Oracle today released a new governance, risk and compliance (GRC) software suite that should help the company "catch up" to Oracle acquired when it purchased content management software provider Stellent Inc. late last year. Company officials said the release represents the first major Stellent update since the acquisition and the first time Stellent technology has been fully integrated to run on Oracle's Fusion Middleware platform. The suite is designed to help firms monitor, assess and report on enterprise risk and comply with complicated data-retention regulations such as The Sarbanes-Oxley Act.
Oracle "desperately needed" to introduce a comprehensive GRC strategy and roadmap to respond to SAP, which has been marketing its GRC offering heavily since the Virsa acquisition, said Michael Rasmussen, a vice president and analyst with Cambridge, Mass.-based Forrester Research Inc.
"They both have their [GRC-related] strengths and weaknesses," Rasmussen said. "There are things that SAP is better at, and with this announcement from Oracle, there are things that Oracle is better at."
GRC a 'hot' market
The GRC market is currently on fire. Analysts say growing demand for the software is being driven by increased regulation and a desire to manage all kinds of risk holistically throughout organizations.
A new report from Boston-based AMR Research Inc. finds that total GRC-related spending will hit $29.9 billion in 2007, up from about $27.3 billion in 2006. About $10 billion of that will be spent directly on GRC technology, with the rest going to GRC-related consultants and other resources, according to AMR.
Oracle vs. SAP
SAP has also "got a strong enterprise risk management dashboard for managing operation risk, but that's really aimed at SAP's core industries such as manufacturing and pharma," Rasmussen explained. "Oracle has a stronger focus in banking and financial services than SAP does."
Oracle's new GRC suite includes GRC Manager, which monitors business process risk and control performance. Folia Grace, Oracle's vice president of applications, said the GRC Manager can identify places where controls are weak and recommend fixes.
The suite's GRC Intelligence component -- which won't be available until later this year -- offers dashboards and reports designed to help companies manage and report on organizational performance. Grace said GRC Intelligence helps companies react to organization performance problems quickly and monitor compliance mandates.
The Application Configuration Controls component of Oracle's GRC suite monitors more than 500 internal controls for the Oracle E-Business Suite, provides continuous monitoring for changes in configuration controls, and provides the ability to set up auditing parameters, according to Oracle.