GRC vs. IRM – Is There a Difference?
Those of you who follow GRC pundit Michael Rasmussen may have seen his recent post on the “IRM Emperor (Gartner) Has No Clothes.” In it, Rasmussen lays out his issues with the latest Gartner Integrated Risk Management (IRM) Magic Quadrant release and encourages organizations to be cautious and skeptical of Gartner’s results.
His issues with the latest magic quadrant? They include questions such as:
- Why is Gartner changing the terms from GRC to IRM? After all, what’s wrong with GRC?
- Can Gartner make the hard calls, or do they just relay information provided by the vendor?
- Does Gartner thoroughly, objectively and transparently review each vendor?
While you can always hop over and read his full post, I wanted to add my own perspective to this conversation. While I understand and respect Michael’s point of view (and knowledgeable insight) on the topics at hand, there are a few comments I wanted to address.
Here’s Where We Agree – and Where We Differ
1 – Questionable MQ Placements
Are there some questionable placements on the Magic Quadrant? Yes, we tend to agree. But hey, we know how difficult it is for companies to get placed on the MQ at all, so hats off to anyone who made the list. After all, not just any company can make it.
2 – Our Placement in the Quadrant
Whilst Michael doesn’t comment on Mitratech’s placement, we completely agree with how Gartner positioned our company, as well as their commentary surrounding our strengths – and weaknesses – in the space. Mitratech was named a visionary for a reason, and I firmly believe our vision will make us leaders in Integrated Risk Management.
3 – The Emphasis on ELM
Was Gartner wrong to place so much emphasis on Enterprise Legal Management within the MQ? I understand Michael’s point of view on ELM having a lot of emphasis, especially in comparison to Environmental Health and Safety. However, in our view, ELM absolutely deserves a seat at the table. Our willingness to embrace this is part of why we were named “visionaries” in the first place.
The integration of these two spaces are a part of who we are at Mitratech, what we do, and how we envision serving our clients. Not to mention how we see the space evolving over the coming years.
4 – The Omission of EHS
It seems a little odd to remove Environmental Health and Safety (EHS), as Michael suggests in his post. After all, EHS is on GRC Requests For Proposals more frequently than ELM. But on the counter side of the equation, we’ve personally witnessed an increasing incidence of GRC being mentioned in ELM requests.
Our conclusion then? ELM and GRC are becoming more intertwined over time.
Ultimately, love it or hate it, making it onto Gartner’s list is an achievement in and of itself, so we raise a glass to everyone included in sincere, competitive congratulation. While we often utilize Michael’s experience and value his insights, to play with Michael’s phrase a bit we are all truly the “emperors” of our industry.
And our own vision? To continue to drive success for both our clients and ourselves, whether it’s in GRC, IRM or some future combination of the two.
Looking for more content about Gartner’s latest IRM Magic Quadrant? Here are some resources you might enjoy: