I have been blogging for some time (here) about GRC - which CFO.com recently defined as an academic definition of the word 'mess'. GRC, which stands for Governance, Risk Management, and Compliance, is not about technology. It is not limited to the few products in the SAP set of 'GRC' products (SAP BusinessObjects Risk Management, Process Control, Access Control, Global Trade Services, and EH&S).
GRC is about how an organization optimizes performance to achieve strategies, considering and managing risks, and remaining in compliance. It encompasses a very broad set of business processes and enabling technology - with a core of strategy management, business intelligence, and performance management in addition to risk management and controls/security.
In my latest post, I identify just some of SAP's solutions for an organization's GRC processes.
What I particularly like about SAP's solutions for GRC are:
- They enable optimization of a customer's processes, with appropriate integration between related products - such as strategy, risk, and controls
- They are not limited in their use to SAP environments. They can be used in non-SAP or mixed environments. For example, we have customers that use SAP BusinessObjects Access Control to manage provisioning in a mixed SAP and Oracle ERP environment
- Solution management continues to look at how customers can use the various products together, and how the total cost of ownership can be reduced
- SAP's continued investment in the products has created significant improvement in the product's functionality in the 15 months I have worked with them
