Companies see regulatory changes as the second biggest risk facing global businesses, second only to the economic slowdown, according to a recent survey by insurance brokerage Aon Corp. Reflecting these concerns over new regulations and legislation is the rising profile of governance, risk and compliance (GRC) software, a term applied to products that help companies deal with areas as far ranging as Sarbanes-Oxley compliance, risk management and IT governance.
That breadth of functions can make the category a bit hard to pin down. John Hagerty, a vice president and research fellow at AMR Research, puts total 2008 spending on GRC products at $32.1 billion and estimates there are hundreds of GRC providers. Various GRC products perform such distinct tasks that it's hard to compare them, Hagerty says. "The GRC marketplace is a collection of functions that don't all interact with each other."