SAP Pushes Compliance as Strategy

SAP  wants companies to think of governance, risk and
compliance (GRC) management in strategic terms.


The leading vendor of enterprise software, based in Walldorf, Germany,
introduced an integrated set of solutions to help enterprises
manage their GRC issues.

The solutions build on existing SAP solutions, as well as applications that
SAP acquired when it purchased compliance solutions vendor Virsa in May.

The first solution, called GRC Repository, will allow companies to document
and maintain GRC information, such as corporate policies, board of director
minutes, regulations, compliance, control frameworks and key business
processes in a central system of records.

Doug Merritt,
executive vice president and general manager of suite optimization products
and technology at SAP, said that consultants in the compliance arena, regulatory bodies and
other vendors will also be able to contribute to this repository.

The second solution, GRC Process Control, automatically aggregates business
process risks for the entire enterprise, provides supporting evidence of
compliance, pinpoints control violations to prioritize corrective action and
prevents material weaknesses from developing and persisting.

The software will integrate automated control monitoring for SAP and non-SAP
applications.

“It allows companies to manage hugely heterogeneous landscapes,” noted
Merritt.

The third component of the offering, GRC Risk Management, helps enterprises
implement collaborative risk-management processes.

Merritt said the solution will help risk managers and business owners
identify financial, legal and operational risks, analyze business
opportunities in light of these risks, and develop appropriate responses.

The key to all three solutions, the company said, is that they give
line-of-business executives greater visibility of how governance and risk-management policies are implemented and followed in the course of doing
business.


Effective GRC management can do more than ensure that companies are in
compliance with Sarbanes-Oxley and other regulations, said Merritt.

“GRC is more business-driven than just keeping the CEO out of jail,” said
Merritt in response to a question from internetnews.com during
a conference call this week.


“Understanding the relative risks and rewards of different activities is as
critical or more critical than regulatory reporting,” he said.

Amit Chatterjee, senior vice
president of the risk and compliance management unit at SAP, said that whatever can be monitored can be managed. “GRC can become a strategic weapon, not just a cost-laden compliance issue.”

More specifically, Chatterjee said that GRC solutions can help companies
reduce cost and make more informed strategic decisions.

SAP GRC Repository and SAP GRC Process Control will be generally available
Nov. 30.

SAP GRC Risk Management will ship in December. All three products will
be sold individually.

SAP has grouped development of all compliance-related solutions, including
earlier applications such as Global Trade Services (GTS) and Risk
Terminator, under the GRC umbrella.

Several solutions in the compliance portfolio, such as GTS, have been
already rolled into the GRC Repository, Chatterjee said.

Other solutions, particularly those pertinent to industry verticals, will
become part of the new solution during the second quarter of next year.


SAP also announced that it is bringing these products to market jointly with
networking solutions vendor Cisco Systems .

Merritt said that Cisco’s architecture, based on SOA
 principles, fits in with SAP’s vision of transparency and
interoperability.

The companies will leverage Cisco’s networking architecture to allow
business executives to actively administer network events.

Paul McNab, vice president of enterprise marketing for Cisco, noted that
corporate networks have become an integral part of strategy and compliance.

“Business process managers are sitting at the center of the enterprise,” he
said. “It’s been a long-term goal to have business managers able to set
policies for the network.”

Charles King, principal analyst at Pund-IT Research, told internetnews.com that one of the
prime benefits of SOA is the ability to tailor applications to meet the
specific needs of workgroups and business units.

King also said that risk management is currently top of mind for
business executives, a fact noticed at SAP.

According to Chatterjee, market research firm IDC has pegged the market for
GRC solutions at around $20 billion.

Chatterjee said that SAP doesn’t break out revenues by segment, but said
that “these are significant opportunities.”

News Around the Web