=57692pdfhttp://www.forrester.com/8/2/2019 ForresterWave Enterprise GRC Platforms Q4 2011
3/16
2011, Frrester Research, inc. Reprdctn PrhtedNemer 30, 2011
The Frrester Wae: Enterprse Gernance, Rsk, And Cmpance Patfrms, Q4 2011
Fr Secrt & Rsk Prfessnas
2
CuSTOMERS STRETCh ThE FuNCTiONS OF GRC AND VAliDATE ThE PlATFORM APPROACh
In early 2011, we elded an unexpected customer question: Will enterprise GRC soware
deployments ever be on par with ERP? While this was little more than amusing speculation, the
question reects the eectiveness with which GRC soware has extended its reach into customer
organizations and the extent o potential growth that remains. And while its unlikely that the
average GRC implementation will reach the scope and scale o the average ERP implementation any
time soon, several trends point to GRC sowares increasing importance and expanding corporate
presence:
1. GRC metrics are increasingly seen as key indicators o business perormance and stability.
At a steady pace, stakeholders including regulators, rating agencies, business partners, and
investors have been asking or more and more intimate details about the risk and compliance
posture o the companies with which they associate. Internally, dierent unctions within these
businesses are using risk and compliance data more oen to evaluate the status o third-partyrelationships, process quality, and other aspects o business or which perormance can be
measured. In a survey o 121 reerence customers supplied by vendors or this Forrester Wave
evaluation, respondents reported using their GRC system to track metrics such as project
tness, process efciency opportunities, and board approval o the direction o travel.
2. GRC customers are continuously nding new use cases or the soware they license. Users
o GRC soware are responsible or almost as much innovation as the GRC soware vendors
themselves. Applying standard capabilities such as risk and control documentation, policy
management, workow, and reporting, customers are molding their GRC platorms to support
a variety o relevant domains. Beyond the 18 core GRC unctions we asked about in our
survey, customer reerences reported supporting other unctions such as the management o
consultant activities, enterprise process catalogs, and afliate oversight.
3. GRC vendors are ocusing more on their underlying platorm technology. o meet the
increasingly diverse demands o GRC clients, vendors are actually beginning to shi away rom
packaged applications. Now theyre ocusing much more o their eorts on delivering platorms
that customers can recongure and adjust to meet their needs. For that reason, this Forrester
Wave evaluates capabilities such as workow exibility, user interace exibility, data model
extensibility, and ability to support new and changing market requirements.
Te GRC Vendor landscape is Acta Grong More DverseConsidering its nearing the decade mark in its evolution, the GRC market dees the logic o vendor
consolidation and unctional standardization that we might expect. Although there have been
signicant acquisitions, they have mainly taken the acquired vendor products in dierent directions:
more ocused on I inrastructure (e.g., RSA Archer), regulatory content (e.g., Tomson Reuters
Paisley), or business analytics (e.g., IBM OpenPages). In addition, vendors rom relevant market
8/2/2019 ForresterWave Enterprise GRC Platforms Q4 2011
4/16
2011, Frrester Research, inc. Reprdctn Prhted Nemer 30, 2011
The Frrester Wae: Enterprse Gernance, Rsk, And Cmpance Patfrms, Q4 2011
Fr Secrt & Rsk Prfessnas
3
segments such as environmental risk and compliance, hotline and case management, inormation
security, and business process management continue to reach or GRC market ootholds in order to
take advantage o still untapped potential.
iT GRC And Enterprse GRC Are Mc Coser Bt St Separate Markets
Forrester continues to eld inquiries rom organizations interested in adopting a single GRC
platorm to manage risk and compliance eorts related to I and enterprise domains. For many o
them, there are viable solutions vendors historically ocused on enterprise GRC are supporting
content like the Unied Compliance Framework and oering integration capabilities with security
and I management applications, while vendors historically ocused on the I GRC market are
oering more enterprise-relevant content and delivering more product exibility to support
enterprise GRC unctions.
