Gartner Says Enterprise Risk Management Leaders are Challenged with a Lack of Pricing Transparency in GRC Tools

Due to widely varying government, risk, and compliance (GRC) tool pricing, enterprise risk management (ERM) leaders must understand four different pricing-tier categories of GRC solutions and apply a scoping framework to further estimate likely costs ahead of vendor selection, according to Gartner Inc.

“There are no shortcuts to avoiding demos and time-intensive sales processes,” said Joel Backaler, Director Analyst in the Gartner Audit & Risk Practice. “However, understanding four pricing categories that vendors generally fall into, and applying a scoping framework accordingly, can save time and narrow the focus of an RFP to vendors that are likely to fit within budget constraints.”

Gartner experts advise ERM leaders should address several key questions to understand what tier of GRC solution will meet their needs (see Figure 1).

Enterprise GRC solutions tend to cost the most and are a best fit for large, complex organizations that require a comprehensive platform to manage a broad spectrum of risk and compliance activities across assurance (risk, legal, compliance, audit) teams. These solutions typically offer extensive customization options, support for multiple risk modules (e.g., enterprise risk, operational risk, third-party risk) and advanced analytics capabilities.

Agile GRC solutions offer a more accessible alternative to enterprise tools, providing essential functionalities with easier implementation and scalability. These tools are ideal for midsize to large organizations that need effective risk and compliance management, but with less complexity and lower costs. They typically feature drag-and-drop configuration, modular structures that allow for gradual expansion and user-friendly interfaces.

Adjacent GRC point solutions can vary in price significantly and offer capabilities that overlap with core GRC capabilities. They also use a distinct set of criteria for deep workflows in one terrain. Examples of point solutions include tools that support business continuity management, third-party risk management and regulatory change management.

Disruptor GRC vendors are emerging players in the market, often founded by former executives from established GRC firms or former management consultants with a background in GRC implementations. They see gaps in the marketplace and aim to address them with the latest technology (e.g., AI use in GRC tools) and ease of data interoperability. This opens the door for strong price negotiation leverage as startups seek to acquire flagship customers.

“Using disruptor tools can also allow heads of ERM to more affordably gain access to new functionality by influencing the vendor’s forward-looking product roadmap,” said Backaler. “Moreover, a flagship customer will have substantial leverage to get the vendor to include enhancement requests in their product roadmap.”

Gartner clients can read more in Quick Answer: How Can ERM Rightsize Their GRC Tool Investment?. Nonclients can read: Top 3 Priorities for ERM Leaders in 2024.