|
What You Need to Know
|
|
Enterprise governance, risk management and compliance (GRC) consulting is an early-stage market, with most firms not yet finding market demand for comprehensive top-to-bottom integrated GRC services. In general, risk management practices are the foundational structure for enterprise GRC consulting services. The Big Four consultancies founded risk management practices in the 1990s or earlier. Although most consultancies, with the exception of Deloitte, spun off much of their business consulting arms in the early years of the 21st century, most retained some of their GRC talent and practice and continued to provide this service to their clients. All the firms evaluated have capabilities in all types of GRC-related consulting. This evaluation analyzes the relative capabilities of six global consulting firms to deliver top-down strategic enterprise GRC consulting and their ability to bring an enterprise point of view to any GRC-related consulting — that is, the ability to link GRC activities at whatever level of the enterprise to the improvement of governance and business performance. When evaluating a firm, most enterprises will seek help with a specific GRC-related issue, such as establishing an enterprise risk management (ERM) program, responding to a specific regulatory requirement, or improving the management of internal controls. Rarely will an integrated GRC initiative be the primary reason for engaging a consulting firm for its GRC-related services. However, corporate, finance and IT governance, enterprise, IT and operational risk management, and compliance are all closely related, and none can be engaged without impacting the other; hence, an understanding of those GRC relationships, the ability to help an enterprise manage them, and how to best employ GRC technologies are important elements in selecting a consulting firm for any GRC-related services.
|
|
|
MarketScope
|
|
This MarketScope encompasses consulting services related to enterprise GRC (see Note 1 for our definition of GRC). Enterprise GRC consulting services are the bundle of expert-driven consulting services directed at helping enterprises improve their ability to manage risks and compliance, improve their governance practices, ensure effective controls, and mitigate the impact of regulatory and business uncertainty on performance. Most management consulting firms offer enterprise and IT risk management services, but this MarketScope considers how well those services support business objectives and how well they integrate with compliance requirements and support overall corporate governance. These services are delivered globally for clients with headquarters or operations in major geographic regions in North America, Europe, Latin America, Japan and Asia/Pacific. This research excludes system integration, managed services and outsourcing. Enterprise GRC consulting is an immature market that continues to evolve. In electronic surveys and phone interviews, client references told Gartner that the top five most important factors they looked for when selecting on an enterprise GRC consultant are:
Prior experience or relationship with the provider Overall thought leadership in governance, risk management and compliance Robust methodologies Governance, risk management and compliance expertise "Value for money" of contracted service Technology plays a significant role in GRC services, but the market does not demand strong system integration or business process outsourcing capabilities. Rather, the consultants should be able to assist with the deployment GRC technologies through configuration rather than through customization of solutions, ensuring that clients are getting the most value for money from their GRC technology investments. At this early stage of the market, consulting firms should be able to show that they are investing seriously in GRC services, as well as have an understanding of the relationship of GRC to their clients' business performance. Clients are seeking good guidance, strong methodologies for implementation, and knowledge of local corporate governance codes and regulations; they are also combining business and technology issues. Additionally, in an immature market, especially, at a stage where experienced consultants are few and younger consultants are still building up their experience, it is important for consulting engagement teams to have a good senior/junior consultant balance to assure a complete and long-lasting customer experience.
Market/Market Segment Description This evaluation is a strategic and holistic treatment of enterprise GRC, including strategic, operational, financial and reporting, legal and compliance, and IT and information management components. This document is directed at enterprise-level consulting services that support an integrated approach to the GRC activities described in Gartner's GRC marketplace comparison model
(see "A Comparison Model for the GRC Marketplace, 2008 to 2010";
also, see Note 2 for a discussion on how to avoid conflict of interest when selecting a GRC consulting firm). The following activities are included within GRC advisory services:
Strategy — Development and implementation of GRC strategies and architecture, to include performance improvement through effective governance, supported by ERM and compliance programs Assessment — Consultation on the identification, evaluation and prioritization of GRC needs Response — Consultation on the identification and implementation of mechanisms to address identified GRC needs Communication and reporting — Advice on the best or most-appropriate means to communicate an enterprise's GRC response to stakeholders Monitoring — The identification and implementation of processes that methodically track governance objectives, compliance with policies and decisions that are set through the governance process, risks to those objectives, and the effectiveness of risk mitigation and controls Technology — The design of a GRC technology architecture and the implementation of GRC technologies While organizations can purchase GRC advisory services for a single focus area (such as compliance with the Sarbanes-Oxley Act [SOX]), demand is evolving for holistic, integrated approaches to ERM in support of business performance. Gartner defines ERM as "an integrated, consistent and strategic method to the management of risk." In addition, organizations seek to reduce compliance costs by pursuing a multiregulatory approach to compliance that incorporates myriad government regulations, industry-specific rules and standards compliance into a single cross-enterprise compliance program.
