Internal auditors play the critical role of being the third line of defense. When risk owners and management do not identify risk or adequately mitigate the risk, it is imperative for the internal auditors to provide independent and objective insight on risk. The audit management solutions market caters to this need by automating internal audit operations through its primary and secondary offerings. Audit management solutions help manage the complexity of the auditor's role, not the organization's risk.
Gartner defines business continuity management program solutions as the primary tools used by organizations to manage all phases of the business continuity management (BCM) life cycle, from planning to crisis activation. BCMP solutions provide capabilities for availability risk assessment, business impact analysis (BIA), business process and resource/asset dependency mapping, recovery plan management, exercise and crisis management, and BCMP management metrics and analysis.
Corporate Compliance and Oversight (CCO) tools provide the framework and support for standardization of compliance activities and automation to increase efficiency and effectiveness of compliance management programs. CCO enables a common cross-enterprise approach to IT compliance activities that most affect the regulatory oversight of corporate governance. This is done through support of the five major requirements for managing a compliance program: policy development, aggregation and normalization, control monitoring, workflow management, and case management.
The IT risk management (ITRM) market focuses on solutions that support the ITRM discipline through automating common workflows and requirements. For the purposes of defining this market, IT risks are risks within the scope and responsibility of the IT department. These include IT dependencies that create uncertainty in daily tactical business activities, and IT risk events resulting from inadequate or failed internal IT processes, people or systems, or from external events.
IT vendor risk management (VRM) is the process of ensuring that the use of external IT service providers and other IT vendors (third parties) does not create unacceptable potential for business disruption or have a negative impact on business performance. IT VRM solutions support enterprises that have to assess, monitor and manage their exposure to risks arising from their use of third parties that provide IT products and services or that have access to their information. Some solutions' capabilities extend to fourth parties and subcontractors — a feature increasingly important to customers.
Gartner defines Integrated risk management (IRM) as the combined technology, processes and data that serves to fulfill the objective of enabling the simplification, automation and integration of strategic, operational and IT risk management across an organization.
The SACBT market is characterized by vendor offerings that include one or more of the following capabilities: Ready-to-use training and educational content; Employee testing and knowledge checks; Availability in multiple languages, natively or through subtitling or partial translation (in many cases, language support is diverse and localized); Phishing and other social engineering attack simulations; Platform and awareness analytics to help measure the efficacy of the awareness program. Training modules are available as cloud-hosted SaaS applications or on-premises deployments via client-managed learning management systems (LMSs), and also support the Sharable Content Object Reference Model (SCORM) standard, enabling integration with corporate LMSs.