However, even as the vendors demonstrate better capabilities and more implementations, the vastmajority o vendor selection projects lean one direction or the other reecting the still substantial
gap that exists in most organizations between the I and enterprise GRC unctions. Based on
this distinction, Forrester conducted two simultaneous GRC platorm Wave evaluations: one or
enterprise and one or I.
Tere are minor modications in the criteria or these two Waves. For example, the enterprise GRC
Wave evaluates audit management instead o asset management capabilities, and many o the criteria
have more demanding score requirements to reect the greater maturity o that market.
ENTERPRiSE GRC PlATFORM EVAluATiON OVERViEwo assess the state o the enterprise GRC platorm market and determine how the vendors stack up
against each other, Forrester conducted a rigorous evaluation o top vendors in the space.
Te Evaaton Focsed On Breadt And Dept O Capabtes And Sondness O Strateg
Aer considering past research, user needs, requests or proposals, and vendor and expert input,
Forrester developed a comprehensive set o 59 evaluation criteria, which we grouped into three
high-level categories:
Current ofering. Each vendors position on the vertical axis o the Forrester Wave graphic
indicates the strength o its current GRC product oering. Te sets o capabilities evaluated inthis category are: content management, risk and control management, workow management,
GRC management and analytics, support or I GRC, support or audit management, GRC
domain support, technical unctionality, and client reerence scores.
Strategy. A vendors position on the horizontal axis indicates the strength o its GRC strategy,with specic criteria including company vision and strategy, product vision and strategy, and
support or governance, risk, and compliance proessionals.
8/2/2019 ForresterWave Enterprise GRC Platforms Q4 2011
5/16
2011, Frrester Research, inc. Reprdctn PrhtedNemer 30, 2011
The Frrester Wae: Enterprse Gernance, Rsk, And Cmpance Patfrms, Q4 2011
Fr Secrt & Rsk Prfessnas
4
Market presence. Te size o the vendors bubble on the chart indicates its market presence,which Forrester measured based on the companys nancial viability, customer base, sta size,
partnerships, and global presence.
Evaated Vendors Demonstrated Te largest Market Presence And Compettve Sccess
Forrester included 13 vendors in the assessment: ARC Logics, BWise, Compliance 360, Enablon,
IBM OpenPages, Mega, Methodware, MetricStream, Protiviti, RSA Archer, SAP, SAS, and Tomson
Reuters. Each o these vendors has (see Figure 1):
Broad GRC capabilities or enterprise risk and compliance proessionals. All vendors in thisevaluation have the capabilities to meet the broad requirements o enterprise governance, risk,
and compliance proessionals.
More than 150 licensed customers using the vendors GRC solution. All o the evaluatedvendors reported more than 150 GRC customers, provided examples o customers using
the platorm or multiple unctions o enterprise GRC, and submitted at least ve customer
reerences to participate in the Forrester Wave customer survey.
A signicant level o interest rom Forrester clients. All o the evaluated vendors haveestablished themselves as relevant GRC competitors, and they continue to show up in requests
or proposal, Forrester customers inquiries, and other competitive situations.
8/2/2019 ForresterWave Enterprise GRC Platforms Q4 2011
6/16
2011, Frrester Research, inc. Reprdctn Prhted Nemer 30, 2011
The Frrester Wae: Enterprse Gernance, Rsk, And Cmpance Patfrms, Q4 2011
Fr Secrt & Rsk Prfessnas
5
Fgre 1 Eaated vendrs: Prdct infrmatn And Seectn Crtera
Source: Forrester Research, Inc.
