Oracle

The state for GRC 2.0

Jim Kim — Thu, 10 Jul 2008 14:44:00 -0400

What to make of the governance, risk and compliance software market? Well, it has attracted a host of big players, notably SAP and Oracle, as well as a host of increasingly well-known smaller companies. And most companies at least have an understanding of what GRC is all about. But the functionality needs to evolve. OpRisk & Compliance notes: "If the first generation (GRC 1.0) was heavily oriented toward compliance, then certainly one strategic imperative is that the next-generation GRC 2.0 solutions place increased emphasis on value (which, in essence, means there must be a more business-oriented focus on proactive risk identification, assessment and mitigation)." Many have noted that compliance-oriented software is only as good as the strategic benefits it yields. That seems to be the focus of GRC 2.0. We're still chasing the "holistic" and truly "integrated" solution. But we are seeing a lot 2.0-like products coming out. More soon.

For more:
- here's the OpRisk & Compliance article

Primer: GRC software market

Tue, 13 May 2008 06:59:59 -0400

AMR Research projects spending on government, risk and compliance applications and services will top $32.1 billion in 2008, up 7.4 percent from 2007. In 2009, growth is projected at 7 percent. In a really tough IT spending environment, these are pretty good numbers. This will be a front-burner issue for a lot of folks, so it never hurts to recap what the niche is all about. These software packages started out as Sarbanes-Oxley compliance applications. Financial controls are still key, but the feature set has expanded, notes Financial Week. The list includes "legal (email retention, data privacy), environmental (greenhouse gas inventories), financial (capital adequacy), and technology (IT governance)." Increasingly, the big boys--SAP and Oracle--are moving in with encompassing applications.

For more:
- here's the Financial Week primer

GRC initiatives gaining, compliance still a must-do

Tue, 01 Apr 2008 07:59:59 -0400

We've discussed the idea that compliance initiatives can yield strategic benefits, if done right. A new survey from AMR Research seems to suggest that more companies are getting on board with this idea. Companies will spend more than $32 billion on governance, risk management and compliance (GRC) in 2008. That's an increase of 7.4 percent over 2007. Meanwhile, spending on Sarbanes-Oxley compliance is expected to grow only 2 percent to $6.2 billion. What to make of this? The fact is, that a lot of GRC investment relates to Sarbox compliance. Rather than a Sarbox-specific project, why not include the project as part of larger, more strategic, deployment? Risk-management, intimately related to Sarbox, is seen as a big driver behind the trend.

For more:
- here's the release

Related Articles:
CFOs face complex GRC software decisions. Article
Will the economy zap compliance issues? Article
GRC software seems to be rising. Article
Oracle aims for GRC eco-system. Article

Compliance features still migrating into big apps

Tue, 18 Mar 2008 07:59:59 -0400

There are a whole lot of vendors out there hawking compliance-related products. The GRC market seems to be faring decently, even at a time when the technology spend at many companies is coming under pressure. The big vendors may see an expanded opportunity for their built-in compliance features. We've noted that Oracle, IBM and SAP have been expanding their suites to include more compliance features. Now comes Microsoft. It is rolling out a host of upgraded midmarket products. The new release of Dynamics AX, an enterprise resource planning program known as AX 5.0, now includes a compliance center, where people can access Sarbanes-Oxley data.

For more:
- here's a ChannelWeb article

CFOs face complex GRC software decisions

Tue, 26 Feb 2008 06:59:59 -0500

Most people assume that so-called GRC software--governance, risk and compliance--will continue to gather steam, as big boys like Oracle and SAP continue their marketing. It makes sense to automate compliance and risk issues, but the reality of this nascent field is that there really isn't a single point solution. Sure the big guys offer lots of functionality, but you have to weigh that against your budget and specific needs. There are plenty of small vendors out there leaving their marks. Movaris, for example, recently was bought by Trintech, which will round out its service offering for CFOs. John Hagerty of AMR makes the point that most GRC solutions are bought and implemented within silos. While all companies want to offer a complete set of services, the reality is that most companies will have to mix and match to get their optimal solution.

For more:
- here's a note from Hagerty

Time to think about identity management

Tue, 26 Feb 2008 06:59:58 -0500

A lot of companies get by with ad hoc procedures for determining who has access to what on the network. It's definitely a compliance issue that has drawn the attention of vendors. A lot of vendors are investing in identity management solutions, a market that Forrester Research thinks will grow to $12.3 billion by 2014. Oracle just announced an upgraded versions of its identity management software. At some point, you'll have to figure out how this fits in your IT plans. Article

Time to again think about BI software?

Tue, 08 Jan 2008 06:59:58 -0500

Someone in your organization has likely raised the idea of deploying business intelligence software. Many of you passed. But is it time to revisit the issue? Many assumed that the industry was generating big momentum, as more financial executives opted to deploy software from the likes of Cognos (now owned by IBM), Hyperion (now owned by Oracle) and the many smaller players. As data continues to multiply, the business case for doing more with it from a compliance/strategic perspective may be more compelling. Article

What's up in identity management?

Tue, 11 Dec 2007 06:59:59 -0500

There was a time not too long ago when the industry seemed to feel that identity management was central to a compliance strategy. You needed a way to protect your financial and corporate data, and that included setting up a system to manage access to that data and monitor the use of that data. CNET reminds us that as of late, as the big boys moved to beef up their offerings. Oracle bought Oblix and Thor. Sun Microsystems bought Waveset Technologies. Now the likes of BMC, Hewlett-Packard, IBM, Microsoft, Oracle and Sun offer identity management suites. But there is still a lot of entrepreneurial activity in the industry, and starts up abound once again. All this may point to another wave of consolidation.

For more:
- here's the CNET article

Related articles:
- IT Watch: Oracle continues to focus on compliance
- Time to consider 'compliant provisioning'
- Oracle continues to add compliance

Read more on: Oracle l IBM

Oracle aims for GRC eco-system

Tue, 20 Nov 2007 06:59:59 -0500

The big boys--Oracle, IBM and SAP--are certainly aware of the demand for compliance-driven software solutions. The solutions span the entire business market, and Oracle's idea is to make this "eco-system" a little more accessible via its partner platform. The goal of the Oracle Enterprise Security and GRC Initiative is to make getting partner services out in front of customers a bit easier. So for Oracle-based service providers, the program can't hurt. The release notes data from AMR Research that shows GRC spending will reach $30 billion in this year, an increase of 8.5 percent over 2006. That's a bit misleading, as software in other high-growth categories, such as business intelligence, are often driven by compliance needs.

For more:
- see Oracle's release

Has your company achieved "rebalancing"?

Tue, 13 Nov 2007 06:59:59 -0500

In the third year of Sarbanes Oxley compliance, some internal audit staffs have successfully "rebalanced," according to a Protiviti poll. That basically means that they are resuming more traditional duties as well as Sarbox duties. The idea is that Sarbox compliance was so traumatic that for three years, internal auditors have devoted less time to other areas. This makes sense. A lot of internal audit teams have figured it all out, so to speak. So they can start thinking about IT security, capital issues and other compliance initiatives. It has to be said, however, that at many places, this "rebalancing" has been achieved with more employees and enhanced resources. I don't think anyone will argue that the process cannot be further refined.

For more:
- here's the survey results

Related articles:
- Audit committees evolve, more focus on IT
- IT Watch: Oracle continues to focus on compliance