News Stay informed about the latest enterprise technology news and product updates.

Oracle takes on SAP with new GRC suite

Oracle's new GRC suite should help the database and business apps giant level the playing field with SAP, according to one expert.

Oracle today released a new governance, risk and compliance (GRC) software suite that should help the company "catch up" to rival SAP AG, which got off to a significant head start in the growing GRC market after acquiring Virsa Systems Inc. last May, according to one IT industry expert.

The new GRC suite is based primarily on technology "They both have their [GRC-related] strengths and weaknesses," Rasmussen said. "There are things that SAP is better at, and with this announcement from Oracle, there are things that Oracle is better at."

More on GRC:

LogicalApps buys GRC product line from Applimation

GRC a 'hot' market

The GRC market is currently on fire. Analysts say growing demand for the software is being driven by increased regulation and a desire to manage all kinds of risk holistically throughout organizations.

A new report from Boston-based AMR Research Inc. finds that total GRC-related spending will hit $29.9 billion in 2007, up from about $27.3 billion in 2006. About $10 billion of that will be spent directly on GRC technology, with the rest going to GRC-related consultants and other resources, according to AMR.

Oracle vs. SAP

The analyst said SAP's biggest GRC strengths come mainly from Virsa and focus on implementing and enforcing process and access controls.

SAP has also "got a strong enterprise risk management dashboard for managing operation risk, but that's really aimed at SAP's core industries such as manufacturing and pharma," Rasmussen explained. "Oracle has a stronger focus in banking and financial services than SAP does."

Features and functionality

Oracle's new GRC suite includes GRC Manager, which monitors business process risk and control performance. Folia Grace, Oracle's vice president of applications, said the GRC Manager can identify places where controls are weak and recommend fixes.

Grace said the suite's Application Access Controls component offers a library of segregation of duties controls as well as the ability to prevent and detect control violations.

The suite's GRC Intelligence component -- which won't be available until later this year -- offers dashboards and reports designed to help companies manage and report on organizational performance. Grace said GRC Intelligence helps companies react to organization performance problems quickly and monitor compliance mandates.

The Application Configuration Controls component of Oracle's GRC suite monitors more than 500 internal controls for the Oracle E-Business Suite, provides continuous monitoring for changes in configuration controls, and provides the ability to set up auditing parameters, according to Oracle.

Do your GRC homework

Most companies are just now beginning to put together comprehensive GRC strategies, according to Rasmussen.

The analyst advises that companies come to a strong understanding of what exactly they're trying to accomplish with regard to GRC before doing business with

Dig Deeper on Oracle vs. SAP

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.