Vendor
ARC Logics
BWise
Compliance 360
Enablon
IBM OpenPages
Mega
Methodware
MetricStream
Protiviti
RSA Archer
SAP
SAS
Thomson Reuters
Product evaluated
ARC Logics
BWise
Compliance 360
Enablon GRC Suite
IBM OpenPages Platform
Mega Suite for GRC
ERA Kairos
MetricStream GRC Platform
Governance Portal
RSA Archer eGRC Platform
SAP BusinessObjects Process Control and SAPBusinessObjects Risk Management
SAS Enterprise GRC
Thomson Reuters Accelus Enterprise GRC
Product version
evaluated
R1-2011
v4.1.2
v20.11
v6.0
v6.01
v3.3
v8.0
v6.0
v3.10
v5.0.6
v10.0
v4.3
v4.3
Vendor selection criteria
Broad GRC capabilities for enterprise risk and compliance professionals. All vendors in thisevaluation have the capabilities to meet the broad requirements of enterprise governance, risk, andcompliance professionals.
More than 150 licensed customers using the vendors GRC solution. All of the evaluated vendorsreported more than 150 GRC customers, provided examples of customers using the platform for multiplefunctions of enterprise GRC, and submitted at least ve customer references to participate in the ForresterWave customer survey.
Signicant thought leadership and mindshare. All of the evaluated vendors have establishedthemselves as relevant GRC competitors, and they continue to show up in requests for proposal, Forrestercustomers inquiries, and other competitive situations.
March 2011
December 2010
April 2011
January 2011
January 2011
December 2010
March 2011
March 2010
April 2011
December 2010
December 2010
December 2010
June 2011
Version
release date
8/2/2019 ForresterWave Enterprise GRC Platforms Q4 2011
7/16
2011, Frrester Research, inc. Reprdctn PrhtedNemer 30, 2011
The Frrester Wae: Enterprse Gernance, Rsk, And Cmpance Patfrms, Q4 2011
Fr Secrt & Rsk Prfessnas
6
EVAluATiON ANAlySiS
Te evaluation uncovered a market in which (see Figure 2):
BWise, MetricStream, IBM OpenPages, and RSA Archer are Leaders. Tese vendors continueto push orward aggressively with product development and strong go-to-market strategies.
Tey demonstrate a strong vision o the value GRC oers to customer organizations, which is
helping them extend their platorms in unique ways not emulated by other leaders or other top
competitors in the GRC market.
Eight vendors are Strong Perormers. Tey are ARC Logics, Compliance 360, Mega,Methodware, Protiviti, SAP, SAS, and Tomson Reuters. Tese vendors represent an extremely
diverse mix o company size, background, and length o time competing in the GRC space. All
o them are relevant to a number o dierent GRC unctions, and in many cases, they are top
competitors in several key GRC areas.
Enablon is a Contender. Enablon is one o the newest competitors in the GRC platormmarket, but with a solid background in sustainability and environmental risk and compliance
management, the vendor has the core elements needed to be competitive in the GRC space.
Tis evaluation o the enterprise GRC platorm market is intended to be a starting point only. We
encourage readers to view detailed product evaluations and adapt the criteria weightings to t their
individual needs through the Forrester Wave Excel-based vendor comparison tool.
8/2/2019 ForresterWave Enterprise GRC Platforms Q4 2011
8/16
2011, Frrester Research, inc. Reprdctn Prhted Nemer 30, 2011
The Frrester Wae: Enterprse Gernance, Rsk, And Cmpance Patfrms, Q4 2011
Fr Secrt & Rsk Prfessnas
7
Fgre 2 Frrester Wae: Enterprse GRC Patfrms, Q4 11
Source: Forrester Research, Inc.
Go online to download
the Forrester Wave tool
for more detailed product
evaluations, feature
comparisons, and
customizable rankings.
Risky
Bets Contenders Leaders
Strong
Performers
StrategyWeak Strong
Current
oering
Weak
Strong
Market presence
Mega
Methodware
Enablon
BWiseRSA Archer
SAPOpenPages
Thomson Reuters
SAS
ARC Logics
MetricStream
Protiviti
Compliance 360
8/2/2019 ForresterWave Enterprise GRC Platforms Q4 2011
9/16
2011, Frrester Research, inc. Reprdctn PrhtedNemer 30, 2011
The Frrester Wae: Enterprse Gernance, Rsk, And Cmpance Patfrms, Q4 2011
Fr Secrt & Rsk Prfessnas
8
Fgre 2 Frrester Wae: Enterprse GRC Patfrms, Q4 11 (Cnt.)
