Good to see James Governor posting on GRC. I’d suggest you read the whole post, but a little snip for you here.
One of the characteristics of SAP’s GRC strategy is that its taking a wide view of the problem. Sarbanes-Oxley is just one regulation of many that companies need to deal with.
James mentioned the Cisco deal, here is the press release.He also picks up on IBM and some of other players in this space, so we don’t have it all to ourselves. BTW. I’m impressed with the Approva blog. (tip Dennis) If you’d like some background on SAP’s GRC offerings click here. Or have a look at the Sapphire track.
Regular readers of this blog will be aware of my long suffering compliance PhD endeavours, but shock horror I recently submitted an article to an HR journal on the implications of GRC for HR – beyond SOX. Once it has been through editorial review I’ll link to it. I have said this a number of times but best paper I’ve read on compliance and technology remains S O’ Grady‘s Compliance Orientated Architecture. It is due for a revision given the changing vendor landscape, but the core remains pertinent today.
“Organizations should deploy a services-based architecture that can deliver compliance specific services as necessary, based on specific acts and regulations.”
This is a big market: AMR Research study pegs the value of the GRM/GRC marketplace at $30 billion by 2008. Read Gartner’s take here. One of the big growth sectors for GRC at the moment here in Europe is local government. They want to reduce fraud and significantly drive down the cost of audit. Other emerging drivers include REACH, a major environmental law impacting the chemical industry. Moving how companies react to laws and regulations from a project based panic reaction to a broader risk portfolio approach makes a whole lot of sense, and this is partly what GRC is all about.
In the meantime, I’ll point you to the latest episode of Starship Enterprisey Radio, where rather than the Geeks explaining techie stuff to the suit, we turned it around. Have a listen to Craig, the übergeek asking me to explain what GRC is all about. We plan to have some guests on the show to dig a little more deeply into this sort of thing.
Also at Sapphire in Atlanta I sat down and chatted with Denise Broady. She is responsible for the US GRC business and the Office of the CFO team. We recorded two podcasts, one on GRC and the other on the Office of the CFO. I’ve finally uploaded them to my odeo podcast feed, but you may have already heard them via Mark Crofton.
I’ll need to post later on the SOX revisions once I’ve studied them in a little more detail. I’m also speaking at GRC event in September, more details to follow once we get the agenda in order.