Chris McClean

Vice President, Research Director

Forrester Bio

Christopher McClean

Author Insights

BLOG

Nasdaq Hack Brings Security Issues Into The Boardroom

Chris McClean February 9, 2011

 Have you been having trouble getting your board of directors to care about information security? This weekend’s news that Nasdaq’s Directors Desk web application was compromised by hackers may help to improve your situation. Details have been elusive thus far, but reports indicate that multiple breaches occurred, resulting in “suspicious files” on the company’s servers. A […]

Read More
BLOG

For GRC Decisions, Avoid The ROI Discussion If Possible . . . But If You Can't, Here Are Some Tips

Chris McClean January 25, 2011

This week we published the first in a series of reports I'll be writing to help clients calculate the return on investment of GRC technologies. This report, How To Measure The ROI Of A GRC Platform, outlines the key factors and suggested metrics to show what GRC can do for your organization.  Of course, my […]

Read More
BLOG

In 2011 The GRC Market Will Grow 20%, Driven More By Breadth Than Maturity

Chris McClean December 8, 2010

On the heels of Forrester's GRC Market Overview last month, this week we published my Governance, Risk, And Compliance Predictions: 2011 And Beyond report. Based on our research with GRC vendors, buyers, and users, this paper highlights the aggressive regulatory environment and greater attention to risk management as drivers for change. Specifically, here is a brief summary of […]

Read More
BLOG

New Report: The GRC Platform Market Is Taking Big Steps Toward Clarity But Still Has A Long Way To Go

Chris McClean November 10, 2010

I'm proud to say that we published my report "Market Overview: GRC Platforms" earlier today. It will come as little surprise to most of you that the overall GRC market is still saturated with relatively small vendors, many of which continue to struggle to maintain their market niches. At the same time, a handful of […]

Read More
BLOG

IBM Announces Plans To Acquire OpenPages . . . Top GRC Vendors Are Charting Very Different Courses

Chris McClean September 15, 2010

Rarely does vendor consolidation reflect such fragmentation of a market. Picking up on the recent acquisition trend of independent market leaders, IBM today announced plans to acquire long-time GRC heavyweight OpenPages to strengthen its business analytics offerings, including Cognos and SPSS. It's a good fit for both companies and certainly won't surprise anyone who has […]

Read More
BLOG

Think You Know About All The Big US Government Regulations Coming Up? All 191 Of Them?

Chris McClean August 20, 2010

There has been an interesting PR battle in Washington over the last few weeks about the number of massive regulations still on the administration's agenda. House Minority Leader John Boehner wrote a memo to President Obama citing a list of 191 proposed rules expected to have a more than $100 million impact on the economy (each!) and […]

Read More
BLOG

The Forrester Information Security Maturity Model

Chris McClean July 28, 2010

After an in-depth survey of IT security and risk professionals, as well as our ongoing work with leaders in this field, Forrester recognized the need for a detailed, practical way to measure the maturity of security organizations. You asked, and we responded. I'm happy to announce today we published the Forrester Information Security Maturity Model, […]

Read More
BLOG

Tips For Using Spreadsheets For Business Intelligence, Compliance, And Risk Management

Chris McClean July 12, 2010

My colleague Boris Evelson, who covers business intelligence for Forrester and serves business process professionals, recently wrote a great post about the use of spreadsheets for business intelligence. He explains that while many BI vendors initially sought to replace spreadsheets in the corporate environment, it's now clear that they are not going anywhere any time […]

Read More
BLOG

The Supreme Court Ruling Will Have Little Impact On SOX . . . Sorry

Chris McClean June 28, 2010

Despite some speculation that today's Supreme Court ruling might overturn large portions of the Sarbanes-Oxley Act (if not all of it), the final opinion will likely have no significant impact on financial controls, auditing, or reporting requirements. The Court found that the method by which Public Company Accounting Oversight Board (PCAOB) members are appointed does […]