Source: Forrester Research, Inc.
CURRENT OFFERING
Content management
Risk and control management
Workow management
GRC management and analytics
Support for IT risk and compliance
Support for audit management
GRC domain support
Technical functionalityCustomer references
STRATEGY
Company vision and strategy
Product vision and strategy
Support for GRC roles
MARKET PRESENCE
Financial viability
Customer base
Sta size
PartnershipsGlobal presence
Forresters
Weighting
50%
15%
15%
10%
15%
5%
5%
5%
10%20%
50%
35%
35%
30%
0%
30%
25%
15%
15%15%
ARCLogics
2.86
4.25
2.40
2.50
1.25
3.40
3.80
3.50
2.503.20
3.01
2.85
2.75
3.50
3.73
4.15
4.40
2.30
3.003.90
BWise
4.19
3.90
5.00
4.00
4.75
3.40
3.35
4.00
4.203.90
4.41
4.40
4.55
4.25
2.88
2.65
3.70
2.35
3.002.40
Compliance
360
3.21
3.45
2.55
2.50
2.75
2.20
3.60
4.00
3.404.10
3.40
3.55
3.60
3.00
2.02
2.15
2.30
1.65
3.000.70
Enablon
2.59
2.65
2.55
2.50
2.50
1.00
2.65
3.00
2.303.10
2.32
2.45
2.45
2.00
3.17
2.65
3.30
4.00
3.003.30
Mega
3.73
3.25
4.40
3.00
4.50
2.20
3.95
3.00
3.504.00
3.28
3.85
2.95
3.00
3.19
2.30
2.90
4.10
5.002.70
Methodware
2.99
2.35
3.00
3.50
4.00
1.00
2.65
2.50
2.703.30
3.84
4.25
4.15
3.00
3.23
2.70
3.20
2.30
5.003.50
All scores are based on a scale of 0 (weak) to 5 (strong).
IBMO
penPages
3.76
3.90
4.40
4.00
4.00
3.40
2.65
3.50
3.803.30
4.46
4.70
4.40
4.25
3.36
3.80
2.70
4.00
3.003.30
8/2/2019 ForresterWave Enterprise GRC Platforms Q4 2011
10/16
2011, Frrester Research, inc. Reprdctn Prhted Nemer 30, 2011
The Frrester Wae: Enterprse Gernance, Rsk, And Cmpance Patfrms, Q4 2011
Fr Secrt & Rsk Prfessnas
9
Fgre 2 Frrester Wae: Enterprse GRC Patfrms, Q4 11 (Cnt.)
Source: Forrester Research, Inc.
CURRENT OFFERING
Content management
Risk and control management
Workow management
GRC management and analytics
Support for IT risk and compliance
Support for audit management
GRC domain support
Technical functionality
Customer references
STRATEGY
Company vision and strategy
Product vision and strategy
Support for GRC roles
MARKET PRESENCE
Financial viability
Customer base
Sta size
Partnerships
Global presence
Forresters
Weighting
50%
15%
15%
10%
15%
5%
5%
5%
10%
20%
50%
35%
35%
30%
0%
30%
25%
15%
15%
15%
Protiviti
3.19
3.00
3.00
3.00
3.50
2.20
4.65
3.50
2.10
3.70
3.29
3.45
3.15
3.25
2.74
2.70
2.00
3.10
3.00
3.40
RSAArche
r
3.85
3.95
3.30
4.50
2.50
5.00
2.90
5.00
4.70
4.10
3.83
4.55
3.40
3.50
4.26
5.00
4.20
4.70
5.00
1.70
SAP
3.15
2.80
3.60
2.50
4.25
3.00
2.75
2.00
2.30
3.40
3.17
3.60
3.10
2.75
4.07
3.45
3.80
4.70
5.00
4.20
SAS
2.75
2.80
3.60
2.00
4.25
1.20
1.00
2.00
2.20
2.60
2.60
1.85
3.00
3.00
3.43
3.70
2.30
4.30
3.00
4.30
Thomson
Reuters
3.33
2.80
3.65
3.50
3.50
2.20
4.65
3.00
3.30
3.30
3.58
3.30
3.70
3.75
3.85
3.80
4.70
4.00
3.00
3.20
All scores are based on a scale of 0 (weak) to 5 (strong).
