Business Model Almanac
EPOCH 2026.0 PCF v7.4 snapshot 2026-Q3
Open the atlas.

Umbrella thread

Risk-to-Control

  • Risk-to-Report
  • Assess-to-Assure
  • Governance, Risk & Compliance (GRC)
  • Audit-to-Assurance

Governance, risk, and compliance: identify and assess enterprise risks, implement and test controls, monitor compliance, and provide audit assurance.

The constellation

The brass line traces the thread; the lit houses are the category plates it crosses, in process order. 4 steps across 3 categories.

The thread, step by step

  1. Manage Enterprise Risk, Compliance, Remediation, and Resiliency Manage enterprise risk 11.1
  2. Manage Financial Resources Manage internal controls 9.8
  3. Manage Enterprise Risk, Compliance, Remediation, and Resiliency Manage compliance 11.2
  4. Manage External Relationships Manage relations with board of directors 12.3

Signature software

The systems most associated with Risk-to-Control, in prominence order. Selection basis and the dated-snapshot policy are on the methodology page.

SAP GRC

SAP SE GRC / IRM

Governance, risk, and compliance for SAP landscapes.

RANK #2 as of 2026-Q3 ranking basis

Archer

Archer Technologies LLC GRC / IRM

Enterprise integrated-risk and GRC platform.

RANK #3 as of 2026-Q3 ranking basis

← Back to all threads