Inclusion and Exclusion Criteria This research evaluates service providers on their project-based global enterprise GRC consulting services. To be included in this research, a service provider should have the following attributes:
Evidence of strategies and methodologies that have been applied in client engagements, including an integrated approach to GRC objectives At least $300 million in annual revenue from enterprise GRC management consulting services At least 30 clients, including five clients that are able to be referenced for enterprise GRC consulting activities Global operations, with a commitment to the enterprise GRC management consulting marketplace as expressed through:
An ability to service clients globally, specifically with market share and clients within three major regions (such as North America, Western Europe, Japan or Asia/Pacific) Having a physical GRC or risk management consulting practice present on-site in more than two major regions (such as North America, Western Europe, Japan and/or Asia/Pacific)
Companies considered for evaluation in this MarketScope were those that acted as advisors and provided implementation services that encompass most or all levels of GRC services, as described above. Providers were evaluated in more detail using a combination of quantitative and qualitative criteria. Note that vendors cannot elect to be excluded from a MarketScope, assuming they meet the inclusion criteria.
Rating for Overall Market/Market Segment Overall Market Rating: Positive The market for enterprise GRC services is driven by board- and senior-executive-level concerns about business uncertainty, including business risks and regulatory compliance. As the global financial crisis transitions to recovery, enterprises are seeking to mitigate the impact of ongoing risks and increasing compliance requirements on business performance and growth objectives. The consulting firms evaluated all have significant capabilities to deliver GRC services, and most of them have a mature understanding of GRC and the relationship of GRC to business objectives.
Table 1. Evaluation Criteria
Market Understanding |
Ability of the consulting firm to understand buyers' wants and needs and to translate those into services. Firms that show the highest degree of vision listen to and understand buyers' wants and needs; in particular, they demonstrate an understanding of integrated GRC strategies and the relationship to business performance. |
High |
Offering (Product) Strategy |
The consulting firm's frameworks and methodologies that emphasize GRC integration, differentiation, functionality and solutions sets as they map to current and future requirements. Firms that have the most-advanced strategies demonstrate an overarching framework that relates GRC to business performance and transformation, sets the vision and is executable, and provides an architectural linkage for other GRC methodologies that address specific GRC issues. |
Standard |
Vertical/Industry Strategy |
The consulting firm's strategy to direct resources, skills and offerings to meet the specific needs of individual market segments, including vertical markets. Firms with the best strategies demonstrate the ability to bring specific industry talent to GRC engagements, and they have industry-tailored versions of their GRC methodologies. |
Low |
Geographic Strategy |
The consulting firm's strategy to direct resources, skills and offerings to meet the specific needs of geographies outside the "home" or native geography, either directly or through partners, channels and subsidiaries as appropriate for that geography and market. Firms with the best GRC strategies have tailored them to the specific needs of the region and have availability of GRC talent within the region. |
High |
Product/Service |
Core services offered by the consulting firm that compete in/serve the defined market. This includes current service capabilities, quality, solutions and skills, whether offered natively or through partnerships as defined in the market definition. Availability of key GRC talent during reference client engagements, quality of deliverables, evidence of GRC technology expertise, and value for money are important elements in evaluating the service. |
Standard |
Customer Experience |
Relationships and services/programs that enable clients to be successful with the services evaluated. Specifically, this includes the ways customers receive support and the ongoing value of the services after the engagement is complete. Client satisfaction and complexity and relevance of reference client engagements are significant factors in evaluating customer experience. |
High |
Market Responsiveness and Track Record |
Ability to respond, change direction, be flexible and achieve competitive success as opportunities develop, competitors act, customer needs evolve and market dynamics change. This criterion also considers the vendor's history of responsiveness. Year-over-year growth and willingness to rehire are key elements in this criterion. |
High |
Source: Gartner (March 2011)
Figure 1. MarketScope Global Enterprise GRC Consulting Services 
Source: Gartner (March 2011)
Vendor Product/Service Analysis Accenture has been engaged in risk management consulting since the 1990s, and in February 2010, Accenture announced that it was establishing a dedicated global risk management consulting line. Broadly, Accenture's practice has a vertical focus on the communications and high tech, financial services, healthcare and public services, and product and resource industries. Gartner estimates Accenture has 2,000 to 2,300 full-time equivalents (FTEs) globally in GRC-related consulting. In 2010, Accenture acquired RiskControl, a risk management consulting and software firm in Brazil. Accenture leverages its Avanade custom solutions and Accenture Technology Labs to support the practice. Accenture has organized its offering around the Accenture Risk Management Capability Framework. The framework has four major categories:
