 | |||
|
|
||
| |||
| |||
| |||
| |
|
Home > Oracle News > Oracle takes on SAP with new GRC suite |
| |
|
|
|
|
| Oracle News: |
|
||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|
||||||||||||||||||||||||||||
The new GRC suite is based primarily on technology Oracle acquired when it purchased content management software provider Stellent Inc. late last year. Company officials said the release represents the first major Stellent update since the acquisition and the first time Stellent technology has been fully integrated to run on Oracle's Fusion Middleware platform. The suite is designed to help firms monitor, assess and report on enterprise risk and comply with complicated data-retention regulations such as The Sarbanes-Oxley Act. Oracle "desperately needed" to introduce a comprehensive GRC strategy and roadmap to respond to SAP, which has been marketing its GRC offering heavily since the Virsa acquisition, said Michael Rasmussen, a vice president and analyst with Cambridge, Mass.-based Forrester Research Inc. "They both have their [GRC-related] strengths and weaknesses," Rasmussen said. "There are things that SAP is better at, and with this announcement from Oracle, there are things that Oracle is better at."
GRC a 'hot' market The GRC market is currently on fire. Analysts say growing demand for the software is being driven by increased regulation and a desire to manage all kinds of risk holistically throughout organizations. A new report from Boston-based AMR Research Inc. finds that total GRC-related spending will hit $29.9 billion in 2007, up from about $27.3 billion in 2006. About $10 billion of that will be spent directly on GRC technology, with the rest going to GRC-related consultants and other resources, according to AMR. Oracle vs. SAP Oracle and SAP fill in each other's blanks when it comes to GRC, according to Rasmussen. The analyst said that Oracle is strong on GRC where SAP is weak, and vice versa. Rasmussen said Oracle now leads SAP in the areas of security and content management, whereas SAP is stronger in GRC when it comes to identifying and enforcing preventive and detective controls. Oracle's GRC strength comes mainly from Stellent, which as a company had a strong understanding that GRC is basically a content management issue, Rasmussen said. Stellent gave Oracle a strong set of core content-management and GRC applications and also provided Oracle the means to offer a more heterogeneous GRC offering than it had in the past. "Oracle's limited GRC strategy up until this announcement has been very focused internally on Oracle financial applications [and] Sarbanes-Oxley," Rasmussen said. "Now they've got a much broader appeal. You don't have to be an Oracle shop anymore [to take part in] their governance, risk and compliance strategy." The analyst said SAP's biggest GRC strengths come mainly from Virsa and focus on implementing and enforcing process and access controls. SAP has also "got a strong enterprise risk management dashboard for managing operation risk, but that's really aimed at SAP's core industries such as manufacturing and pharma," Rasmussen explained. "Oracle has a stronger focus in banking and financial services than SAP does." Features and functionality Oracle's new GRC suite includes GRC Manager, which monitors business process risk and control performance. Folia Grace, Oracle's vice president of applications, said the GRC Manager can identify places where controls are weak and recommend fixes. Grace said the suite's Application Access Controls component offers a library of segregation of duties controls as well as the ability to prevent and detect control violations. The suite's GRC Intelligence component -- which won't be available until later this year -- offers dashboards and reports designed to help companies manage and report on organizational performance. Grace said GRC Intelligence helps companies react to organization performance problems quickly and monitor compliance mandates. The Application Configuration Controls component of Oracle's GRC suite monitors more than 500 internal controls for the Oracle E-Business Suite, provides continuous monitoring for changes in configuration controls, and provides the ability to set up auditing parameters, according to Oracle. Do your GRC homework Most companies are just now beginning to put together comprehensive GRC strategies, according to Rasmussen. The analyst advises that companies come to a strong understanding of what exactly they're trying to accomplish with regard to GRC before doing business with one of the hundreds of GRC vendors out there. For example, companies need to decide what risk means to them and whether they're simply about combating threats or about using GRC to identify opportunities for greater efficiency as well. "It's your underlying philosophy of risk that is going to drive what your risk and compliance program looks like," Rasmussen said, "and if you let your vendors define your philosophy of risk, well then you're putting the cart before the horse." |
|
|
|||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
|
|
 |  |  | |  | |  | |  | |  | |  | |  | |  | |
|
|
About Us | Contact Us | For Advertisers | For Business Partners | Site Index | RSS |
|
|
||
|
|||||||
