In 2008, SAP acquired Business Objects, where I was the VP of Internal Audit and also ran the risk management, SOX program, and license compliance. After working on the integration of the new BusinessObjects division into SAP for most of the year, I moved to a new role as an “evangelist” for GRC.
I had never heard of GRC and naturally wanted to understand what it was all about. After all, how can I be an evangelist for something I don’t understand!
Is GRC just a term for a collection of related software products (audit management, policy management, risk management, and compliance management)? Or is it a term used to describe how to run the business better?