Strategy and Governance — Includes overall vision, direction, assessments and risk appetite Process Excellence and Integration — Focuses on risk management programs of all types, such as ERM, sustainability, IT, credit and market, and so forth Regulatory Reform — Directed specifically at responses within the financial services industry to regulatory developments, such as Basel III, Solvency II and Dodd-Frank Performance Insight and Execution — Focuses on the integration of GRC activities with financial, operational and other business processes
Product/service — Accenture has demonstrated good support for enterprise risk management and regulatory compliance. The company is strong in IT security risk management, and it has GRC technology implementation competencies, with a number of implementations of IT GRC management and continuous controls monitoring. Accenture also has a controls library of 11,000 controls that is regularly updated. Offering strategy — Accenture has a variety of methodologies and tools that have been developed for assessing a large number of distinct GRC issues, such as ERM, fraud management, liquidity risk and specific regulatory compliance requirements. Accenture's focus on its core strengths in analytics is a key part of the company's positioning for the GRC marketplace.
Market understanding — Accenture's understanding of the market is not as well-developed as other firms that have had a dedicated risk management or GRC service line longer. The company has demonstrated a reactive approach to market opportunities more than thought leadership. For example, Accenture's discussion of IT risk management was almost completely focused on IT security and did not include other process risks and information governance activities that could relate IT GRC to enterprise GRC. However, Accenture does have information and data governance capabilities that would be highly relevant to its approach to the market. Offering strategy — Accenture does not have an integrated approach to enterprise GRC. Its Risk Management Capability Framework is a structure of its various GRC offerings rather than a framework for execution or a methodology. Customer experience — The survey of client references indicated concerns with quality and cost. Specifically, Accenture's ratings of the quality of deliverables were below the average of other firms evaluated in the MarketScope, and some clients surveyed indicated they would be likely to switch to a lower-cost competitor. On the other hand, Accenture's clients describe its consultants as having the ability to adapt to changes and being flexible. Clients were extremely satisfied with Accenture's teams' culture fit and product independence.
Deloitte has long-established service line offerings for enterprise GRC. While the other three large audit firms spun off or sold much of their consulting practices, Deloitte did not; in fact, it developed a robust SOX compliance practice. Thus, Deloitte has the longest-running continuous enterprise GRC offerings, as well as the largest cadre of consultants in GRC-related practices — just under 20,000 globally. Deloitte is making focused GRC investments in the following verticals: financial services, consumer business, energy and resources, life sciences, and public sector. Deloitte's overarching approach for its GRC offerings is the Deloitte Risk Intelligence Framework. It provides both a strategic approach and granular detail. For granularity, Deloitte has the Risk Intelligence Map and 15 industry versions of the map, as well as library that describes hundreds of enterprise (including IT) risks. At the strategic level, the company has an ERM methodology that includes a maturity model and assessment tools. Deloitte also has a GRC technology implementation road map methodology. There are several other methodologies that address different types of GRC issues, and Deloitte is careful to link them all back to its overall Risk Intelligence Framework.
Market understanding — With the longest-running continuous GRC service line offerings, Deloitte has followed the enterprise GRC market from Sarbanes-Oxley and other compliance issues, such as privacy and industry-specific regulations, to risk management and to the emerging focus on integrating risk management with business performance. The company places emphasis on the role of risk management in improving business performance and decision making. Deloitte also sees risk management as an important element in its financial transformation service line. Offering strategy — Deloitte's approach is built around the concept of risk intelligence — that is, ensuring that risks and their controls are included as important elements in business decision making — and all its methodologies link back to the Risk Intelligence Framework. The company's approach is very structured, enabling it to engage at a strategic level and/or to focus on specific operational GRC issues. Product/service — Deloitte has demonstrated the ability to deliver well across a comprehensive range of enterprise GRC services, and it has the largest pool of GRC professionals globally. Technology implementation is an oft-cited strength for Deloitte, and it has demonstrated expertise at implementing enterprise GRC platforms and continuous controls monitoring. Customer experience — Deloitte had the highest scores from customer references, who were extremely satisfied and said they would very likely rehire Deloitte again. However, some customers expressed reservations with respect to the availability of the right talent and Deloitte's technology implementation.
