Trend Talk by Leo Castro and Todd Swenson
Changing the Governance, Risk and Compliance Game
Today’s tough governance, risk and compliance (GRC) landscape demands a more holistic, unified approach.
You don’t have to look very far to find intriguing connections between technology trends and national headlines. But in the case of governance, risk and compliance (GRC), those connections have grown particularly stark and compelling over the past couple of years. We’re all painfully familiar with the impact and aftermath of the credit meltdown of 2007—and the subsequent chain reaction that led to the global economic crisis. In the aftermath of that crisis, political and business leaders have argued, placed blame and—above all—searched for ways to reverse the damage and prevent another similar collapse. Through all this frenzied discussion about business ethics, the proper role of government and the use of regulations to mitigate risk, GRC has emerged as a major topic. As businesses and governments analyze “what went wrong,” they are fundamentally rethinking their approaches to oversight, risk management and compliance.
Moving Beyond a Fragmented, Ad-Hoc Approach to GRC
To a large extent, these efforts to reinvent GRC involve abandoning the fragmented, patchwork approach many enterprises have relied on in the past in favor of a more comprehensive, holistic and unified strategy. Isolated, one-off GRC processes may stave off regulatory fines and resolve short-term issues in specific areas, but they also increase complexity, duplicate effort, reduce transparency and generally create much bigger problems over the long term. Without a carefully conceived enterprise-wide GRC strategy—and a unified technology infrastructure capable of supporting it—it becomes difficult (or even impossible) to deal with the stricter, more demanding GRC requirements and regulations that are developing in the wake of the recent economic crisis.
Choosing the Best Path
So given all this unavoidable pressure, what’s the best, most logical path for moving toward a more consistent, effective approach to GRC that’s capable of meeting the demands of this new regulatory environment? The first obvious (and difficult) step involves viewing GRC as a holistic, enterprise-wide exercise, rather than a patchwork of individual activities and technologies. This generally starts with a detailed analysis to determine whether you have all the key business processes in place that will allow you to avoid unnecessary risks, contain costs and take advantage of new business opportunities. After you answer these difficult questions and put the right business processes in place, it’s equally important to create a technology framework that can provide a true enterprise-wide view of all your GRC activities—and help you automate, manage and align those activities across all your different systems and applications. Creating this single “GRC system of record” is really the only reliable, cost-effective way to combat complexity, avoid duplicate effort and collect the meaningful feedback you need to prove compliance, fight inefficiency and fraud, and continually improve your business.
Novell and SAP: Leading the Way Toward Holistic GRC
For many organizations, implementing this kind of holistic, enterprise-wide GRC solution may seem like an overwhelming or even unattainable prospect. But as the business case for better GRC solutions becomes more compelling, technology vendors are coming forward with practical, effective new GRC solutions.
For example, in October SAP and Novell announced an important expansion of their existing global partnership that focuses exclusively on supporting and enabling integrated, enterprise-level GRC solutions. This agreement works to create deeper, tighter integration between SAP BusinessObjects GRC solutions and the Novell Compliance Management Platform, and it has already produced a new Novell Compliance Management Platform extension for SAP environments.
Subscribe to Connection Magazine
What does this new collaboration mean for businesses looking for unified, enterprise-level GRC solutions? SAP BusinessObjects already provides impressive GRC coverage for SAP applications, including comprehensive risk management, access control, process controls and more. The Novell Compliance Management Platform essentially extends these advanced GRC capabilities and adds essential IT controls. Working together, they turn SAP into the central hub of a comprehensive, enterprise-wide provisioning, access, and security information and event management solution that encompasses your whole IT environment. (See Figure 1.) As a result, your business policies and processes always translate into automated IT practices across all your IT systems. In other words, combining SAP BusinessObjects GRC solutions with the Novell Compliance Management Platform finally bridges that all-important gap between business processes and enterprise-wide IT security and controls.
If you already use SAP BusinessObjects to manage governance, risk and compliance within an SAP environment, this groundbreaking agreement provides a practical, easy and affordable path for turning existing SAP capabilities into a comprehensive GRC solution for your whole enterprise. If not, you may want to weigh the advantages a cohesive, unified, enterprise-wide SAP and Novell GRC solution could offer your enterprise.
New Challenges, Expanding Opportunities
The pressure to move beyond basic compliance and toward holistic, enterprise-wide GRC may be the result of a serious and rather painful economic and regulatory crisis. But this particular cloud has a larger-than-normal silver lining. Breaking down ad-hoc security and compliance silos in favor of a unified framework for centrally managing compliance, identities, applications and security will certainly improve your overall compliance and security posture. It will also lower your overall GRC costs, make your enterprise more agile and efficient and enable you to manage risks and take advantage of new business opportunities more quickly.