In some respects, the governance, risk and compliance (GRC) software industry is as healthy as ever. Coming out of a recession, many companies are now prepared to spend more on GRC programs. According to one recent survey, 37 percent of respondents expect their companies to increase GRC budgets within the next 6 to 12 months, as many transition to a more principles-based approach.

The big areas of investment are compliance management; business process management; continuous control monitoring; security; and risk management. Only 4 percent expect their budgets to decline. And yet Business Finance suggests that the industry now faces an identity crisis. "Given that many GRC conversation begin with a definition--as well as the fact that GRC conferences still feature panel discussions on 'what GRC means'--the issue lingers."

There are indeed numerous definitions. But most people seem to be clear on the biases that various analysts and vendors come from. GRC can really be anything to any company. It all depends on what you need. In many ways, GRC is an amoeba; it's shapeless but growing. It boils down to what works for you.

For more:
- here's the item

Related Articles:
How to think about GRC: Software product or a methodology
Thirteen steps to merging compliance frameworks
GRC and ERM, a fine distinction?
Boards lagging on environmental risks, sustainability