Ernst & Young has maintained a risk management practice since 1995. This practice covers risk management, compliance and regulations, risk-embedded performance improvement, internal audit, and internal controls. Ernst & Young's practice has been focused on delivering enterprise GRC services since the inception of the risk practice in the mid-1990s. It has established centers of excellence to develop research and innovation focused on risk and performance models. The company has also made acquisitions, including those of EnteGreat and Hacktics. Ernst & Young has an estimated 13,000 to 16,000 professionals globally engaged in GRC-related consulting. Ernst & Young's approach is supported by its Risk Transformation methodology. While some other consultancies linked their GRC strategies to their financial transformation methodologies, Ernst & Young was the only one to present a business transformation methodology that focused specifically on the elements of GRC. The intent of the methodology is to integrate risk considerations and controls into business processes and technologies, with the objective of removing operational barriers to performance and improve business outcomes. The Risk Transformation methodology includes the following key elements:
Governance — Board and management roles, policies and procedures, organizational strategies, and communications Risk Management — Tolerance, analysis, assessments, monitoring and mitigation Integrated GRC Capabilities — Mandate, people, methods and technology Business-Level Performance — Assessment, metrics and measurement, process and control optimization, and programs and initiatives
Market understanding — Ernst & Young has an above-average understanding of the market. Its risk transformation approach represents extraordinary thought leadership. Offering strategy — Ernst & Young takes a unique risk transformation approach, presenting a strategy for transforming an enterprise from tactical point solution approaches to compliance and risk management to a holistic enterprise GRC approach enabling more-effective ERM and business performance. Product/service — Besides offering standard consulting services, Ernst & Young has pioneered a service in which it provides risk management and compliance as a managed service for clients. This is beyond the internal audit services that most consulting firms offer.
Product/service — Ernst & Young's transformation approach requires a sophisticated understanding of the relationship of business performance and GRC. Based on client interviews and surveys, Ernst & Young rated low on the number of senior managers globally able to advise on the role of technology enablement in enterprise GRC. Customer experience — Ernst & Young's clients were least satisfied in the areas of value for money of contracted services and time quoted to complete the project.
KPMG has maintained a risk management practice since 1995. This practice covers GRC strategy, enterprise risk management, financial risk management, forensics, internal audit and regulatory compliance, IT risk and compliance, and information protection and business resilience. Having spun off much of its consulting practice as BearingPoint 10 years ago, KPMG is now rebuilding it. The company has an estimated 10,000 to 12,000 FTEs involved in GRC-related consulting globally. KPMG is the only one of the firms evaluated that has developed an integrated GRC framework, which it calls the KPMG GRC Holistic Model; the other firms address enterprise GRC through their risk management methodologies. The KPMG model links strategy and business goals with GRC guiding principles, with the outcome being greater resilience in the ability to meet performance and compliance objectives. KPMG also presented a GRC road map for guiding client engagements that included program and project management, change management, and GRC implementation elements, including technology enablement.
Market understanding — KPMG has a very good understanding of the enterprise GRC market, including the critical trends and developments and their impact on business performance. Offering strategy — KPMG's GRC Holistic Model presents a high-level strategic view of enterprise GRC and supports convergence of business, compliance and risk management goals. By establishing guiding principles, it is very useful in helping clients understand where they want to go with a GRC strategy. Product/service — KPMG manages effective alliances with Oracle, SAP and best-of-breed enterprise GRC platform vendors. Customer ratings on KPMG's technology competence were mixed; with some clients, KPMG implemented GRC technology solutions, including both enterprise GRC platforms and continuous controls monitoring. KPMG client references cited being flexible and committed as KPMG's strengths.
Offering strategy — KPMG has presented a strategy and vision-level GRC model and a good understanding at the technology enablement level. However, the dependencies and linkages between the vision-level holistic GRC model and KPMG's many operational GRC methodologies, which are used to execute against the elements of the model, are not clear. Customer experience — Some KPMG clients, who are cost-sensitive, indicated they would consider a switch to a lower-cost provider.
