SAP AG (NYSE:SAP) today announced the creation of a new business unit to empower customers with end-to-end solutions for governance, risk management and compliance (GRC), offering a holistic alternative to the fragmented GRC point solutions available in the market.
With the aim of helping companies make GRC an integral part of their business and IT strategies, the dedicated unit leverages SAP's deep expertise and existing software for wide-reaching compliance requirements such as the Sarbanes-Oxley Act (SOX) in the United States; applications such as SAP Global Trade Services to help companies across diverse industries manage international trade compliance challenges; and solutions for distinct industry demands including emissions standards in chemicals and utilities sectors, FDA requirements for pharmaceutical companies and Basel II for the banking sector.
Building on this rich portfolio of horizontal and industry-specific compliance software, the now completed acquisition of Virsa Systems, Inc. boosts SAP's leading position in the rapidly emerging GRC market. After nine months of planning its go-to-market strategy and product road map for a comprehensive GRC portfolio, SAP unveiled the Governance, Risk and Compliance Management business unit at SAPPHIRE '06, SAP's international customer conference.
SAP has long recognized the growing role of enterprise systems in assisting companies to meet the increasing challenges of corporate compliance and risk management. Customers are looking for powerful compliance solutions that work across heterogeneous IT environments to reduce risk and cost as well as provide improved business control. By embedding compliance into business processes, SAP is making compliance repeatable, sustainable and less costly for companies of all sizes in all industry segments.
"As spending accelerates in specific functional areas that are of critical interest to SAP's customers and prospects, the company will most likely fold in partner products to provide a broader application footprint," said John Hagerty, vice president and research fellow, AMR Research. "The Virsa acquisition enriches SAP's GRC position, but it is not the answer to all compliance concerns. It is, however, a solid foundation for future growth."
Emerging as a Leader in GRC
In today's highly regulated environment, companies are increasingly pressured by governance, risk and compliance concerns while at the same time needing to drive business performance, predictability and stakeholder confidence. The current approach to managing GRC is marked by two sets of problems: highly fragmented business processes and systems that compound the cost of managing risk and compliance; and little or no investment in identifying and mapping out a phased approach to comprehensive GRC management. Underlying these issues is the inherent risk in strategically coordinating and managing a wide range of IT infrastructure that directly supports the processes and systems in the GRC business environment.
Organizations are deprived of a powerful tool for controlling and addressing risk effectively, while at the same time they are shifting investments and resources to non-revenue generating activities.
"Enterprise risk management, beyond Sarbanes-Oxley, is being addressed at CA with the implementation of solutions from SAP, Virsa and CA," said Kevin Kern, chief information officer at CA. "We see clear business value in an enterprise-wide interlock between core business processes and managing GRC. Building confidence with the investment community and stakeholders is correlated to leveraging not only a detective but also a preventative control framework that increases predictability and visibility to our business. We applaud SAP in taking on this new challenge and we look forward to collaborating in this initiative."
The Benefits of a Holistic GRC Framework
Each organization must chart its own course to embrace a GRC framework, weighing critical business requirements with organizational GRC maturity and top-level commitment. Companies may choose to start by identifying one or two high-priority risk areas and initiate a business-specific or initiative-driven deployment of GRC applications. These early successes will help drive the value of a comprehensive GRC strategy and will provide a reusable and sustainable model for controlling and addressing future governance, risk and compliance areas.
"Companies will spend at least 27 billion dollars on addressing tactical compliance issues in 2006 alone, yet even with this investment they will remain vulnerable to risks and burdened with high costs," said Henning Kagermann, CEO of SAP AG. "SAP and its partners are stepping up to the challenge by helping companies take control of governance, risk and compliance issues and ultimately leveraging this capability as a competitive advantage. We will achieve this vision by delivering an integrated and heterogeneous GRC foundation for customers to adopt in a pragmatic approach, leveraging existing IT investments in SAP software and other technologies. We are energized by this opportunity and excited to make such a significant impact."
Specific benefits from a comprehensive GRC approach include:
- Increased shareholder value: Good governance - reflected in many intangibles, including brand, culture and reputation - can have favorable impact on share price premiums
- Optimized risk/return portfolios: Achieved with transparency and insight for selecting (and rejecting) projects based on risk impact and probability relative to potential return
- Reduced GRC costs: Significantly cuts down the resources required to control and address risk, ensure compliance and maintain effective governance
- Improved business performance and predictability: Delivers comprehensive visibility, a systematic process for anticipating and controlling risks and the tools to proactively determine proper actions and critical tasks
- Business sustainability: Delivered through software automation, analytics and alerts, visibility to risk interdependencies for improved control and repeatable, cost-effective GRC solutions
- Business agility: By empowering decision-makers to identify and assess alternative what-if and future scenarios, GRC leads to greater business agility and competitiveness
- Intelligent IT risk management: Delivered through an intelligent network infrastructure that can provide IT risk management information and controls at high speeds throughout the enterprise
"General Mills uses SAP as the global platform for integrated transaction processing and segregation of duties in ensuring SOX compliance in the area of information systems," said Michael Carr, director of Information Systems for General Mills. "Software and business processes that streamline and advance a company's risk management and compliance capabilities are critical aspects of corporate governance. SAP tools that deliver an integrated solution across the enterprise are an important and welcome new advance in this important area."
Virsa Acquisition Demonstrates SAP Commitment to Compliance Market
Key to early success of the GRC business unit is SAP's continued momentum and investment in helping customers solve critical compliance pain points and the acquisition of SAP partner Virsa Systems (see April 3, 2006 press release titled, "SAP Strengthens Leadership in Compliance Solutions with Acquisition of Virsa"). The acquisition, which was officially completed on May 12, 2006, reflects SAP's commitment and investment in the GRC category.
Virsa's nearly 250 employees are now part of the GRC business unit, providing talent, domain expertise, intellectual capital and experience to add immediate value for many SAP customers.