SAP has embedded business intelligence into its SAP process control and risk management software and more tightly
integrated those governance, risk and compliance (GRC) applications with each other and other enterprise applications.
The new releases will make it easier for customers to start making GRC an integrated part of day-to-day business operations, according to AMR's John Hagerty. Users can manage more business scenarios that incorporate risk identification and process monitoring in the context of their enterprise application backbone.
"More and more, I hear companies wanting to marry risk and performance as part of their management philosophy," Hagerty, vice president and research fellow at the Boston-based research firm, said in an email. "The latest release of risk management will enable that point of view."Xcelsius provides a visualization capability embedded within the SAP BusinessObjects Risk Management product (click to enlarge image)
Better integration will enable more transparency, efficiency and sustainability across business processes, according to Michael Rasmussen, president of Corporate Integrity LLC, a GRC strategy advisory firm based in Waterford, Wis.
"SAP has shown that it continues to deliver GRC as an integrated part of business processes and transactions instead of as a band-aided oversight/audit layer," Rasmussen said in an email.
Integration between the new applications allows customers to navigate seamlessly between risks and controls. For example, the software would help companies ensure that the right controls are in place to identify and resolve product quality issues before they become a public health risk. Customers see alerts related to the key risks they track, along with compliance activities related to those risks. They can then use data from the embedded business intelligence software to determine new risk mitigation plans, suggest new compliance activities, and implement new controls, according to Narina Sippy, vice president and general manager of SAP BusinessObjects GRC products.
In turn, with the new process control application, customers can enhance and extend the business rules that will allow them to continuously monitor business processes, Hagerty said. With the new risk management release, there is tighter integration with SAP's strategy management application, part of its corporate performance management suite.
"Companies very much are looking at lowering costs, increasing the effectiveness of compliance activities and understanding where to focus their efforts," Sippy said. "We can help companies to -- in a very visual way -- look at where they have a huge risk in business, as well as where to prioritize compliance initiatives."
Customers have been eagerly awaiting the new releases, dubbed SAP BusinessObjects Process Control 3.0 and SAP BusinessObjects Risk Management 3.0, Hagerty said. These are the second versions of the applications; the first iterations were less mature.
Customers on versions SAP Risk Management 2.0 and Process Control 2.5 can upgrade to these newest versions, SAP said. Both are available now. Pricing information wasn't available.
"[Embedding] business intelligence gives [SAP] a clear advantage," Rasmussen said. "In today's economy, business needs solutions that can link GRC to corporate performance and business intelligence."
That said, Hagerty would like to see SAP deliver more out-of-the-box risk and process content that will make it easier for customers to accelerate GRC deployments.
Sippy said SAP is working with partners on something along those lines. It's looking at key business processes in companies in the oil and gas, chemical and pharmaceutical industries and coming up with a set of key risk indicators, corresponding compliance activities and controls that companies can adopt out-of-the-box. SAP wants to provide them as free downloads to customers in these industries.
SAP's GRC applications lack strong enterprise content management and business process management capabilities at their core, Rasmussen said, though they have significant partners in this area.
"When GRC involves content management and business process modeling, which it often does, then SAP is not a strong contender," he said. "The fact is there is no one-stop shop for GRC. [But] SAP is delivering leadership in areas that other vendors are not touching on."
Overall, enterprise risk management systems remain a relatively new area for many customers, Hagerty said. Companies have managed risks for years, but they've done so in a disconnected mode, with spreadsheets and documents.
"There's a long way to go before companies bake risk management into day-to-day operations and decisions," he said.