Protiviti was founded in 2002, with its founding members being former Arthur Andersen consultants. The company built its consulting practice from the start by providing SOX and internal audit services. A preponderance of its engagements and services involve GRC-related activity. Protiviti's GRC services cover the following areas: risk management and compliance, IT effectiveness and controls, cost and working capital optimization, finance and accounting excellence, litigation, restructuring and investigative services, and internal audit and financial controls. The company also has an enterprise GRC software solution that is rated in the Magic Quadrant for enterprise GRC platforms. Protiviti focuses on the manufacturing, financial services, retail and services industries, and it has an estimated 2,000 to 2,300 consultants. Protiviti organizes its GRC approach around its Performance/Risk Integration Management Model (PRIM2). This is a sophisticated model that takes an enterprisewide approach to the alignment of strategy, risk management and performance objectives. At the governance level, it assesses risks and strategic capabilities with respect to business goals. At the operational level, it is highly metric-oriented, defining and monitoring key performance indicators and key risk indicators. The PRIM2 model is also supported by a detailed Protiviti Risk Model, which provides a detailed taxonomy and definitions for enterprise risks, including IT risks.
Market understanding — Protiviti built its consulting practice largely on the GRC-related issues facing its clients. It has a very complete understanding of the market and its key trends and directions. GRC is not just a service line offering from Protiviti, but in a sense, it is the concept upon which all its other consulting services are based. Offering strategy — The PRIM2 model is a thought-leading approach to enterprise GRC. It takes a governance point of view; that is, the ultimate objective of GRC is to improve governance and to facilitate business performance transformation. It also provides for the mapping of key risk indicators to key performance indicators, which is a critical concept if GRC is to be considered an enabler of business performance rather than just a compliance-driven activity. Product/service — Technology implementation was noted as a Protiviti strength by several client references. Customer experience — Clients were extremely satisfied with Protiviti, giving consistently very high ratings across many areas, such as the company's flexibility and responsiveness to contract terms and project scope, product independence, business acumen, and GRC expertise. Clients rated Protiviti extremely high for its technical skills, ability to perform knowledge transfer and enterprise GRC consulting resources. Protiviti clients also said they would rehire or refer Protiviti to their peers and would not switch to another provider even if the price was lower.
Product/service — Protiviti did not present its own enterprise GRC software, the Protiviti Governance Portal, as an important element of its GRC consulting practice. Geographic strategy — Protiviti is the smallest of the firms evaluated, and although it operates in 16 countries, the company often must use nonlocal talent. Market responsiveness — Protiviti has downsized through the recession, and there were indications from clients of below-market rates, but the firm is focusing on improving its profitability.
PwC's GRC service line offering dates back to 1992 when the company was instrumental in the development of the Committee of Sponsoring Organizations (COSO) Internal Control — Integrated Framework, which has become the most commonly used framework for determining the effectiveness of internal controls, including SOX compliance. PwC has a performance and risk management practice that includes the following: enterprise risk management, capital management, financial analytics and valuation, credit risk, market risk, supply chain risk, and operational risk. PwC has an estimated 1,500 to 1,800 FTEs globally who are involved in GRC-related consulting. PwC organizes its GRC approach using its ERM framework. The PwC ERM Framework is focused on improving capital deployment throughout the enterprise. Complementing the ERM Framework is the PwC Risk Management Assessment Methodology, which is based on principles drawn from industry-accepted standards and rules, such as COSO's Enterprise Risk Management — Integrated Framework, Basel II, Solvency II and the U.S. Sentencing Commission's Federal Sentencing Guidelines. PwC has a performance and organizational improvement methodology called Transform, which is complementary to its ERM Framework. The Transform and ERM methodologies are employed together to facilitate the transformation of ERM practices. In addition, PWC has detailed risk and control libraries that provide a basis for helping clients with taxonomies and definitions. As an example of its methodologies, PwC presented its Information Risk Management Framework, which addressed not just IT security risks, but also IT organizational and process risks, and significantly, the business risks associated with information management.
Market understanding — PwC has demonstrated a very good understanding of the enterprise GRC market. Its approach to the market focuses largely on ERM and finance transformation, with the goal being better business decision making and capital deployment. Offering strategy — PwC's approach is unique in that, while other consultancies focus on aligning risk management and business performance, PwC also focuses on improvements in governance and capital allocation. PWC also demonstrated an exceptional approach to information risk management that addresses a broad spectrum of risks and performance improvements. Product/service — PwC's clients noted its expertise in strategic GRC consulting. PwC is well-suited for clients who are trying to develop or improve their ERM programs. The company's information risk management services are also well-suited for CIOs who are trying to better-align IT GRC activities to ERM and other enterprise GRC functions. Customer experience — Clients were extremely satisfied with PwC. They stated they would rehire PwC for future engagements and refer the company to peers.
