Answering the Call for Better Governance, Risk, and Compliance Offerings

June, 2022

Enterprise leaders are feeling pressure to ensure transparency and alignment between third-party vendors, regulations, and internal controls, as well as the use of security frameworks to address the complex regulatory and privacy landscape. With the rising cost of IT audits and assurance programs, enterprises are looking to implement governance, risk, and compliance (GRC) tools and platforms that provide standardized frameworks to manage risks. In response, service providers have matured their offerings to support compliance with regulations such as GDPR, HIPAA, and PCI DSS to ensure that companies are aligned to industry standards.

These emerging trends are covered in our Risk and Compliance Services 2022 RadarView™. The report is a comprehensive study of the adoption of risk and compliance services. It includes essential drivers, geographic landscape, and key challenges. It takes a close look at the leaders, innovators, disruptors, and challengers in this market.

Avasant evaluated 28 providers across three dimensions: practice maturity, partner ecosystem, and investments and innovation. Of these, we recognized 20 that brought the most value to the market during the past 12 months.

The report recognizes service providers in four categories:

    • Leaders: Accenture, HCL, Infosys, TCS, and Wipro
    • Innovators: Atos, Capgemini, Cognizant, DXC, Kyndryl, Tech Mahindra, and Telefónica Tech
    • Disruptors: AT&T Cybersecurity, LTI, and Mphasis
    • Challengers: BAE Systems, CGI, Lumen Technologies, Verizon, and Zensar

Figure 1 from the full report illustrates these categories:

MoneyShot Risk and Compliance Services 2022 RadarView 1030x687 - Answering the Call for Better Governance, Risk, and Compliance Offerings

“There is increasing maturity in GRC services, driven by stronger tools and platforms that automate risk management processes and provide control frameworks to manage risks,” said Mark Gaffney, director at Avasant. “These offerings are helping enterprises proactively align with complex and evolving regulations.”

The full report provides a number of findings and recommendations, including the following:

    • In a stringent and ever-evolving regulatory environment, enterprises are increasingly looking for services to identify the gaps in achieving compliance with regulations such as GDPR and CCPA.
    • Enterprises are adopting GRC programs for various use cases such as performing risk assessments of cloud applications, efficiently managing third-party risks, and implementing a predictive, analytics-based risk approach.
    • Service providers are also augmenting their capabilities to act as a catalyst for enterprise adoption. This includes different initiatives like in-house development of GRC tools, partnerships with advanced technology providers, and acquisition of regulatory compliance specialists.
    • Major GRC platform providers are integrating environmental, social, and governance (ESG) parameters in their existing platforms to facilitate compliance with ESG-related regulations.

“Enterprises are considering ESG factors to improve approaches to risk management,” said Avasant’s Associate Research Director Gaurav Dewan. “Integrated GRC and ESG solutions are helping inform C-level executives and provide quantifiable risk data collected across the enterprise to support necessary actions.”

The full report also features detailed profiles of 20 service providers, along with their solutions, offerings, and experience in assisting enterprises for adopting a robust GRC framework.

This Research Byte is a brief overview of the Risk and Compliance Services 2022 RadarView™ (click for pricing).