SAP is among the solution leaders according to Chartis Research’s “Integrated GRC Solutions, 2024: Market Update and Vendor Landscape” report.

GRC: Get early and predictive insight into anomalies and potential risks

“SAP’s category-leading position in our iGRC quadrants reflects its strong set of solutions across most of the major GRC categories,” said Sid Dash, chief research at Chartis. “Moreover, it combines these with a strong element of integration, as well as links with corporate operations and infrastructure management.”

Governance, risk, and compliance (GRC) has evolved from its historical roots in the scope of audit and organizational control, progressing to incorporate a broader set of concepts and procedures.

In the latest release, SAP is featured in six categories: GRC analytics, internal audit, third-party risk, conduct risk and control, EGRC, and operational risks. These categories are evaluated based on two key offering dimensions: offering completeness and market potential.

GRC Analytics

GRC analytics involves not only the overarching qualification of risk, but also the specific methods, models, and techniques than can be used to analyze risk, including dynamic and ad hoc visualization and statistical methods. In this category, SAP is recognized for its industry-leading capabilities in the tool’s offering completeness, as well as advanced features in coverage, mapping and transformation, data management, and visualization.

Internal Audit

When discussing audit management, automation and data-driven activity come into play. As various tools that enable the industrialization of internal audit become more accessible, SAP possesses industry-leading capabilities, specifically in audit content and workflow automation. In addition, capabilities in data management, case management support, and dashboard and control are rated as advanced.

Third-Party Risk

Following several years of disruptions in the supply chain, third-party risk is now being scrutinized more closely from a regulatory perspective. Value chains and third parties are growing more complex and harder to analyze, so a constant IT and cyber risk monitoring process with multiple profiles is becoming an increasingly crucial element of any system. SAP provides industry-leading capabilities in coverage, risk analytics, and process management in this category.

Conduct Risk and Control

The vendor community providing conduct and controls is highly diverse. Many leading consulting companies have extensive content control libraries and have established large sets of control tools that integrate with their core platforms. In this assessment, SAP has achieved the best-in-class capability in control library coverage.

Enterprise GRC

Enterprise GRC (EGRC) amalgamates elements of workflow management, case management, and intelligent automation. The technology available to address EGRC have experienced significant advancements — a revolution — that improve how these processes are managed and automated. SAP leads in prepackaged content, followed by advanced workflow and automation, data management, and content management.

Operational Risk

As a subset of GRC analytics field, operational risk focuses on regulatory support and dynamics. It also emphasizes purer operational risk, which makes a broader collection of operational analytics increasingly relevant. In this case, SAP advances in data management, tools, and visualization.


Vishal Verma is global vice president and head of GRC Product Marketing at SAP.

Chartis RiskTech Quadrants for Governance, Risk and Compliance – 2024