Governance, Risk, and Compliance

In a report dated December 2017, Information Technology analyst Gartner declared that customers were creating a market trend by replacing Governance, Risk, and Compliance (GRC) with Integrated Risk Management (IRM) Systems instead (Market Trends: GRC era is over as clients adopt IRM, Gartner, December 2017). The term “IRM” has been around for many years, but software vendors (and consultants) have stayed with GRC, since the majority of clients purchased tools based on compliance requirements, which focused on controls. Generally speaking, the following capabilities are viewed as being core to IRM:


  • Corporate Compliance and Oversight

  • Operational Risk Management

  • IT Risk Management

  • Business Continuity Management

  • IT Vendor Risk Management

  • Enterprise Legal Management

  • Audit Management


We are starting to see an effort by clients to understand risk in a more integrated fashion, and this is being driven by technology enablement that can now link assets to risks and controls. The advent of this type of platform support is enabling clients to make better risk “aware” decisions instead of relying on a controls-based view of operations. This is one of the overwhelming reasons why Sargon is supporting ServiceNow as a platform: the ability for clients to be risk-intelligent.


2770 Research Drive

Rochester Hills, MI  48309