It took SAP (news, site) nearly three years to update BusinessObjects 4.0, which it did earlier this month with the release of the business intelligence and enterprise information management solutions. This week, it continues the momentum with the release of its GRC software called GRC 10, which pulls together its previous GRC offerings into something that has the look and feel of a new platform.

While many vendors in the growing GRC space deal with issues around governance, risk and compliance as they exist at the moment, SAP says that with this it is looking to the future and has created a solution that is flexible enough to enable enterprises to deal with problems as they arise without any major disruptions.

GRC, BusinessObjects

It does this by providing a unified environment that works with other BusinessObjects solutions to provide management, monitoring and an analysis of risk and compliance, applying them to common and everyday business processes.

The impression of a new platform, rather than simple upgrades to existing features, is heightened by the common look and feel across all the applications, which include business intelligence reports as well as a dashboard and a graphical tool that helps define and display risks as they occur.

In fact, according to SAP’s Jim Dunham, group vice president of GRC solutions, there hasn’t been one area within its GRC portfolio that hasn't received considerable attention in this release.

Whenever a new risk or compliance issue hits the news, the question on the mind of every executive is, ‘Can this happen to us?’ and SAP BusinessObjects GRC solutions provide the most comprehensive platform for compliance and risk professionals to answer these types of tough questions,” he said.

It is also easier to use than before and enables users with limited GRC experience to identify potential risks rather than wait for those risks to become a reality and deal with them then.

GRC 10.0

The release gives enterprises policy management and audit capabilities, granular security and enterprise support for transporting and archiving data that may be required in the future. The fact that all these abilities lie in the same environment means that they overcome the difficulties associated with fragmented platforms including poor risk visibility or processes that are reactive or manual, as well as cutting the number of people that will actually have to work on GRC.

Consisting principally of SAP BusinessObjects Access Control, SAP BusinessObjects Risk Management and SAP BusinessObjects Process Control, they effectively share processes and data using a common interface that can be customized according to the enterprise and line-of-business.

By adding business intelligence to the GRC pot, v10.0 offers a number of new capabilities that have been difficult to provide to date. These include:

  • Real-time analysis of risk across all lines of corporate strategy
  • Monitoring of enterprise risk and compliance effectiveness for proactive rather than reactive responses
  • Enhanced ability to automate compliance and risk examination reduces the overall cost of implementing GRC programs through minimizing the risk management and monitoring activities
  • Easy-to-use “bow-tie” builder defines and configures risk and risk metrics through an interface that allows collaborative development of methodologies for managing risk
  • Risk tailoring for specific industries and enterprises

GRC Competition

There is a lot of competition in the GRC market at the moment, and, while there are numerous smaller vendors, it is companies such as Oracle, IBM and EMC that are SAP's competitors.

In the recent past, they have all bought into companies that they believe will give them a stronger foothold in a market that is estimated to be worth about US $900 million this year, but is expected to grow at a compound rate of up to 20% per year until at least 2015 as companies struggle to deal with more regulations.

However, this is a market that SAP has been playing for quite a long time and describes this release as the next step in its business analytics roadmap that combines analytics with business applications.

The implication is that there is more to come in this respect, and as the other companies wrestle with integrating their new acquisitions into their existing portfolio, it gives SAP, which has had GRC as one of its core elements, the opportunity through new releases to decide what the market is, and where it is going.