“Standing on the shoulders of giants…” Frequently, that is exactly how I feel about where I find myself, working on the topic of governance risk, and compliance (GRC) within SAP. I haven’t always had this feeling. I have, in the past, felt that the behemoth of SAP was a giant standing on MY shoulders, crushing the life out of my passion …… but I was totally and utterly wrong and I am very happy to be able to admit that.
In my last blog, I expressed my concern about the term ‘GRC’ and how it’s often misinterpreted and misunderstood. I mentioned how I disagreed with the dilution of the topic through splitting it into many different pieces (IT GRC, EGRC, Financial GRC). And yet, for as long as I have been an SAP employee, SAP has stressed that GRC was about integration, was all encompassing, and our strategy was to continue to converge the topic. This was true not only in our messaging but also from the development side, a good example arriving in 2010 when we combined the capabilities to manage risks, controls, compliance, policies, access and more in one single platform, SAP GRC 10.0.
Now, in 2016, the SAP GRC portfolio contains 20+ products and we continue to ensure that even if the latest products are not on the same codebase, the integration options are perfectly possible and configurable. It’s vitally important that if we have granular risks in the world of health and safety, or sentiment analysis or global trade, these can ‘bubble up’ to an overall risk dashboard or to our enterprise controls reporting. Anything else would be contradictory to our understanding of the term. These things do not happen by themselves. Strategic acquisitions, developments, and partnerships are very well considered and evaluated against a simple premise —will they enhance our message? Will they empower our customers?
In practice, this means that our customers can enjoy the advanced solutions offered by our Solution Extension partners, Greenlight Technologies, and NextLabs. This means that they can benefit from specific enhancements to our suite offered by partners such as EY, PWC and Deloitte. Our partners not only build their own experience of our solutions but actively develop add-ons which strengthens the story and our customers’ opportunities.
Where Has SAP Taken GRC?
Going beyond the confines of the SAP GRC world, I am continually emboldened by SAP’s overall strategy.
- The acquisition of SAP BusinessObjects in 2008 enhanced our GRC suite through the embedding of world leading reporting and dashboarding into our products. Our customers could start to benefit from presenting granular GRC data as strategically important information for decision making.
- The development of SAP HANA was also immense for GRC. At a time when it is well understood that there is a ‘data explosion’, having the power of real-time, big data analytics using HANA means that we can build next generation GRC solutions to ensure that companies can stay aware, stay in control, stay empowered.
- The acquisition of KXEN brought with it new possibilities in the world of predictive technologies and immediately, one of the primary use cases for this was the integration with our fraud management and screening solution. At the IIA conference in 2013, internal auditors talked to us about the future that they could see where predictive tools would be important for their audits. It’s something which we haven’t yet seen in the field, but SAP GRC is ready, we can deliver this today.
- In the past couple of years, simplicity has become the hottest of topics. Having the power is one thing, but enabling end users to easily interact with the solutions, to easily consume the information is of equal or greater importance. Within SAP GRC, we again are benefiting from the developments around us. UI harmonization, Fiori interfaces, the embedding of Adobe Interactive Forms, mobility solutions, and more can take the complexity of GRC and hide it from end users. Simple, powerful, agile solutions.
Where Are We Now?
Now, in 2016, we see the flexibility of deployment options being of strategic importance to a lot of companies and once again, SAP GRC can benefit from the developments of others. SAP HANA Enterprise Cloud, SAP Hana Cloud Platform, SAP Partner Managed Cloud, SAP S/4HANA ….. SAP GRC is right there, offering the flexibility desired by our customers.
The Final Analysis
So, in summary, I feel privileged to work for a company with the resources and strength of conviction to try to push the boundaries of what was previously possible. Geniuses are at work across the whole company and we are lucky—so very lucky—that we, in the world of GRC, can stand on the shoulders of those giants to offer capabilities never before seen.
It’s only within a company of this size that these opportunities exist. But it is to the credit of the management and development organizations that these opportunities are frequently being grabbed with both hands. And for that, SAP, I salute you.