GRC this week is dominated by compliance and risk and moves in the compliance market, including the acquisition of e-Discovery vendor PSS by IBM. Oracle has also been busy looking at risk and data management, while Varonis offers Exchange audit and monitoring.

Oracle Looks at Risk and Systems Assessment

While most people are aware that there are risks surrounding IT and information management, it is hard to point a finger at one particular risk component and identify it as the primary problem..

Oracle (news, site) however, has produced some new research carried out for it by Vanson Bourne, which identifies the inability to access data, or even knowledge of where it resides, as one of the key compliance problems, coupled with integration of legacy systems with business processes.

The study, which looked at financial institutions in Europe -- probably a good place to start in that many of them are still reeling from the recent recession -- shows that almost a quarter of respondents lost money because of antiquated IT systems.

Entitled The European Confidence Report, it surveyed the views and opinions of 222 IT professionals and 228 financial services. Key findings include:

  • 37% had issues with IT systems that made the business unable to evaluate investment risk.
  • 38% of financial IT departments are asked for market risk information on a daily basis, yet only 17% believe the information is 100% accurate.
  • Four in five said that legacy systems are a barrier to system improvements.

Half of all respondents admitted to having to reach out to multiple sources to get the required data to achieve corporate compliance.

While the fact that legacy systems are causing problems is probably well documented, the number of sources needed to maintain compliance is surprising. The research is free and can be downloaded from the Oracle website.

CaoSys Adds to E-Business Suite GRC

Separate to that, but also from Oracle, is the release of CS*Impact from CaoSys this week that can assess and monitor the performance for Oracle’s E-Business Suite by improving visibility and understanding of the impact of change to key configurations and setups within their enterprise applications.

This is just the latest of CaoSys GRC releases for E-Business and can be fully embedded into Oracle to perform a detailed impact analysis across multiple instances of the applications.

As all businesses at some point install patches and upgrades and apply their own configuration changes, those using E-Business applications can use CS*Impact to assess the risks of not knowing the impact of a given change. Available to download, CaoSys says it will also be introducing a SaaS version soon.

IBM Buys E-Discovery Vendor PSS

IBM (news, site) has also been making moves in the compliance space this week, this time with the expansion of its information management portfolio with the acquisition of PSS Atlas, an e-Discovery vendor that provides software for document analysis, management and disposal.

How much IBM paid for PSS was not made public, but the acquisition adds an important piece to its GRC solutions, to which it only recently added Open Pages, a company that provides software for developing risk, compliance and internal audits strategies in the financial space.

Designed specifically for enterprise legal departments, PSS’s software gives enterprises an overview of their corporate information, automates governance of that information and ultimately sets out disposal schedules for information that is no longer needed.

Over the past number of months it has worked with IBM on legal compliance for Bank of America and once the deal is completed IBM says it intends to sell PSS software in conjunction with its Lifecycle Governance applications that will benefit considerably with the automated document disposal brought by PSS. Want to know more?

Varonis Offers Exchange Email Audit and Tracking

Another interesting pairing, this time for auditing unstructured information in email is the extension Varonis’ DatAdvantage software to Microsoft Exchange.

While recent research by AIM (news, site) has shown that in terms of records management, emails are still causing major headaches, Varonis’ DatAdvantage for Exchange tackles one of the key areas where email is being neglected, notably email governance.

It does this by applying Varonis’s Metadata Framework to public email folders alongside file services and SharePoint sites -- all through the DatAdvantge UI.


Given the spread of Exchange deployments globally and the growing evidence that email management is still being neglected across most enterprises, this is one to look out for.

GRC and the Public Sector

Finally, with all the personal information and data held by one federal organization or another, you might be wondering how well the public sector is living up to its GRC obligations.

Obviously AGA has been wondering that too because it has just published a research report that examines GRC in the public sector and why while GRC has become quite well-known in the commercial sector, it is less common in the public sector.

AGA’s research report examines the reasons for this disparity and concludes that although there are obstacles for agencies implementing GRC, these challenges can be overcome and it suggests various strategies to effect this change.

If you’re interested in this you can get a copy of the full report from the AGA website.