RealTime IT News

Oracle Hot For Governance

Oracle  is introducing a new governance, risk and compliance (GRC) suite today that is intended to help companies monitor, report on and assess enterprise risk, as well as meet complex regulatory compliance requirements.

If done right, GRC initiatives can give line-of-business executives greater visibility into how governance and risk-management policies are implemented and followed in the course of doing business.

The new Oracle suite includes GRC Manager, which monitors business process risk and control performance across the enterprise, automatically highlighting areas where controls are weak and initiating corrective actions with automated loss and investigations management; Application Access Controls includes a library of segregation of duties controls and provides the ability to detect and prevent access control violations; and GRC Intelligence, which provides out-of-the-box dashboards and reports to help companies manage organizational performance, react quickly to risk events, monitor compliance mandates and deliver reports that meet audit report standards.

The GRC Intelligence application integrates technology from Stellent, which Oracle acquired in November.

Folia Grace, Oracle vice president of applications, told internetnews.com that the Redwood Shores, Calif., vendor is continuing to invest heavily in this application suite, noting that it has dedicated a new sales and marketing team to this product line.

She noted that Oracle also formed an advisory board comprised of customers, partners and consultants to "inform Oracle on what the roadmap should be."

According to Grace, customer demand for this type of application suite is very strong "across all industries." That statement is supported by a report from AMR Research, which shows that GRC spending will reach $29.9 billion in 2007, up from $27.3 billion in 2006; technology spending on GRC will rise 12.5 percent this year, to $9.9 billion.

Also according to the report, 10 percent of all GRC-related spending will be for the purpose of operational and general risk management, and not simply to comply with regulatory demands. Moreover, 58 percent of respondents listed operational reasons as the primary driver of their GRC initiatives.

The report authors noted that "the number of inquiries we receive from companies pursuing risk management programs is skyrocketing," and estimate that spending in this category will grow another 5.4 percent in 2008.

However, customers implementing a GRC solution will want the platform to function across a variety of legacy systems. Forrester analyst Michael Rasmussen noted that Oracle's acquisition of Stellent gives it the ability to do just that.

Moreover, while Oracle has had a set of disparate GRC-type applications all along, now "they can integrate a strong message that brings together the whole Oracle stack from IT infrastructure to business applications," he told internetnews.com.

Oracle will be trying to make inroads in this market at the expense of rival SAP  , which introduced a GRC suite last year after acquiring compliance specialist Virsa in April.

Grace dismissed SAP's GRC offering as having a "pretty lightweight risk capability."

Rasmussen, however, noted that SAP "definitely has a head start" and has "a very strong risk management dashboard." But he credited Oracle with having a broader security suite than SAP.