James wrote a useful post about CA compliance positioning. CA is an interesting case, they have had compliance challenges themselves, but as a business they really seem to be getting their house in order. I found this presentation via good old google this morning. (hope CA is okay with me linking to it) Check out slide 9, about the reduction in costs that they have achieved. At the event James attended CA obviously pushed its part of the continuous compliance story, but that is only part of the picture.
If you look to the presentation above, you’ll see that a core ERP platform and control tools are a key part of the story. In this case, SAP ERP, and Virsa. (now SAP GRC) Slide 19 gives a good view of how the CA and SAP compliance messages fit together.
I like it when software companies walk the talk. CA is one of them. So is SAP.
Coincidentally I had compliance for breakfast this morning too. I met up in in Heidelberg, with Jan Nordhagen. We had breakfast on a terrace in the early morning sunshine loooking out over the Neckar. (lousy job this)
Jan was the MD of Virsa in Europe, and now heads up the GRC sales efforts in Europe at SAP. Bright guy, really driven and has a passion for compliance. We talked about compliance, kids, mergers and why he should sponsor our charity bike ride. There is some real momentum behind the SAP compliance story here in Europe, it isn’t at all like Vinnie makes it out to be, vendors chasing the SOX gravy.
Compliance is less of a “new trendy thing” here in old europe, and opening a sales pitch with SOX is often the quickest way to the door. There is a strong belief in many customers here that compliance is just good business practice, and we are seeing great traction for the SAP compliance suite from companies that dont have anything to do with SOX, for instance in the public sector. We also see great interest from private companies. Companies are looking to reduce the cost of audit, but the main goal is to embed compliance in core business processes, and not to see compliance as a reporting after thought, or as an evil government burden. There is a real belief in many companies here that transparency and real time controls are just good business practice. Q2 for compliance was very strong here, despite a generally slow market. It wasn’t all about SOX….
There is also a lot of interest in the Risk and Governance bit of the GRC story. There is a lot of cool stuff in development at the moment on risk management, based partly on the risk desktop that we developed internally for the CFO and the CEO here at SAP. There is lots of great stuff going on in this space. If SOX was the spark that made SAP..
1) dust off stuff embedded in the depths of boring boring erp and actively tell people about it. (Like the Audit Information System for instance)
2) Acquire Virsa, and expand the solutions..
3) Build partnerships with auditors and SIs to drive down the cost of compliance.
Then maybe things arent so bad as Vinnie makes out.
Virsa surveyed 93 customers; and found that customers report significant reductions in compliance cost and labour.
Reduction time of spent on internal audit 35%
Reduction in internal external audit costs 28%
Reduction in time spent managing authorisation risk 44%
Recduction in costs for managing authorisation risk 36%
Reduction in audit report findings for security 41%
Reduction in time required to clean up audit findings 39%