GRC to Accelerate in 2007

By Sam Sliman
President, Optimal Solutions Integration, Inc.

In the years since Enron imploded corporate governance issues have dominated the headlines and the agendas of C-level executives at public companies. This fact was not lost on SAP, who acquired Virsa Systems last year to augment their governance, risk and compliance (GRC) capabilities. With SAP’s marketing muscle, penetration of GRC into the SAP installed base is happening, and 2007 should be the year that GRC comes into its own as a solution that SAP customers will own and implement.

Like SAP, think beyond GRC

To be sure, no CIO wants to see their CEO and/or CFO walk the SEC plank. The problem is that the sensationalism surrounding GRC has prompted a host of vendors to re-purpose products and stake a claim to the ultimate GRC solution. This marketing noise makes it increasingly difficult for CIOs to sift through the hype as they map out a sound plan for attacking GRC.

Here, SAP rises above the crowd to deliver a meaningful portfolio of solutions that addresses immediate compliance and governance challenges while never losing sight of the big picture.

Unlike the horde of opportunistic GRC vendors, SAP has an evolved GRC offering that has been proven over many years of real-world experience and industry-specific deployments. SAP’s timely acquisition and rapid integration of Virsa demonstrates the company’s commitment to staying at the forefront of GRC solutions. In addition, SAP’s recent partnership with Cisco attests to the company’s dedication to providing comprehensive risk protection—from the network layer to the application layer.

With the introduction of SAP GRC Repository, SAP GRC Process Control and SAP GRC Risk Management, SAP clearly offers the most compelling, comprehensive portfolio of GRC solutions available today. And, equally important, these applications are built on the NetWeaver platform, making them among the first service oriented architecture (SOA)-based GRC solutions. The upshot: SAP’s GRC solutions are designed to deliver value in a broader context that transcends just GRC, and they can be incorporated smoothly and strategically into a company’s overall SOA strategy.

GRC as opportunity

When tasked with satisfying a compliance mandateSarbanes-Oxley, the Gramm-Leach Bliley Act (GLBA) Act, Health Insurance Portability and Accountability Act (HIPPA), etc. – CIOs should take care not to implement point-solutions that, while solving an immediate challenge, fail to contribute to the greater goal of helping a company run more efficiently and profitably.

The rigor and discipline enforced by SAP’s GRC functionality ensures that governance and risk management issues are addressed as processes, not tackled as one-time events. This is extremely important, since risks tend to develop over time as the result of incremental decisions that accumulate, rather than dramatic actions that transpire and then evaporate. By identifying risks early, GRC allows you to nip these potential problems in the bud, before they develop into full-blown crises.

Given the grave consequences of non-compliance, it is understandable why GRC initiatives command center stage today. But as the myopia of the minute recedes, only those CIOs with the vision and fortitude to leverage compliance as a means to drive broader, enterprise-wide efficiency and profit gains will emerge as the truly wise IT leaders of tomorrow.