The governance, risk, and compliance (GRC) market is constantly evolving with GRC platforms being the prominent software type companies use for end-to-end compliance. 

To help buyers compare these solutions and choose the best fit, G2 releases 16 reports per season for our GRC categories. This blog highlights the most exciting findings of the Spring 2023 Grid® Report for GRC Platforms that was recently published.

What stands out in the Spring 2023 Grid® Report for GRC Platforms

At first glance, the report shows that the top vendors are well-known products in the market, such as AuditBoard and LogicGate Risk Cloud. Also, the G2 scores of the top products are high, between 70 and 95. The rankings vary slightly for the mid-market segment, while at the enterprise level, Onspring ranked third and Diligent HighBond ranked fifth, even though they are not in the top five overall.

While top product lists provide a high-level overview of total scores, the ranking varies when we look at specific criteria. The second part of the table above shows how the top five products overall aren't necessarily in the top five for all requirements. Furthermore, some products have the maximum score (100%) for some criteria, such as Ease of Admin or Ease of Setup, and didn't make it in the top five, mainly because their other ratings were much lower.

When comparing GRC platforms, top lists are a good start, but you should look for details that further differentiate products. Some of these details that stand out in the Spring 2023 report are related to adoption and return on investment (ROI).

GRC implementation, adoption, and ROI challenges

The report highlights that, on average, GRC platforms buyers only achieve ROI a few months after the contract expires. As shown below, companies using GRC platforms need an average of 5 months to go live, then another 21 months to achieve positive ROI (when the software's benefits exceed the costs). However, the average contract length is only 22 months, meaning you may need to renew to get ROI. Furthermore, if you renew, the cost of the new contract should be included in the ROI calculation, which means that the average time to ROI may be even higher than 22 months.

At the same time, user adoption is relatively low for GRC platforms: 57% overall, which means that only a bit more than one in two users benefit from using the software. 

Is there a correlation between these statistics? It's hard to say, but these data points should raise the following questions:

• Should you sign longer contracts, thus making sure that you achieve ROI before you need to renew? While choosing shorter contracts to save money may be tempting, renewing them will require additional spending.
• Why does it take only five months to go live but five times more to achieve ROI? Five months is insufficient to implement and customize the system and train users properly. A quick (and potentially incomplete) implementation will likely harm adoption.
• Can vendors provide guarantees that you will achieve ROI before the contract expires? Or provide contract extensions when this isn't happening?

All these questions can help you better evaluate and compare GRC platforms and optimize your investment in this type of software. You can also ask vendors to provide information on how they help customers achieve ROI and improve adoption rates.

Planning ahead

What to do next to differentiate between GRC solutions:

• Read the GRC platforms buyer's guide, which provides details on how to select and implement this type of software
• Take a look at the 16 reports for GRC platforms with additional insights by company size, usability, implementation, and support quality
• Compare products on G2 and dive deeper into information such as features, ease of use, ease of setup, or pricing

GRC is too important to take selection decisions lightly. Chances are that you may not achieve ROI before the contract expires, so it's imperative that the selection process is as detailed as possible.

Edited by Jigmee Bhutia