GRC

The state for GRC 2.0

Jim Kim — Thu, 10 Jul 2008 14:44:00 -0400

What to make of the governance, risk and compliance software market? Well, it has attracted a host of big players, notably SAP and Oracle, as well as a host of increasingly well-known smaller companies. And most companies at least have an understanding of what GRC is all about. But the functionality needs to evolve. OpRisk & Compliance notes: "If the first generation (GRC 1.0) was heavily oriented toward compliance, then certainly one strategic imperative is that the next-generation GRC 2.0 solutions place increased emphasis on value (which, in essence, means there must be a more business-oriented focus on proactive risk identification, assessment and mitigation)." Many have noted that compliance-oriented software is only as good as the strategic benefits it yields. That seems to be the focus of GRC 2.0. We're still chasing the "holistic" and truly "integrated" solution. But we are seeing a lot 2.0-like products coming out. More soon.

For more:
- here's the OpRisk & Compliance article

Primer: GRC software market

Tue, 13 May 2008 06:59:59 -0400

AMR Research projects spending on government, risk and compliance applications and services will top $32.1 billion in 2008, up 7.4 percent from 2007. In 2009, growth is projected at 7 percent. In a really tough IT spending environment, these are pretty good numbers. This will be a front-burner issue for a lot of folks, so it never hurts to recap what the niche is all about. These software packages started out as Sarbanes-Oxley compliance applications. Financial controls are still key, but the feature set has expanded, notes Financial Week. The list includes "legal (email retention, data privacy), environmental (greenhouse gas inventories), financial (capital adequacy), and technology (IT governance)." Increasingly, the big boys--SAP and Oracle--are moving in with encompassing applications.

For more:
- here's the Financial Week primer

GRC initiatives gaining, compliance still a must-do

Tue, 01 Apr 2008 07:59:59 -0400

We've discussed the idea that compliance initiatives can yield strategic benefits, if done right. A new survey from AMR Research seems to suggest that more companies are getting on board with this idea. Companies will spend more than $32 billion on governance, risk management and compliance (GRC) in 2008. That's an increase of 7.4 percent over 2007. Meanwhile, spending on Sarbanes-Oxley compliance is expected to grow only 2 percent to $6.2 billion. What to make of this? The fact is, that a lot of GRC investment relates to Sarbox compliance. Rather than a Sarbox-specific project, why not include the project as part of larger, more strategic, deployment? Risk-management, intimately related to Sarbox, is seen as a big driver behind the trend.

For more:
- here's the release

Related Articles:
CFOs face complex GRC software decisions. Article
Will the economy zap compliance issues? Article
GRC software seems to be rising. Article
Oracle aims for GRC eco-system. Article

Compliance features still migrating into big apps

Tue, 18 Mar 2008 07:59:59 -0400

There are a whole lot of vendors out there hawking compliance-related products. The GRC market seems to be faring decently, even at a time when the technology spend at many companies is coming under pressure. The big vendors may see an expanded opportunity for their built-in compliance features. We've noted that Oracle, IBM and SAP have been expanding their suites to include more compliance features. Now comes Microsoft. It is rolling out a host of upgraded midmarket products. The new release of Dynamics AX, an enterprise resource planning program known as AX 5.0, now includes a compliance center, where people can access Sarbanes-Oxley data.

For more:
- here's a ChannelWeb article

CFOs face complex GRC software decisions

Tue, 26 Feb 2008 06:59:59 -0500

Most people assume that so-called GRC software--governance, risk and compliance--will continue to gather steam, as big boys like Oracle and SAP continue their marketing. It makes sense to automate compliance and risk issues, but the reality of this nascent field is that there really isn't a single point solution. Sure the big guys offer lots of functionality, but you have to weigh that against your budget and specific needs. There are plenty of small vendors out there leaving their marks. Movaris, for example, recently was bought by Trintech, which will round out its service offering for CFOs. John Hagerty of AMR makes the point that most GRC solutions are bought and implemented within silos. While all companies want to offer a complete set of services, the reality is that most companies will have to mix and match to get their optimal solution.

