A couple of weeks ago, I wrote about an article on GRC that appeared in a publication of the Institute of Internal Auditors (you can see my discussion here). I really liked the article, which used the definition of GRC developed by the Open Compliance and Ethics Group (BTW, I strongly recommend their site for information about GRC: http://www.oceg.org/).
However, my post attracted a host of comments – many of which are by people who believe GRC is all hype, used by consultants and software vendors as a way to sell their products.
Those of you who are interested in the topic of GRC, perhaps assessing whether there is value in GRC solutions for your organizations, might find the discussion useful – and I certainly welcome your joining in the debate.
I decided to summarize my own views yesterday, in this post.
My friend and colleague at OCEG (we are both OCEG Fellows) Michael Rasmussen followed up with his own blog post (see here).
What does this all mean for SAP customers? My advice:
- Understand the OCEG definition of GRC and the perspective it brings to looking at the business
- When you are discussing “GRC”, whether internally or with a vendor, insist on getting a definition. It’s impossible to have a rational discussion when you are using different languages
- Instead of thinking about a “GRC solution”, think about what you need for your organization: what are your business needs. GRC is too all-encompassing to have real meaning, except in the sense that it shines a light on the needs for harmony between the various components of GRC, and for the elimination of silos
- Understand how SAP has offerings that not only address many of the business needs individually, but are designed to work together – in harmony – and enable best-run GRC processes
You can see more in How does SAP enable world-class GRC processes?.