Sensing a market opportunity in the growing number of government regulations being imposed on large corporations, Oracle has delivered an amped-up product suite that integrates a new enterprise governance, risk and compliance (GRC) manager accompanied by an improved version of its Enterprise GRC Controls software.
With the new compliance suite release, Oracle is attempting to tightly integrate core business processes with several risk and compliance initiatives that customers might have in play -- including ones for Sarbanes-Oxley, IT risk and compliance, health and safety, and environmental issues -- and to do so from a single platform.
"We think this is going to remain a pretty hot market, with all the regulatory requirements for financial services organizations coming out of the Obama administration," said Chris Leone, Oracle's group vice president of applications development. "The idea of solutions that automate processes relating to managing risk are front and center for a lot of our users."
The new GRC suite, which works with Oracle's Fusion Middleware 11g and the Database 11g Release 2, represents the first time that Oracle has tried to cover such a broad range of risk and compliance issues, according to Leone. He believes the suite can compete against large competitors with horizontal product offerings as well as smaller rivals with a vertical focus.
"What we are trying to do for the first time is incorporate all the elements an organization needs to run an integrated, end-to-end set of processes inside the company," Leone said.
Some IT professionals said, however, that they don't see the immediate need for such a large suite and instead prefer to implement less ambitious solutions focused on just a couple of risk and compliance issues.
"This [release] looks like it wants to be the mother of all compliance suites, but it's really a bit much for what we would need," said Eugene Lee, an IT administrator with a large bank in Charlotte, N.C. "I already have enough management software for these types of initiatives. Our predilection is still toward solutions that have a more narrow focus."
But some analysts think there are enough corporate users with the need to consolidate their risk and compliance solutions on one platform for Oracle's new compliance suite to prove well timed.
A recent report released by Gartner Inc. stated that the enterprise GRC platform market generally "derives from the need for many entities to improve the oversight of corporate governance, including things like financial reporting compliance, enterprise risk management and related audits." Many organizations want to consolidate other GRC activities onto a common platform, according to the report..
Current economic conditions also may prove to be a positive factor for Oracle's suite.
"The financial climate has companies looking for ways to drive cost out of the compliance process but to do it without sacrificing the quality of internal controls and regulatory reporting processes," said Joe DeVita, Oracle GRC leader at consulting firm PricewaterhouseCoopers. "I think some of the capabilities in Oracle's GRC product can protect users' business processes by placing tighter controls on emerging risks."
Oracle said it has improved its fraud-detection capabilities, along with its support for ensuring business process integrity, through the upgrade of Enterprise GRC Controls, which provides continuous monitoring of automated controls in enterprise applications. The upgrade also includes new versions of Oracle's Enterprise Transaction Controls Governor, which introduces statistical logic to help uncover out-of-policy transactions, and its Application Access Controls Governor, which adds more sophisticated simulation capabilities.
Oracle said that Enterprise GRC Manager, in addition to providing a single system for managing various risk and compliance initiatives, includes integrated support for enterprise risk management, enabling users to do a better job of promoting risk awareness, conducting assessments and identifying effective controls for removing unnecessary business risks.