is introducing a new governance, risk
and compliance (GRC) suite today that is intended to help companies monitor,
report on and assess enterprise risk, as well as meet complex regulatory
If done right, GRC initiatives can give line-of-business executives greater
visibility into how governance and risk-management policies are implemented
and followed in the course of doing business.
The new Oracle suite includes GRC Manager, which monitors business process
risk and control performance across the enterprise, automatically
highlighting areas where controls are weak and initiating corrective actions
with automated loss and investigations management; Application Access
Controls includes a library of segregation of duties controls and provides
the ability to detect and prevent access control violations; and GRC
Intelligence, which provides out-of-the-box dashboards and reports to help
companies manage organizational performance, react quickly to risk events,
monitor compliance mandates and deliver reports that meet audit report
The GRC Intelligence application integrates technology from Stellent, which
Folia Grace, Oracle vice president of applications, told
internetnews.com that the Redwood Shores, Calif., vendor is continuing
to invest heavily in this application suite, noting that it has dedicated a
new sales and marketing team to this product line.
She noted that Oracle also formed an advisory board comprised of customers,
partners and consultants to “inform Oracle on what the roadmap should be.”
According to Grace, customer demand for this type of application suite is
very strong “across all industries.” That statement is supported by a report
from AMR Research, which shows that GRC spending will reach $29.9 billion in
2007, up from $27.3 billion in 2006; technology spending on GRC will rise 12.5 percent this year, to $9.9
Also according to the report, 10 percent of all GRC-related spending will be
for the purpose of operational and general risk management, and not simply
to comply with regulatory demands. Moreover, 58 percent of respondents
listed operational reasons as the primary driver of their GRC initiatives.
The report authors noted that “the number of inquiries we receive from
companies pursuing risk management programs is skyrocketing,” and estimate
that spending in this category will grow another 5.4 percent in 2008.
However, customers implementing a GRC solution will want the platform to
function across a variety of legacy systems. Forrester analyst Michael
Rasmussen noted that Oracle’s acquisition of Stellent gives it the ability
to do just that.
Moreover, while Oracle has had a set of disparate GRC-type applications all
along, now “they can integrate a strong message that brings together the
whole Oracle stack from IT infrastructure to business applications,” he told
Oracle will be trying to make inroads in this market at the expense of rival
, which introduced a GRC suite last year after acquiring compliance specialist Virsa in April.
Grace dismissed SAP’s GRC offering as having a “pretty lightweight risk
Rasmussen, however, noted that SAP “definitely has a head start” and has “a
very strong risk management dashboard.” But he credited Oracle with having a broader security suite than SAP.