Cuadrante Mágico It Governance
Páginas: 49 (12026 palabras)
Publicado: 22 de enero de 2013
08/10/12
Magic Quadrant for Enterprise Governance, Risk and Compliance Platforms
Magic Quadrant for Enterprise Governance, Risk and Compliance Platforms
4 October 2012 ID:G00226167 Analyst(s): French C aldwell, John A. Wheeler
VIEW SUMMARY The enterprise governance, risk and compliance platform market has matured to a strategic focus on enterprise risk management. Many vendors arelooking toward the next market phase, which includes adding or integrating with business analytics and scorecarding capabilities.
Market Definition/Description
Governance, risk and compliance (GRC) as a marketplace can be broadly divided between GRC management (GRCM) products for the oversight and operation of risk management and compliance programs, and other GRC products for the automation andmonitoring of controls. For a comprehensive description of the GRC marketplace, see "A Comparison Model for the GRC Marketplace, 2011 to 2013," which addresses the enterprise GRC (EGRC) platform and its relationship to other GRCM markets, such as IT GRCM (see "MarketScope for IT Governance, Risk and Compliance Management"), operational risk management (ORM; see "A Banker's Guide to Credit, Marketand Operational Risk Management Software Functionality") and financial governance (see "Q&A: Current Issues in Financial Governance"). Each of these markets demands some of the functionality that is inherent in the EGRC platform. Instead of acquiring separate solutions for finance, IT and other business units, many enterprises are choosing to use a single EGRC platform and, when necessary,integrating the many point and functional solutions to satisfy specific GRC needs. Reporting and managing through a single platform potentially give executives, auditors and managers a holistic view of the enterprise's risk and compliance postures, as well as views sorted by requirement, entity and geography. As the EGRC platform market continues to mature, some vendors are seeking to meet these newdemands through a single, tightly integrated platform, while others are adopting a plug-and-play strategy, where customers can grow into the solution through the successful implementation of separate, but integrated modules. The primary purpose of the EGRC platform is to automate much of the work associated with the documentation and reporting of the risk management and compliance activities that aremost closely associated with corporate governance and strategic business objectives. The primary end users include internal auditors and the audit committee, risk and compliance managers, legal professionals, and accountable executives. The key functions of importance to these groups are: Risk management: Supports risk management professionals with the documentation, workflow, assessment andanalysis, reporting, visualization and remediation of risks. This component focuses on general ORM; however, it may collect data from specialized risk analytics tools to provide a consolidated view of ERM. Many industry-specific risk management requirements may not be supported. For example, many banks require highly specialized capabilities for Basel II compliance. Only a few EGRC platform vendorssupport the ORM needs of banking, and most vendors prefer to integrate the platform with specialized solutions from other vendors. Audit management: Supports internal auditors in managing work papers, and scheduling audit-related tasks, time management and reporting. Compliance and policy management: Supports compliance professionals with the documentation, workflow, reporting and visualization ofcontrols objectives, controls and associated risks, surveys and self-assessments, attestation, testing, and remediation. At a minimum, compliance management will include financial reporting compliance (SarbanesOxley [SOX] compliance), and also support other types of compliance, such as ISO 9000, Payment Card Industry, industry-specific regulations, SLAs, trading partner requirements and compliance...
Magic Quadrant for Enterprise Governance, Risk and Compliance Platforms
Magic Quadrant for Enterprise Governance, Risk and Compliance Platforms
4 October 2012 ID:G00226167 Analyst(s): French C aldwell, John A. Wheeler
VIEW SUMMARY The enterprise governance, risk and compliance platform market has matured to a strategic focus on enterprise risk management. Many vendors arelooking toward the next market phase, which includes adding or integrating with business analytics and scorecarding capabilities.
Market Definition/Description
Governance, risk and compliance (GRC) as a marketplace can be broadly divided between GRC management (GRCM) products for the oversight and operation of risk management and compliance programs, and other GRC products for the automation andmonitoring of controls. For a comprehensive description of the GRC marketplace, see "A Comparison Model for the GRC Marketplace, 2011 to 2013," which addresses the enterprise GRC (EGRC) platform and its relationship to other GRCM markets, such as IT GRCM (see "MarketScope for IT Governance, Risk and Compliance Management"), operational risk management (ORM; see "A Banker's Guide to Credit, Marketand Operational Risk Management Software Functionality") and financial governance (see "Q&A: Current Issues in Financial Governance"). Each of these markets demands some of the functionality that is inherent in the EGRC platform. Instead of acquiring separate solutions for finance, IT and other business units, many enterprises are choosing to use a single EGRC platform and, when necessary,integrating the many point and functional solutions to satisfy specific GRC needs. Reporting and managing through a single platform potentially give executives, auditors and managers a holistic view of the enterprise's risk and compliance postures, as well as views sorted by requirement, entity and geography. As the EGRC platform market continues to mature, some vendors are seeking to meet these newdemands through a single, tightly integrated platform, while others are adopting a plug-and-play strategy, where customers can grow into the solution through the successful implementation of separate, but integrated modules. The primary purpose of the EGRC platform is to automate much of the work associated with the documentation and reporting of the risk management and compliance activities that aremost closely associated with corporate governance and strategic business objectives. The primary end users include internal auditors and the audit committee, risk and compliance managers, legal professionals, and accountable executives. The key functions of importance to these groups are: Risk management: Supports risk management professionals with the documentation, workflow, assessment andanalysis, reporting, visualization and remediation of risks. This component focuses on general ORM; however, it may collect data from specialized risk analytics tools to provide a consolidated view of ERM. Many industry-specific risk management requirements may not be supported. For example, many banks require highly specialized capabilities for Basel II compliance. Only a few EGRC platform vendorssupport the ORM needs of banking, and most vendors prefer to integrate the platform with specialized solutions from other vendors. Audit management: Supports internal auditors in managing work papers, and scheduling audit-related tasks, time management and reporting. Compliance and policy management: Supports compliance professionals with the documentation, workflow, reporting and visualization ofcontrols objectives, controls and associated risks, surveys and self-assessments, attestation, testing, and remediation. At a minimum, compliance management will include financial reporting compliance (SarbanesOxley [SOX] compliance), and also support other types of compliance, such as ISO 9000, Payment Card Industry, industry-specific regulations, SLAs, trading partner requirements and compliance...
Leer documento completo
Regístrate para leer el documento completo.