For more:
- here's a note from Hagerty

Oracle aims for GRC eco-system

Tue, 20 Nov 2007 06:59:59 -0500

The big boys--Oracle, IBM and SAP--are certainly aware of the demand for compliance-driven software solutions. The solutions span the entire business market, and Oracle's idea is to make this "eco-system" a little more accessible via its partner platform. The goal of the Oracle Enterprise Security and GRC Initiative is to make getting partner services out in front of customers a bit easier. So for Oracle-based service providers, the program can't hurt. The release notes data from AMR Research that shows GRC spending will reach $30 billion in this year, an increase of 8.5 percent over 2006. That's a bit misleading, as software in other high-growth categories, such as business intelligence, are often driven by compliance needs.

For more:
- see Oracle's release

The meaning of IBM's Cognos deal

Tue, 20 Nov 2007 06:59:59 -0500

What prompted IBM to pay about 5 times Cognos' annual revenue and nearly 40 times its most recent net earnings? Well, you can chalk some of it up to Sarbanes Oxley. IBM has been aggressively pursuing the compliance opportunity--along with Oracle and SAP--and seems to be close to achieving "leader" status in the Gartner Magic Quadrant for financial compliance software companies. Of course, Cognos was a leader in Business Intelligence. The challenge for IBM is to offer the software in an integrated way. One could argue that compliance is the conversion point for a lot of apps, content management, business intelligence, core GRC, and ERM. IBM is clearly on to something.

For more about the purchase:
- read this New York Times article

GRC survey reveals needs

Tue, 30 Oct 2007 07:59:59 -0400

Government, Risk and Compliance vendors have slowly been making headway in making their case to big companies. The Open Compliance and Ethics Group (OCEG) has released its 2007 Governance, Risk and Compliance Strategy Study and the results are interesting. Half of the survey respondents said they have had recent compliance failures that have "caused damage or loss." In many cases, this put managers in a reactive mode that led to short term change that could not be sustained. Sound familiar? Perhaps one benefit of GRC platform is that it allows for long-term changes. Most executives buy into the idea of GRC, but that doesn't mean it will get deployed. It may have to wait until the pain of the disparate as-we-go approach exceeds the cost of deployment.

For more:
- here's a summary from the OCEG

Related articles:
- It pays to think about compliance broadly
- GRC software seems to be rising

Oracle continues to add compliance features

Tue, 16 Oct 2007 06:59:59 -0400

Oracle is a great example of how big IT vendors have ridden the compliance wave. Clearly, Oracle along with IBM and others sense a certain demand out there, which frankly would be hard to miss. Oracle at least seems to be counting on most clients to opt for add-ons to existing products rather than deploying standalone GRC apps, which seem to be multiplying nevertheless. Oracle's latest GRC suite move: It has announced a deal to buy LogicalApps, which markets an Active Governance suite that enables prevention, monitoring and reporting of financial and operational risk, according to ITworld.com.

For more:
- here's the article

Related articles:
- IT Watch: Oracle continues to focus on compliance
- GRC software seems to be rising

Evolve as CIO

Tue, 16 Oct 2007 06:59:58 -0400

These days, C-level recruiters say chief information officers are taking on new responsibilities that require them to think like a business-type more so than a systems-type. To some degree this is being fueled by what's going on in the CFO's office. Carl Gilcrist, of Spencer Stuart, says that CIOs are increasingly taking over managing shared services within an organization, a role typically held by business-types. For financial-oriented apps, the logic goes that the CFO is burdened with Sarbanes-Oxley and other laws and doesn't have time. That makes some sense. But I would think that compliance has become a huge issue for many CIOs, as security and IT governance issues are huge these days. So I would think that broad-minded CIO might break out of the techno box a bit by becoming a compliance resource for the CFO. Being the GRC point man seems like a good spot to be. If you're up to it. Column