MetricStre
am
4.13
4.40
4.40
5.00
3.00
5.00
4.30
4.50
4.50
3.60
4.25
4.45
4.25
4.00
3.34
3.15
2.90
4.65
3.00
3.50
VENDOR PROFilES
Te leaders Are Extendng Te Bondares O ho GRC Brngs Vae
BWise. BWise continues to demonstrate why it has consistently been one o the strongestvendors in the GRC market, displaying a robust platorm with a range o new product eatures
since our previous evaluation. BWise scored a 5.00 across all our risk and control management
subcriteria, displaying exible and customizable risk and control measurement eatures, the
ability or users to map business processes to relevant risk and compliance objects, and new
continuous control monitoring eatures that separate the product rom other traditional GRC
competitors. BWise nds itsel competing now against much larger companies that have entered
the GRC space through acquisition. Te Netherlands-based vendor still earned a top score or
its sustainability o competitive advantage, however, because its vision, ocus, and ability to
innovate are among the best in the industry.
8/2/2019 ForresterWave Enterprise GRC Platforms Q4 2011
11/16
2011, Frrester Research, inc. Reprdctn PrhtedNemer 30, 2011
The Frrester Wae: Enterprse Gernance, Rsk, And Cmpance Patfrms, Q4 2011
Fr Secrt & Rsk Prfessnas
10
MetricStream. MetricStreams breadth o capabilities and product exibility have helped itsolidiy its position as a GRC Leader. Te companys go-to-market strategy has always been
among the most aggressive in the GRC space, and this approach continues to pay o as it brings
aboard new clients representing a wide range o vertical and unctional needs. MetricStream
scored extremely well in the content management and risk and control management elds
o our evaluation, due to strong document management and collaboration eatures as well
as congurability in support o dierent risk methodologies. Te companys product road
map includes improvements to the platorms underlying unctionality, exibility, integration
capabilities, and content, and its go-to-market strategy includes several elements unique among
its top competitors.
IBM OpenPages. Te OpenPages platorm remains one o the most consistently strongenterprise GRC platorms on the market today. Te companys vision is to enable senior
management to make strategic risk and reward decisions to improve business perormanceand reduce exposure to risks and loss on investments. Te OpenPages platorms GRC
management and analytics eatures are just one example o where this mission will play out.
Te product continues to leverage IBM Cognos powerul reporting capabilities with report
templates and dashboards that users can congure and share in numerous platorms such as
mobile devices or embedded enterprise business applications. With the addition o IBMs other
analytics technologies, the platorm will oer increasingly more support or governance, risk,
and compliance executives. While it may take some time to ully integrate with other IBM
technology, OpenPages is in a strong position to maintain and grow its long-running leadership.
RSA Archer. Te acquisition by EMC RSA gave a strong boost to Archers already considerablemomentum. With solid technical unctionality and a satised customer base, Archer madethe leap into the Leaders category in this years evaluation. Te companys platorm is highly
congurable with an intuitive and easy-to-navigate interace, and its ability to acilitate
customer-led development sets it apart rom competitors. Te RSA acquisition gave Archer
greater access to a number o I security and data governance technologies, and while these
opportunities will likely lead to less overall ocus on enterprise GRC domains, the companys
ability to compete in the overall GRC market should continue to increase. Look or RSA Archer
to more heavily leverage the Archer Community to oster collaboration among customers and
employees, while it also works to enhance international and localized capabilities.