Read More
BLOG

Risk Professionals' Window Of Opportunity

Chris McClean June 22, 2010

In my ongoing work with risk management professionals, I've been encouraged to see how quickly the role is growing in influence and responsibility in today's business environment (even though the drivers for that elevation are often disastrous). Along those lines, I read a great article this morning in StrategicRISK, discussing the window of opportunity for risk experts, aptly […]

Read More
BLOG

Enterprise Risk Management For IT Security

Chris McClean June 11, 2010

A few weeks ago, Stephanie Balaouras and I posted a podcast on a topic that has been a high priority for many of our customers — how to apply risk management techniques to IT security. We know that many of you are feeling the pressure to take the lead in IT risk management and in […]

Read More
BLOG

Crisis Communication, Business Continuity, And Risk Management

Chris McClean June 4, 2010

I recently recorded a podcast with Stephanie Balaouras, discussing the potential for increased collaboration between crisis communication, business continuity, and risk management functions. The strategies that businesses implement to manage disasters can mean the difference between bankruptcy and resilience… and we unfortunately see reminders of this on an almost weekly basis. As each disaster hits the […]

Read More
BLOG

Financial Reform And GRC

Chris McClean April 21, 2010

I was able to catch pieces of live testimony in front of the House Financial Services Committee yesterday on the Lehman Brothers collapse (covered via live blog by the Wall Street Journal). It was interesting to watch former Lehman head Richard Fuld reluctantly attempt to explain to an understandably skeptical audience, “We were risk averse,” […]

Read More
BLOG

Top Challenges in Enterprise Risk Management

Chris McClean March 22, 2010

As I close out my client inquiry records for the quarter, it’s interesting to review some of the common challenges risk management professionals are currently facing. I was impressed to see how closely the issues I deal with were covered in the month’s edition of Risk Management Magazine. In an article entitled, “10 Common ERM […]

Read More
BLOG

The Fear Of Four... And The Future Of Fraud Detection

Chris McClean February 18, 2010

I had a few great conversations yesterday about the increasing role analytics will play in risk and compliance programs, which brought to mind the article, For Some Firms, a Case of 'Quadrophobia' appearing earlier this week in the Wall Street Journal and referenced yesterday by the NY Times’ Freakonomics blog. The article covers a study […]

Read More
BLOG

The changing nature of governance, risk, and compliance

Chris McClean February 2, 2010

In my ongoing work with clients, I try as often as possible to stress the importance of flexibility in GRC programs. Internal processes and technology implementations must be able to accommodate the perpetually fluctuating aspects of business, compliance requirements, and risk factors. If GRC investments are made without consideration for likely requirements 1 to 2 […]

Read More
BLOG

Growing Concern Over Risks To (And Of) The System

Chris McClean January 12, 2010

By the end of this year, we will likely all be sick of the phrase “systemic risk.” Referring to the complex and interconnected nature of risks that brought down the financial services sector, the phrase has been a focal point in the discussions on how to prevent such failures in the future. (And in my […]

Read More
BLOG

Thoughts on EMC’s acquisition of Archer

Chris McClean January 4, 2010

What a good way to kick off what should be another exciting year in GRC. Just less than a year ago, Archer Technologies brought consolidation to the IT GRC market with its acquisition of rival Brabeion. The vendor food chain continued today as EMC announced an agreement to acquire Archer into its RSA product division. […]

Read More
BLOG

The Story of the Risk Manager’s Increasing Value Continues...

Chris McClean December 18, 2009

A few months ago I wrote about the rising visibility and responsibility of risk management professionals, linking to articles about the growing demand for risk training and talent. Along that train of thought, I was just able to get to this month’s edition of Risk Management, which along with a great photographic review of the last year […]

Read More
BLOG

Transparency and compliance . . . US Congress votes on financial oversight, and the OECD unveils ideas for new see-through fina

Chris McClean December 11, 2009

Today the US House of Representatives will vote on a bill bringing broad changes to financial regulations, which most experts expect will pass, pushing matter to the Senate. As the debate continues between what’s best for businesses and consumers as we look for economic recovery, a few of the amendments expected to come to a […]

Read More