SAP's 10.0 release of its GRC suite has been getting lots of coverage in SAP-related media of late, and it's no surprise. In addition to being one of SAP's biggest releases of the year, it's also the first major overhaul of the solutions since SAP bought BusinessObjects and folded its branding into SAP's own tools, which had been acquired via the purchase of Virsa some years ago.
Now the coverage is starting to branch out into other tech media as the features of GRC 10.0 start to be explained. Chris Kanaracus of PC World looks at the new tool today, noting that, via Jim Dunham, this isn't just your typical upgrade:
There is "virtually no part of the product that has not been touched," said Jim Dunham, group vice president of GRC solutions.
To date, GRC has been approached in four phases. At the most basic level, companies are dealing with compliance issues in a compartmentalized way -- such as the finance department handling finance matters -- and with manual tools, he said.
From there, companies have added some automation to their compliance processes, but the activity remained divided in silos, Dunham said. Phase three comes when IT departments start pushing to consolidate various compliance
tools into a single platform for efficiency's sake, and companies start adding executives with job titles like "chief compliance officer," he said.
SAP's new GRC release aims at phase four, which builds upon the first three stages by merging GRC with BI for deeper insights, according to Dunham.
Efficiency is the key in the GRC area -- which Kanaracus noted is due to grow 20% this year according to Gartner. For so long, GRC solutions have been seen as a premium -- a way to handle issues just to get through regulations. They've been a hassle, rather than an opportunity to gain business advantage by identifying risky decisions before you make them, or discovering non-compliant actions that were missed by disparate systems.
As is usually the case in the GRC space, Norman Marks has been all over this tool as well, yesterday delivering a blog post that translated some of SAP's marketing about 10.0's functionality:
- All the solutions in SAP’s GRC portfolio now share the same technology. This not only provides a consistent look and feel, so users don’t have to learn how to navigate multiple solutions, but it also enhances the capability for enhanced integration (not only with GRC but also across the SAP portfolio). In my opinion, this is very important. I am a believer in software that supports the business process, not just a limited set of functionalities. For example, I believe it is critical to link risks to strategy and manage both. I believe in the value of automated, continuous risk monitoring. These can be achieved more simply and effectively when the solutions for managin
g risk and strategy, for risk and enterprise application processing, use the same technology.
- Users of the solutions can now understand, analyze, and respond to GRC-related activities, events, and situations. They will have clear insights into risk and compliance situations and be able to manage their GRC business processes more effectively.
- SAP partners have developed enhancements for customers in a number of businesses or roles. These have been collected and made available in one place: the SAP EcoHub.
- The bow-tie is a technique for advanced users, primarily in risk management. Rather than try to explain it here, check this link if you are interested.
The "automated, continuous risk monitoring" that he mentions is the key. You can't plan for every risk, but you can certainly be more aware of the ones you're facing with good GRC solutions.
He has a dozen links at the bottom of the article, including one for insiderRESEARCH's Davin Wilfrid's coverage of the launch of GRC 10.0 at GRC 2011 earlier this month.
Next month, SAP's Frank Rambo will have the first technical article about the capabilities in GRC 10.0 in GR
C Expert. Be sure to keep an eye out for that if you want to get under the hood of the solution and see how it works. And if you missed it, earlier this year Norman Marks was interviewed about all things GRC for Project Expert.