Te Strong Perormers So Great Fnctonat And impressve Cstomer Sccesses Mega. Mega continues its steady climb up the ladder toward the top echelon o GRC venders, just
slightly missing the Leader category in this evaluation. Te companys GRC has excellent risk and
control management capabilities, and its GRC management and analytics unctionality is among
the best. Megas vision o the market centers on the correlation between holistic GRC programs
and enterprise architecture (EA) maturity, and the company has made great strides integrating its
GRC platorm with its leading EA and business process analysis (BPA) technologies. Megas
8/2/2019 ForresterWave Enterprise GRC Platforms Q4 2011
12/16
2011, Frrester Research, inc. Reprdctn Prhted Nemer 30, 2011
The Frrester Wae: Enterprse Gernance, Rsk, And Cmpance Patfrms, Q4 2011
Fr Secrt & Rsk Prfessnas
11
success may depend on its ability to bring customers along with this vision, but early use cases
and customer eedback predict this will happen. Mega outlines a detailed product road map with
plans to strengthen risk quantication, assessment consolidation, and document management
capabilities, all o which are expected to improve the companys ability to compete.
Tomson Reuters. Tomson Reuters oers one o the premier audit management platorms inthe enterprise GRC market, and the companys GRC oerings continue to show good depth. A
perennial leader o the GRC market since beore the market had a name, some may be surprised
to see it all short o this category in this evaluation. Tis can largely be explained by Tomsons
current ocus on acquiring top risk and compliance vendors and joining them in what could
ultimately be combined content and unctionality oerings unmatched in the GRC market. Te
ability to integrate these oerings will determine how long beore it can achieve this potential.
Methodware. Although Methodware has been ocused primarily on small and medium-sizeenterprises as its target market up to this point, its currently shiing its strategy and technical
capabilities to target larger companies and contracts. With the rollout o the new ERA Kairos
platorm and its stable relationship with its parent company, Jade Soware, Methodware is
able to better serve its current client base while also enhancing the product to oer a scalable,
exible platorm or very large implementations. Partnerships remain a key to the vendor,
and its ar ahead o almost all competitors in the global diversity o its customers. In the near
uture, Methodware plans to ocus its R&D on user experience, perormance, and urther
enhancements to the platorms underlying unctionality.
Compliance 360. By successully targeting healthcare and insurance organizations, Compliance
360 has been a long-standing, protable player in the GRC space since 2004. AlthoughCompliance 360 doesnt oer the same breadth o capabilities as some o the other enterprise
GRC vendors, it is able to provide specic depth and unctionality in the elds important to
its clients, most notably content management. Compliance 360 earned the highest customer
satisaction scores in our evaluation, including top marks or vendor relationship. Te
companys product road map will ocus on enhanced audit management eatures and look to
implement more advanced analytics.
Protiviti. Protiviti oers a unique perspective in the enterprise GRC market with its strongconsulting background, delivering especially impressive technical capabilities in risk and control
management and audit management. Te company also continues to innovate and develop
new content-based oerings or its Governance Portal product, which is capable o addressing
a variety o GRC requirements or customers. Protiviti oers a dierentiating value to clients
through its combination o risk management expertise and an increasingly competitive GRC
platorm. Protiviti will continue to build on its core audit, risk, and control management
strengths while working on urther integration with external and internal systems, including
working with partners to deliver regulatory compliance content.
