The Governance, Risk and Compliance (GRC) technology landscape is large and diverse. A truly complete GRC solution would be comprised of many modules including risk modeling, risk assessment, policy management, helpline/whistleblower, access controls management, incident capture and management, investigations management, controls monitoring and management, root cause analysis, audit management and more. While many Governance, Risk and Compliance (GRC) vendors claim to have a complete solution, the reality is that GRC is too big for any one vendor to meet every need. No one vendor today actually has a complete solution. Depending what you include as GRC, it’s likely no one vendor will ever have it. Even amongst those vendors who can tick many of the GRC boxes, each has different strengths and weaknesses that might limit which GRC modules a company might purchase.

Today’s reality is that any complete solution will be comprised of multiple vendors (for example BPS Resolver for ERM, Compliance and Audit and SymSure for Continuous Controls Monitoring). Looking at the market, many vendors, including us, have created partnerships and alliances to bring a more complete solution to clients. However, this approach is somewhat limiting and clients can’t really mix and match a solution from any vendor they choose without custom projects. Custom integration projects are required because there is no industry standard common GRC interface or language that would allow GRC systems to consume and publish data.

Enter GRC XBRL. XBRL stands for Extensible Business Reporting Language and is an open standard based on XML to define a common language for business reporting. GRC XBRL (sometimes called GRC XML) is a GRC specific definition built on the foundation of XBRL by the Open Ethics and Compliance Group (OCEG), including members from Approva, Thomson Reuters, Fujitsu, and PricewaterhouseCoopers. The alpha version of the standard was released to peer-review in October 2009 and should be published for widespread consumption in 2010.

Currently, no technology vendor reads or writes data to this open standard. The benefits of all GRC vendors adopting GRC XBRL as a common language would be enormous. To date, all systems integration has been customized and proprietary. If all GRC vendors adopt GRC XML and provide standard interfaces to publish and consume this data, the GRC market would enter a new era of plug and play components. Clients could choose a GRC backbone platform and add specialized components or modules from other vendors that best suit their business needs.

Another interesting opportunity from GRC XBRL is that it provides a common language across companies and industries to share and compare GRC data. In the future, GRC XBRL could be a mechanism for companies to benchmark their progress and practices against their peers in industry and geography.

In the same way that XBRL is transforming the business reporting landscape, GRC XML will soon have a large impact on GRC applications. All vendors with GRC related applications should move to support this new standard.