|
TELECOMS AND SOFTWARE NEWS
|
|
|
Risky business for SAP
Madan Sheina
Risky business for SAP
SAP underscored its commitment to the governance, risk and compliance (GRC) market at its recent GRC Insider event in Las Vegas, Nevada by unveiling new software designed to link supply-chain risk, trade compliance and execution across various industry sectors. SAP wants companies to embed risk into their daily business processes to help them proactively manage risk by operational exception management - what it calls “risk-adjusted strategy management”. There's nothing wrong with that vision of convergence. However, are companies ready to make the leap and, more importantly, can SAP turn what is still largely a slideware concept into a productised software platform?
SAP is serious about GRC, particularly risk management
Every gamble carries a risk. It was therefore appropriate that SAP chose the gambling capital of the world to highlight its risk-management software strategy. Risk management is now a dominant piece of the GRC strategy - traced back to the 2006 acquisition of Virsa and the subsequent formation of a dedicated SAP GRC business unit. SAP's GRC offering has been largely focused on the office of finance. SAP wants to change that. The latest addition to the suite, SAP BusinessObjects Global Trade Services (GTS), broadens the focus to supply-chain compliance and, importantly, risk. The latter is achieved by integration with the SAP BusinessObjects Risk Management platform and we believe it is likely to be the first of many other risk-focused integration projects that SAP has up its sleeve. SAP's strategy is to make companies embed risk into everything they do - from the definition of strategic goals in boardrooms down to the operational execution of those goals on the shop floor. Creating those upward and downward channels of communication and insight is one of the primary goals of performance management software, which is why SAP wants to position GRC more closely to its EPM suite - it has also integrated its SAP Business Strategy Management application with GRC. SAP's “risk-adjusted strategy management” vision points to convergence
SAP sees GRC and EPM as being highly complementary, arguing that every business strategy carries with it inherent risks associated with a company's inability to execute on it. It calls for key risk indicators to be peppered into strategic and operational processes to nip potential risks in the bud.These links have not been lost on many companies that are conscious of embedding controls and compliance within their financial consolidation, business planning, budgeting and forecasting processes. However, they're doing it through fragmented, inefficient and error-prone methods, typically using custom hand-coded systems, spreadsheets and manual processes. SAP wants to add more unity and rigour through a framework of software automation that not only encapsulates systems, control and process elements but also factors in the full myriad of risks - market, operations, regulatory, credit, etc - that a company faces. The goal is to enable a holistic and proactive “risk-adjusted” approach that allows companies to be alerted well ahead of time to all their potential risks so that they can take action.That points to a convergence of SAP's GRC and EPM platform down the line. Thus far, SAP has not yet mapped out a clear roadmap as to how it intends to move its GRC and EPM customers together. By its own admission, it is unlikely to have anything concrete to showcase in terms of an integrated product until at least the second half of 2010. GRC is too big a fish to fry in one pan for many companies today
Even though SAP is banging its GRC drum louder than ever, if anything to show it has an advantage over Oracle, market adoption is still in its infancy. Technically, SAP's unified 'holistic' vision for GRC will be difficult for companies to swallow in one big gulp. Many have yet to get their EPM or GRC strategies right, let alone be in a position to bring the two together. Until then, companies will continue to pursue a reactive, piecemeal approach to GRC, focusing on point business problems and areas of risk across their lines of business. However, successful GRC isn't just about putting the technology infrastructure in place. What's needed is best-practice implementation policies and methodology guidance. No-one has written the definitive GRC manual. Until someone does there is no 'proper' technological approach in terms of software. Hence companies should first start with their own business policies and practices to create a culture of GRC before attempting to solve the issue with technology.
About:
This article is an extract taken from Ovum's Straight Talk service. This daily email bulletin provides our expert's views and opinions on important news and events in global IT and telecoms. If you have a comment or question regarding this article then please submit your details here:
If you would like to find out more about Straight Talk please contact StraightTalk@ovum.com
If you would like to find out more about Ovum services then please click
here for details
|
|
|
|
|
|
|
|
Search
|
|
|
|
|
Contact Us
|
|
|
Expertise
|
|
|
|
|