8/2/2019 ForresterWave Enterprise GRC Platforms Q4 2011
13/16
2011, Frrester Research, inc. Reprdctn PrhtedNemer 30, 2011
The Frrester Wae: Enterprse Gernance, Rsk, And Cmpance Patfrms, Q4 2011
Fr Secrt & Rsk Prfessnas
12
SAP. SAP emphasizes the value o automation and cost reduction to bring its growing GRCcapabilities to its large customer base and beyond. SAP has demonstrated strong commitment
to GRC, dedicating substantial resources to support sales, marketing, development, and
implementations. SAP oers sophisticated risk and compliance reporting and scenario
modeling eatures, and the companys BusinessObjects technology gives it a substantial
advantage. SAP plans to enhance the delivery o risk and compliance and adopt a broader set
o automated controls and analytics to remain true to its core vision o cost reduction through
automation. As long as SAPs commitment to GRC solutions remains steady, it should continue
to strengthen its ability to compete in the market.
ARC Logics. Wolters Kluwer has assembled a long list o GRC oerings into its ARC Logicsbusiness through a number o acquisitions. Among these acquired products, the business
currently markets its heavyweight eamMate suite o audit management products along with
Axentis, a SaaS GRC platorm boasting some o the largest implementations across verticals,including pharmaceuticals and healthcare. ARC Logics vision is to help clients maximize the
eectiveness and efciency o their audit, risk, and compliance programs. Its uture position in
the market will hinge on how well its able to integrate these and several other product vendor
acquisitions in order to complement Wolters Kluwers deep library o legal and regulatory
content and services.
SAS. SAS aims to enable customers to make better business decisions and reduce risks to helpstrengthen overall corporate value. Te companys advanced analytics are among the best in
the industry, giving customers risk modeling, scenario analysis, and other highly complex
capabilities unmatched by other GRC competitors. Te company has invested substantial
resources to build a GRC platorm that can integrate with a wide range o other SAS products,giving existing customers a wide range o additional oerings. As SAS is still an early entrant
into the enterprise GRC market, its too difcult to predict how well it will be able to compete
with some o the more seasoned players in the long term; however, the company has a solid
vision and strategy to take advantage o uture opportunities.
Te Contender has Te Capabtes And Fexbt To Caenge Seasoned Compettors
Enablon. Despite its relatively recent entrance into the GRC market, Enablon continues to gaintraction. Enablon has a strong background in sustainability and environmental management,
and the company is successully translating these capabilities to address broader GRC needs.
Although the company doesnt have a well-known brand in the enterprise GRC market yet,strong execution o its vision and strategy o enabling governance throughout customer
organizations will likely help Enablon extend its GRC market presence over the next ew years.
8/2/2019 ForresterWave Enterprise GRC Platforms Q4 2011
14/16
2011, Frrester Research, inc. Reprdctn Prhted Nemer 30, 2011
The Frrester Wae: Enterprse Gernance, Rsk, And Cmpance Patfrms, Q4 2011
Fr Secrt & Rsk Prfessnas
13
NOTEwORThy SPECiAliSTS
One o the most difcult aspects o the GRC Wave was to narrow the list o participating vendors.
Tere are dozens o other vendors with GRC platorm capabilities that are also relevant to the
space and may be worth consideration depending on customer requirements. Examples include
Active Risk ormerly Strategic Tought Group or sophisticated project and operational risk
programs, Cura Soware or enterprise risk and controls management, and Qumas or quality and
compliance management.1 Each o these vendors has ared well in previous Forrester GRC Waves
and are still important to the market. Oracle is also a relevant vendor with a suite o GRC products,
but once again the company declined to submit them or evaluation in the Forrester Wave.
SuPPlEMENTAl MATERiAl
Onne Resorce
Te online version o Figure 2 is an Excel-based vendor comparison tool that provides detailedproduct evaluations and customizable rankings.
Data Sorces used in Ts Forrester wave
Forrester used a combination o two data sources to assess the strengths and weaknesses o each
solution:
Vendor surveys. Forrester surveyed vendors on their capabilities as they relate to theevaluation criteria. Once we analyzed the completed vendor surveys, we compiled the results to
supplement our analysis.
