Press Release
Business Agility And Resilience Drive Demand For Risk And Compliance Services
Los Angeles, April, 2021
COVID-19 has emphasized the need for regulatory compliance, internal compliance controls, and the use of security frameworks and tools. Meanwhile, the regulatory environment is increasingly complex, particularly for multinational companies, as they struggle to comply with sometimes conflicting regulations across regions. Risks have changed with a growing cloud environment and increasingly diverse IT service portfolio. The need for a strong governance, risk, and compliance (GRC) partner has grown.
These emerging trends are covered in our Risk and Compliance Services 2020-2021 RadarView™ report. The report is a comprehensive study of the industry-wide adoption of risk and compliance services. It includes the essential drivers, geographic landscape, key challenges, and a close look at the leaders, innovators, disruptors, and challengers in this market.
Avasant evaluated 30 providers across three dimensions: practice maturity, partnership ecosystem, and investments and innovation. Of those 30 providers, we recognize 20 as having brought the most value to the market during the past 12 months.
The report recognizes service providers in four categories:
Mark Gaffney, a Director with Avasant, congratulated the winners noting, "As enterprises accelerate cloud adoption, business leaders need to apply security control and compliance measures based on industry standards. Moreover, it calls for a cloud services evaluation process based on all aspects of a company's GRC requirements and policies."
Some of the findings from the full report include the following:
1. All businesses need a robust GRC program.
- Leaders: Accenture, HCL, IBM, TCS, and Wipro
- Innovators: Atos, Cognizant, DXC, Infosys, and Telefonica
- Disruptors: AT&T Cybersecurity, Capgemini, LTI, Mphasis, and Tech Mahindra
- Challengers: CGI, Fujitsu, Lumen Technologies, Trustwave, and Verizon
Mark Gaffney, a Director with Avasant, congratulated the winners noting, "As enterprises accelerate cloud adoption, business leaders need to apply security control and compliance measures based on industry standards. Moreover, it calls for a cloud services evaluation process based on all aspects of a company's GRC requirements and policies."
Some of the findings from the full report include the following:
1. All businesses need a robust GRC program.
- In a stringent and ever-evolving regulatory environment, enterprises are increasingly looking towards tools and platforms-based solutions to solve their GRC requirements. Increased migration to cloud and a lack of consistency and transparency among disparate business units are some other drivers.
- The GRC landscape gets further complicated in global organizations, which operate across multiple borders with additive policies and controls.
- Highly regulated industries such as banking, healthcare and life sciences, and manufacturing must adhere to regulations and operate within the policy frameworks.
- The key factors driving demand for GRC solutions are an increased need to protect consumer data, securing end-to-end processes across enterprises, reducing the cyberattack threat impact, and minimizing the financial impact of regulatory noncompliance.
- Typically, GRC services implementations are championed by the compliance operations team.
- It is important to secure the supply chain and the cloud environment of global organizations. This would require a thorough third-party risk management evaluation.
- Service providers continue to invest in automation capabilities to solve business challenges. Solutions include carrying out quality assurance reviews in a shorter timeframe and streamlining and automating IT recovery processes.
- Many service providers offer Chief Information Security Officer (CISO) support for end-to-end security requirements, from devising a strategy to managing operations and implementation services.