Enterprise software powerhouse SAP AG is teaming up with network giant Cisco Systems, Inc. to converge business and IT controls into a single, integrated platform for governance, risk, and compliance (GRC).
The new SAP Solutions for GRC 2.0 consists of a unified set of products and a shared foundation based on existing SAP applications as well as on those resulting from SAP's April acquisition of compliance software maker Virsa Systems Inc. The GRC framework -- which includes dozens of products that address initiatives from Sarbanes Oxley to regulatory requirements in health care and other vertical industries -- is designed to give large and medium-sized companies the transparency and visibility to meet quarterly regulatory obligations and work proactively to streamline compliance-oriented business processes, SAP executives said during a webcast to announce the initiative.
With a holistic view, SAP executives explained, companies can push compliance and governance to the next level, forgoing the inefficiencies associated with conducting separate initiatives around individual compliance efforts and instead embedding activities into their regular business processes. "This kind of solution is critical because of the looming issue of cost associated with point solutions for governance, compliance, and risk," said Amit Chatterjee, senior vice president of SAP's GRC business unit, formed in May, in an interview with Managing Automation. "But it also helps companies find smarter ways to run their businesses."
Learn more about the ins and outs of corporate governance by attending Managing Automation's three-part, on-demand webcast series.
SAP unveiled three new GRC applications, including a repository that functions as a central system of record for all corporate policies, board of director minutes, regulations, and other compliance-related materials and business processes. Cisco's role is to evolve its Service-Oriented Network Architecture (SONA) to support SAP GRC and to build tools to facilitate integration between the two environments.
By connecting the network infrastructure directly to the GRC foundation platform, companies can leverage the access and identity intelligence resident in Cisco's SONA offerings to more effectively automate business processes around compliance and governance and eliminate much of the manual labor associated with existing efforts, officials from both companies maintained.
Both companies said the partnership has been a work in progress over the last 18 months and was a direct result of their shared commitment to service-oriented architecture (SOA) technologies and increasing demand from their substantial base of common customers.
"With network applications running over IP, the network has visibility to all of this traffic and that makes it far more strategic to the business," explained Paul McNab, vice president of enterprise marketing for Cisco (San Jose, CA) during the webcast. "Our customers said, 'wouldn't it be a panacea to have the network, IT, and business perspectives join together.'" McNab added that now, "with network controls stored in the GRC repository, we can have business managers set the policies for network infrastructure and there's nothing more business-relevant than that."
In addition to the GRC Repository, SAP also unveiled SAP GRC Process Control, software for automating control monitoring for SAP and non-SAP applications. With Process Control, companies can automatically monitor businesses and IT infrastructure controls across multiple organizations, pinpoint control violations and prioritize corrective actions, and provide supporting evidence of compliance.
The third addition to the SAP GRC family is SAP GRC Risk Management, an application built and used internally by SAP to identify financial, legal, and operational risks and analyze business opportunities in light of those risks -- and to develop the appropriate responses. All three applications will be available in the November/December timeframe, SAP said.
As part of their collaboration, SAP and Cisco will make joint sales calls; both companies have also committed to evolving their respective GRC and SONA architectures to provide out-of-the-box integration capabilities.
"Customers won't have to think about putting SAP and Cisco together on this -- we'll do it for them," said Bill Ruh, Cisco's vice president of advanced services, who told
Managing Automation that the partnership enables both companies to more effectively address a $5 billion market opportunity.
Analysts said SAP's GRC strategy reflects a maturing of both the company and customers' compliance requirements, and will likely be effective in sowing the seeds for this emerging market.
"[SAP] recognizes that people are maturing from managing individual compliance programs into a much broader way of managing risk across the business," said John Hagerty, vice president at AMR Research (Boston). "SAP is saying you don't have to do all this on day one, but when you're ready to, [they're there] to help with it. SAP is typically more prescriptive in telling companies how to get something done, but in regards to this, they're more open to letting companies adopt the pieces when they're ready, and that's a different strategy for them."