Product demos. We asked vendors to conduct demonstrations o their products unctionality. Weused ndings rom these product demos to validate details o each vendors product capabilities.
Te Forrester wave Metodoog
We conduct primary research to develop a list o vendors that meet our criteria to be evaluated
in this market. From that initial pool o vendors, we then narrow our nal list. We choose these
vendors based on: 1) product t; 2) customer success; and 3) Forrester client demand. We eliminate
vendors that have limited customer reerences and products that dont t the scope o our evaluation.
Aer examining past research, user need assessments, and vendor and expert interviews, we develop
the initial evaluation criteria. o evaluate the vendors and their products against our set o criteria, we
gather details o product qualications through a combination o lab evaluations, questionnaires,
demos, and/or discussions with client reerences. We send evaluations to the vendors or their review,
and we adjust the evaluations to provide the most accurate view o vendor oerings and strategies.
8/2/2019 ForresterWave Enterprise GRC Platforms Q4 2011
15/16
2011, Frrester Research, inc. Reprdctn PrhtedNemer 30, 2011
The Frrester Wae: Enterprse Gernance, Rsk, And Cmpance Patfrms, Q4 2011
Fr Secrt & Rsk Prfessnas
14
We set deault weightings to reect our analysis o the needs o large user companies and/or
other scenarios as outlined in the Forrester Wave document and then score the vendors based
on a clearly dened scale. Tese deault weightings are intended only as a starting point, and we
encourage readers to adapt the weightings to t their individual needs through the Excel-basedtool. Te nal scores generate the graphical depiction o the market based on current oering,
strategy, and market presence. Forrester intends to update vendor evaluations regularly as product
capabilities and vendor strategies evolve.
ENDNOTES
1 With so many vendors bearing such little resemblance to each other, the market or GRC soware dees
logic. Vendors rom diverse backgrounds began coming head-to-head with each other to compete or
lucrative Sarbanes-Oxley compliance deals eight years ago, but as that market tapered o, the vendors have
started to diverge once again. O the roughly 20 most competitive GRC vendors, the specialized nature o
their core competencies means that each vendor has only three to our primary competitors that they come
up against on a regular basis. See the November 9, 2010, Market Overview: GRC Platorms report.
http://www.forrester.com/go?docid=57318&src=57692pdfhttp://www.forrester.com/go?docid=57318&src=57692pdf8/2/2019 ForresterWave Enterprise GRC Platforms Q4 2011
16/16
Forrester Research, Inc. (Nasdaq: FORR)
is an independent research company
that provides pragmatic and orward-
thinking advice to global leaders in
business and technology. Forrester
works with proessionals in 19 key roles
at major companies providing
proprietary research, customer insight,
consulting, events, and peer-to-peerexecutive programs. For more than 28
years, Forrester has been making IT,
marketing, and technology industry
leaders successul every day. For more
inormation, visit www.orrester.com.
Headquarters
Forrester Research, Inc.
60 Acorn Park Drive
Cambridge, MA 02140 USA
Tel: +1 617.613.6000
Fax: +1 617.613.5000
Email: [email protected]
Nasdaq symbol: FORR
www.orrester.com
M a k n g l e a d e r s S c c e s s f E e r D a
For inormation on hard-copy or electronic reprints, please contact Client Support
at +1 866.367.7378, +1 617.613.5730, or [email protected].
We oer quantity discounts and special pricing or academic and nonprot institutions.
Research and Sales Ofces
Forrester has research centers and sales ofces in more than 27 cities
internationally, including Amsterdam, Netherlands; Beijing, China;
Cambridge, Mass.; Dallas, Texas; Dubai, United Arab Emirates; Frankurt,
Germany; London, UK; New Delhi, India; San Francisco, Cali.; Sydney,
Australia; Tel Aviv, Israel; and Toronto, Canada.
For the location o the Forrester ofce nearest you, please visit:
www.orrester.com/locations.
mailto:[email protected]:[email protected]://www.forrester.com/