SAP Unifies Governance Risk And Compliance Suite - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Enterprise Architecture
News
3/24/2011
07:55 AM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

SAP Unifies Governance Risk And Compliance Suite

Single platform combines Access Control, Process Control, Risk Management and Global Trade Services. The payoff: faster, easier deployment and more comprehensive, automated GRC.

Governance, risk and compliance activities are perceived by many as a necessary evil, but if you have a consistent approach, good automation capabilities and a mature organization, GRC can evolve from a cost into a driver of improved performance.

That's the promise, says SAP, but the supporting technology has to help with the consistency and automation part. That's the idea behind version 10 of SAP BusinessObjects GRC software, a major platform release announced on Wednesday.

The new GRC release is touted as a consistent platform comprising four distinct products: Access Control, Risk Management, Process Control and Global Trade Services. SAP has been working for three years to get all of these modules onto the same code base and a parallel development path. The Risk Management and Process Control modules were the first to be unified in a 2009 release. But in version 10, all four products have a consistent look and feel and follow standard SAP development and deployment approaches.

Consistency and a common look and feel will deliver big gains in productivity from a management, training and usability perspective, SAP said. In terms of development and deployment, the entire suite is now a single install, but you can still purchase the modules individually. New modules are unlocked and exposed through as simple matter of licensing rather than separate installation. All modules share the same components, data model and access to SAP services. And as organizations identify risks and create and customize mitigating controls, they are immediately shared across all modules.

The biggest change with version 10 is in the Access Control module, a popular product that was previously written in Java. Now that Access Control is built on the standard NetWeaver stack, SAP developers can use familiar APAB (Advanced Business Application Programming) capabilities.

"In version 10 if you need to do an upgrade or patch on Access Control, you don't have to reinstall the application; it's a non-disruptive upgrade that can be handled in minutes rather than hours or days," said Jim Dunham, group vice president, GRC Solutions, SAP.

Upgrades to core compliance capabilities include new embedded business intelligence capabilities, better support for vertical industry and line-of-business content, an industry-standard "bow-tie" visualization capability for risks, and finer granularity for security controls.

The new embedded BI functionality includes practitioner and manager dashboards and reporting capabilities drawn from the recent SAP BusinessObjects 4.0 release. Coupled with the data-sharing capabilities of the new platform, the BI capabilities are said to include more powerful analytics. When identifying risks around a new-product introduction, for instance, users can model risks such as supplier problems, IT project delays and international licensing disputes as well as mitigation strategies to predict outcomes and make more risk-aware decisions.

"Sourcing, IT and trade-related problems can make or break a new-product introduction, and that's rich information that can now be analyzed from your compliance initiatives and your risk-management infrastructure," Dunham said.

A new Content Lifecycle Manager introduced in version 10 makes it said to make it easier to import new regulations and supporting industry and line-of-business content into the compliance environment. These efforts previously required work on the part of systems integrators, but the lifecycle manager imports and applies version controls to compliance content from SAP partners such as Deloitte, PricewaterhouseCoopers, Ernst & Young and others. When you move to a new release or an upgrade of SAP Business Suite, the Lifecycle Manager migrates all your mappings of risks, KPIs, controls, processes and values into the new system deployment.

To help business users see and understand risks, the SAP BusinessObjects GRC release includes a new Visual Bow Tie Builder. Commonly used in compliance circles, bow tie charts depict risk events as the center knot of the tie, risk drivers fanning out as the left side of the bow and risk impacts fanning out as the right side of the bow.

"There are other visual Bow Tie tools out there, but SAP is the first to put it into an enterprise platform, attach a central repository, pull in compliance content from partners and make it actionable, meaning we've tied the controls seen in the bowtie directly into the compliance system," Dunham said.

In another notable upgrade, the GRC version 10 supports finer granularity on security controls so managers have flexibility in granting compliant access to transactional capabilities. Whereas the previously release tended to turn access to, say, order-to-cash processes either on or off, the upgrade supports clauses on privileges whereby a clerk might be granted conditional authorization to execute certain aspects of a transaction.

This features comes in handy in close cycles, when companies sometimes chafe against overly restrictive controls that get in the way of timely consolidation.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
Get Your Enterprise Ready for 5G
Mary E. Shacklett, Mary E. Shacklett,  1/14/2020
Commentary
Modern App Dev: An Enterprise Guide
Cathleen Gagne, Managing Editor, InformationWeek,  1/5/2020
Slideshows
9 Ways to Improve IT and Operational Efficiencies in 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/2/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll