SAP said it will be adding three new products to its robust GRC offering, a portfolio that already comprises dozens of products spanning numerous GRC requirements for multiple industries. SAP is delivering a unified foundation that allows for a comprehensive GRC solution, which provides proactive transparency across the entire enterprise. SAP also announced a strategic relationship in North America with Cisco Systems, Inc. to enhance the effectiveness of SAP(R) solutions for GRC by taking advantage of the Cisco Service-Oriented Network Architecture (SONA) within the IT network infrastructure.
SAP solutions for GRC deliver integrated applications that manage business process and IT infrastructure risks as well as operational and corporate-level risk across the entire enterprise. SAP announced today it will enhance this market-leading portfolio with the launch of three new applications – SAP GRC Repository, SAP GRC Process Control and SAP GRC Risk Management. The portfolio of proven applications addresses the specific GRC requirements of public sector organizations and companies across diverse industries, including, chemicals, financial services, oil and gas, pharmaceuticals and utilities.
“IDC believes that effective governance, risk and compliance management requires an ecosystem of solutions that form a platform that can be leveraged across multiple initiatives,” said Kathleen Wilhide, research director for Compliance and Business Performance Management (BPM) Solutions research, IDC. “By combining legacy solutions with the product portfolio of SAP’s recent acquisition of Virsa, SAP offers the opportunity for organizations to integrate flexible governance, risk and compliance capabilities and implement processes that support continuous governance and enhanced performance.”
Building on its existing GRC offerings, SAP today announced three new service-oriented architecture (SOA)-based applications designed to create a governance, risk and compliance foundation for all types of companies. SAP solutions for GRC will work together to serve as the building block for an end-to-end compliance solution. Built on top of this foundation will be enterprise services that meet the rigorous requirements of numerous industry-specific GRC mandates. SAP will drive continuous innovation on top of each of the three new GRC applications.
- SAP GRC Repository will document and maintain GRC information in a single central system of record, including corporate policies, board of director minutes, regulations, compliance and control frameworks as well as key business processes. SAP GRC Repository will also store and link risk and control libraries to multiple control frameworks and to international regulations. This centralization of key GRC information simplifies risk management, promotes business transparency and cuts the costs associated with GRC initiatives.
- SAP GRC Process Control will offer a risk-based approach that aligns key controls to business risks in order to promote desired employee behavior and optimize business processes. The process control application will automatically aggregate business process risks for the entire enterprise, provide supporting evidence of compliance, pinpoint control violations to prioritize corrective action and prevent material weaknesses from developing and persisting. The software will integrate automated control monitoring for SAP and non-SAP applications.
- SAP GRC Risk Management will help customers to implement collaborative risk management processes that provide a thorough analysis of key business risks at multiple levels of the enterprise, across organizational entities, business processes and IT infrastructure. SAP has designed intuitive and collaborative processes to guide professional risk managers and business owners in identifying financial, legal and operational risks, analyzing business opportunities in light of these risks, and developing appropriate responses.
General availability for SAP GRC Repository and SAP GRC Process Control will be November 30, 2006. SAP GRC Risk Management will ship in December 2006. All three products will be sold individually.
“Cephalon recognized the efficiency and value of process control tools early on and we successfully implemented an early version of SAP GRC Process Control,” said Bryan Reasons, vice president, Risk Management, Cephalon, Inc. “With the full release of SAP GRC Process Control, we expect to gain a cost-effective balance of continuous monitoring and automated manual controls. This is particularly important in achieving our financial and regulatory compliance objectives.”
The new applications build on SAP’s deep expertise and existing solutions for wide-reaching compliance requirements for different vertical industries while grouping all governance, risk and compliance solutions under an integrated GRC framework. SAP is the only enterprise software vendor to deliver GRC solutions that range from anti-terrorism, to anti-money laundering, to Basel II, to Solvency II, to data privacy, Sarbanes-Oxley compliance and beyond.
SAP’s approach to GRC enables companies and governments to establish an integrated framework of centrally managed GRC processes and information, thus enhancing their ability to identify and collaboratively analyze risks identified at multiple levels and regional locations of their organizations.
“As a U.S.-based company, Xerox was looking for an efficient solution to sustain control compliance across the Xerox Europe SAP landscapes in accordance with Sarbanes-Oxley legislation,” said Ben Christensen, service delivery manager, Xerox Europe. “These controls span users, roles and processes that all require access and authorization evaluation, testing, and remediation. We opted for three SAP solutions for GRC – Virsa Compliance Calibrator, Access Enforcer and Firefighter – to achieve real-time compliance using preventative, detective and mitigating controls. As a result, we have control of segregation-of-duties (SoD) issues and a robust system to identify control gaps and remediate risks.”
SAP solutions for GRC are designed to automatically monitor business process and IT controls to manage entity-level and IT risks at all levels of the organization. This integrated approach provides “CXOs” – C-level executives across various roles, from CEOs, CIOs and CFOs to chief compliance and chief risk officers – with an actionable dashboard that presents a complete and accurate risk profile of the organization and also detects high risk events and prioritizes risk responses and corrective or preventive action.
“Today’s CXOs need to boost business transparency and predictability in order to protect brand reputation and ultimately to increase stakeholder value,” said Doug Merritt, executive vice president and general manager, Suite Optimization, SAP. “To best support strategic objectives, they need software solutions that enable full transparency into business performance, foster predictable business results and ensure business process sustainability. SAP’s integrated portfolio solves the challenges of fragmentation across management organizations, IT systems and operating regions. With SAP’s comprehensive solutions to identify and respond to risks, implement proper governance and help ensure compliance, C-level executives can better focus resources to accelerate innovation and growth with confidence.”
On May 12, 2006, SAP completed the acquisition of Virsa Systems and incorporated its existing rich portfolio of horizontal and industry-specific compliance software under a newly formed GRC business unit. Currently more than 1,000 companies worldwide use SAP solutions for GRC. With the aim of helping companies make GRC an integral part of their business and IT strategies, the dedicated unit leverages SAP’s deep expertise and existing software for wide-reaching compliance requirements such as the Sarbanes-Oxley Act in the United States; applications such as SAP(R) Global Trade Services to help companies across diverse industries manage international trade compliance challenges; and solutions for distinct industry demands including emissions standards in chemicals and utilities sectors, FDA requirements for pharmaceutical companies and Basel II for the banking sector.