AMR Says Governance and Compliance Are Big Software Businesses
March 31, 2008 Timothy Prickett Morgan
If government regulations did not exist, then the software business would have to create them to give itself a market into which to sell products. OK, so maybe the software business doesn’t really work that way, but it sure feels that way. And while no one likes paperwork–even when it is in an electronic format–or the federal, state, or local government snooping into their business, regulations and the need to have and document governance are now a factor of business in the 21st century.
And, as it turns out, it is a big business for software companies, and by extension, companies selling servers and related security products.
How big, you ask? Brace yourself. According to researchers at AMR Research, which is perhaps best known for monitoring the markets for various types of enterprise applications, the expected spending on governance, risk management, and compliance is $32 billion, up 7.4 percent from the spending levels set for such areas last year. Those costs include people costs as well, with $21.5 billion of that massive budget being allocated to people-related costs (meaning your own company’s employees plus the people engaged through third parties for services relating to installing, configuring, and managing these products).
Spending on Sarbanes-Oxley compliance, which regulates financial reporting for public companies in the United States, is expected to rise by 2 percent this year, to $6.2 billion.
AMR has been tracking the so-called GRC (governance, risk, and compliance) sub-market of IT spending since 2003, and believe it or not services spending in this area has been declining as companies figure out how to implement their own governance and compliance solutions; but risk management is becoming a more popular area of spending as companies try to protect themselves from potential woes and disasters that can befall any business. AMR just put together a new report on this area, called Governance, Risk Management, and Compliance Report, 2008-2009, which is based on AMR market estimates and the purchasing information from 424 IT and business managers in the United States, Germany, and Japan. Some 31 percent of the companies surveyed for this report said that managing risk and mitigating against it would be the biggest driver of GRC spending this year.
“In this economic climate, companies can no longer focus solely on reactive spending to meet each new regulation,” says John Hagerty, a vice president and research fellow at AMR Research who put together the report. “As executives are becoming aware of how different business and IT risks affect their bottom line, their spending focus is shifting toward approaching risk strategically, not just tactically.”