Offering strategy — PwC's approach draws on several different frameworks and methodologies, which are only loosely interrelated. Effective application of these methodologies and frameworks depends on the consultant having a high level of GRC understanding and broad experience. Product/service — Some clients expressed concerns about the availability of senior managers with an adequate depth of expertise in risk management. Also, when niche expertise was provided, often it was provided over the phone rather than in person. © 2011 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in any form without Gartner's prior written permission. The information contained in this publication has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. This publication consists of the opinions of Gartner's research organization and should not be construed as statements of fact. The opinions expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartner's Board of Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartner research, see "Guiding Principles on Independence and Objectivity" on its website, http://www.gartner.com/technology/about/ombudsman/omb_guide2.jsp.
|
|
|
|
|
|
|
Committee of Sponsoring Organizations |
|
|
enterprise risk management |
|
|
full-time equivalent |
|
|
governance, risk management and compliance |
|
|
Performance/Risk Integration Management Model |
|
|
PricewaterhouseCoopers |
|
|
Sarbanes-Oxley Act |
|
|
|
|
|
|
|
|
|
The MarketScope takes an integrated view of governance, risk management and compliance as illustrated by this definition:
Governance — The process by which policies are set and decision making is executed. Risk management — The process to ensure that important business processes and behaviors remain within the tolerance associated with policies and decisions set through the governance process; thus preventing an unacceptable level of uncertainty to business objectives, with a balance of avoidance through reconsideration of objectives, mitigation through the application of controls, transfer through insurance and acceptance through governance mechanisms. Compliance — The process of adherence to policies and decisions. Policies can be derived from internal directives, procedures and requirements, or external laws, regulations, standards and agreements. |
|
|
|
|
|
|
|
|
When selecting a GRC consulting firm, there can be conflicts of interest in selecting the same firm for consulting that is providing the enterprise's external or statutory audit services. This conflict arises when a consulting firm would be designing or implementing controls to which its audit side would attest; in some jurisdictions, there may be legal restrictions on using the same firm in these circumstances. The audit committee is responsible for evaluating any such potential for conflict and therefore should approve the selection of any consulting firm involved in GRC activities. |
|
|
|
|
|
|
|
|
We review and adjust our inclusion criteria for Magic Quadrants and MarketScopes as markets change. As a result of these adjustments, the mix of vendors in any Magic Quadrant or MarketScope may change over time. A vendor appearing in a Magic Quadrant or MarketScope one year and not the next does not necessarily indicate that we have changed our opinion of that vendor. This may be a reflection of a change in the market and, therefore, changed evaluation criteria, or a change of focus by a vendor. |
|
|
|
|
|
|
|
|
Gartner's MarketScope provides specific guidance for users who are deploying, or have deployed, products or services. A Gartner MarketScope rating does not imply that the vendor meets all, few or none of the evaluation criteria. The Gartner MarketScope evaluation is based on a weighted evaluation of a vendor's products in comparison with the evaluation criteria. Consider Gartner's criteria as they apply to your specific requirements. Contact Gartner to discuss how this evaluation may affect your specific needs. In the following table, the various ratings are defined: MarketScope Rating Framework Strong Positive
Is viewed as a provider of strategic products, services or solutions: Positive
Demonstrates strength in specific areas, but execution in one or more areas may still be developing or inconsistent with other areas of performance:
Customers: Continue planned investments. Potential customers: Consider this vendor a viable choice for strategic or tactical investments, while planning for known limitations. Promising
Shows potential in specific areas; however, execution is inconsistent:
Customers: Consider the short- and long-term impact of possible changes in status. Potential customers: Plan for and be aware of issues and opportunities related to the evolution and maturity of this vendor. Caution
Faces challenges in one or more areas.
Customers: Understand challenges in relevant areas, and develop contingency plans based on risk tolerance and possible business impact. Potential customers: Account for the vendor's challenges as part of due diligence. Strong Negative
Has difficulty responding to problems in multiple areas.
Customers: Execute risk mitigation plans and contingency options. Potential customers: Consider this vendor only for tactical investment with short-term, rapid payback. |
|
|
