Few topics elicit as much debate within a software company as discussion about the product roadmap, particularly features designed to help drive value for the customer in their use of the product. This discussion is active internally, but also extends to the customer base and the market. So when a leading analyst publishes an GRC/IRM market update on highest value future feature interest – such as the IDC Governance, Risk and Compliance Maturity Score Survey published in November – it warrants attention from vendors and practitioners alike.
Several of the most interesting take-aways from the study regarding the most valued future features for GRC include:
1. The importance of a consumer-esque experience
We are all going through the experience of what I call “app-overload” – service providers or vendors we work with nudging us into purpose-built apps. This experience is a strong positive when those apps bear in mind that use of the app may be fleeting and infrequent. In so doing, they create apps that don’t assume a high level of familiarity and present an overall intuitive experience. The IDC study provided strong reinforcement for this as it relates to risk management. More than 90% of leaders called out the “experience for first-line users” as one of the critical elements of a successful GRC platform and program.
2. Risk Casino Royale
If you’ll pardon the play on Monte Carlo, another one of the study’s findings was a steep increase in planned use of Monte Carlo simulation as a means of assessing risk. The raw number of just over 9% currently using this method is notably expecting a nearly 3x jump over the next two years. Similarly, bow tie analysis currently comes in at single digit use but is expected to nearly double over the next two years. I would add that Archer’s experience with bow tie analysis has been that once it is seen and understood, interest and adoption is dramatic. As it turns out, first liners aren’t the only ones seeking a visually appealing way to work.
3. Dialing for dollars
Far and away, the biggest takeaway from the study as it relates to shifts in how organizations analyze risk is the move from matrix-based, red/yellow/green heatmaps towards “Dollar Impact” through full quantitative risk analysis. The heatmaps ranked #1 with 43% current use, but then switched over the next year to quantitative financial impact, jumping from 35% to 44%. This desire for better quantitative financial analysis of risks also aligns with one of the study’s primary characteristics for more mature risk functions, specifically the increased participation of the C-suite and senior management in and around GRC and risk management.
Studies like IDC’s play an important role in helping all participants in the risk management arena (practitioners and vendors) understand the direction of Archer’s peers and customers. This particular study aligns extremely well with several of Archer’s recent innovations. The launch of Archer Engage was a major shift in user experience, geared toward the less-frequent participant in risk management. The launch of Archer Insight brought a full suite of quantitative analysis tools into the portfolio, which we see customers rapidly embracing across the full range of risk domains. Risk quantification is no longer confined to the purposes of helping CISO’s determine their cyber insurance premiums. It is now a tool for better business impact articulation across stakeholders.
We’ve partnered with IDC to deliver a snapshot of these three takeaways highlighted above, as well as other key findings from the study, combined with IDC’s assessment of some of Archer’s new capabilities that address growing and emerging demands. Read the IDC Spotlight paper – and continue to keep an eye on Archer!