 |
||||||
| Friday, November 20, 2009 |
Contact Us
|
 RSS
|
|||||
|
|
| |
|||
|
||||||
|
||||||
|
|
ANALYSIS
March 2, 2009
Sagging Index no longer reflects what’s going on in the market, some say, Replacements? Google it, to start.
March 2, 2009
Downward price spiral will actually boost the cost of capital for most companies. CFOS, take note.
March 2, 2009
The latest bailout at AIG could be a preview of how the president will deal with Wall Street.
March 2, 2009
No corporate defaults. Big debt offerings. Percolating CP issuance. Things may be looking up in the capital markets.
|
|
|
|
April 28, 2008 12:01 AM ET
As finance executives have painfully discovered, risk comes in many forms. Indeed, the inability to accurately access enterprise risk is at the heart of the credit woes currently bedeviling many corporations. Coming to grips with enterprise risk is no small feat, though. For assistance, some are turning to a new breed of applications known as governance, risk and compliance software (a list of some leading GRC vendors appears at the end of this story). Typically, GRC applications are geared for specific purposes, such as contract management or policy enforcement. The programs first cropped up after the passage of Sarbanes-Oxley, when finance managers were looking for ways to cope with the oral surgery otherwise known as Section 404 internal controls testing. Financial controls software still dominates the sector, but offerings have expanded to cover a host of mandates, including legal (e-mail retention, data privacy), environmental (greenhouse gas inventories), financial (capital adequacy), and technology (IT governance). Hence the puffed-up GRC label. The good news is that the latest programs are big improvements on earlier versions, particularly when it comes to ease of use. What's more, top vendors such as OpenPages, SAP, Oracle, Axentis and BWise have rolled out true GRC platforms that can host a number of targeted applications. Companies can run a variety of GRC programs on such platforms, and purchase additional modules as new requirements come up. Business users have taken note of the advances in the software. AMR Research projects spending on GRC applications and services will top $32.1 billion in 2008, up 7.4% from 2007. And AMR analyst John Hagerty expects GRC to grow by another 7% in 2009. Michael Rasmussen, president of Corporate Integrity, a market research and advisory firm, puts the GRC market as high as $50 billion—about $40 billion in professional services and consulting and $10 billion in software. And he sees the chaos in the financial markets leading to tougher regulations for scores of industries, which, in turn, could push GRC sales up 35% over the next two years. The programs aren't cheap: AMR estimates the average business spends $2.4 million annually on the applications. Still, the latest iterations of GRC software are a step up from the traditional rearview mirror assessments conducted by many risk managers. “Companies are saying, maybe we ought to have a more structured process to consider risk proactively instead of reactively,” said Tom Connors, a partner in the assurance and enterprise risk service practice at Deloitte. The experience of Unum Group, an insurance company with $10.5 billion in revenue, is typical of how many companies have come to GRC software. The company first started using an application for Sarbanes-Oxley compliance. “Year one of SOX was a project,” recalled Danny Waxenberg, Unum's assistant vice president for internal controls. At the time, the company was handling its Sox compliance manually, coordinating the approval of Word and Excel documents with 400 employees in the U.S and U.K. “We had to get out of that mode and get a more sustainable compliance program,” he said. The company implemented the Oracle Governance, Risk and Compliance Manager in 2005 to automate its accounting process and swiftly identify gaps in the process. “I think we significantly saved on costs in the first couple years, and each year we get a little better at it,” Mr. Waxenberg said. The real benefit, though, is that the software makes it easier to cope with new mandates, such as changes to accounting regulations. What's more, deploying GRC programs or platforms in different departments tends to get non-finance staffers thinking about risk management. That's important, given the compliance dangers that lurk in, say, the technology department. “What we're seeing in 2008 is that the CIOs have their own sets of concerns around IT risk, and that's a big area,” Mr. Hagerty said. Security lapses—such as the breach that exposed 45 million customer records at TJX, the parent company of T.J. Maxx and Marshalls—have broadened the types of corporate users interested in GRC software. With the CFO and CIO working together, the importance of the investment in GRC has been communicated more effectively. The GRC market is made up of as many as 600 specialty players, but consolidation is expected to bring that number down. CFOs at larger companies are likely to stick with more established software vendors, such as Oracle and SAP—particularly since many large businesses are already using either Oracle or SAP. Mr. Hagerty said that because SAP has been emphasizing risk for a longer period of time, it probably has a slight edge over Oracle in this marketplace. SAP was out front on global trade and environmental compliance, he noted. “I think Oracle will get there, because it has solid risk management assets too.” With its acquisition of Cognos, IBM obtained sizable assets in the finance area, which could result in Big Blue reintroducing GRC into its product line. “My expectation is that you'll see IBM reenergize its GRC story,” Mr. Hagerty said, adding that Microsoft could also jump into the GRC market in the future. Smaller companies in search of cheaper licensing fees may go with more niche vendors. And John McLaughlin, senior managing director at Smart Business Advisory and Consulting, sees “a bit of a risk” for small companies in adopting compliance software, in that the benefits may not outweigh the costs. “The need to have automated oversight might not be as great for a small company as it would be for a global pharmaceutical company with 50,000 employees,” Mr. McLaughlin said. But with more GRC applications moving to an on-demand model, industry watchers say those cost concerns may fade. FW ----------------------------------------------------------------- GRC VENDORS Hundreds of software publishers offer programs that address specific governance, risk or compliance tasks. Most are siloed applications, however, designed for individual functions or departments. Increasingly, though, vendors are coming out with GRC platforms that can be deployed across an enterprise. Typically, these platforms allow corporate users to purchase different modules as the need arises. Here are some of the top makers of enterprise GRC software. > BWise BWise > Compliance360 Complance360 > Cura Cura Enterprise > IBM IBM Workplace for Business Controls and Reporting > Mega Mega GRC Suite > MetricStream Enterprise Compliance Platform > Mitratech TeamConnect GRC > Neohapsis Certus Risk, Certus Compliance, Certus Analysis > OpenPages OpenPages > Oracle Oracle Governance, Risk, and Compliance Manager > Paisley Enterprise GRC > Protiviti Enterprise GRC > Qumas Qumas GRC Suite > SAI Global SAI Global > SAP SAP Governance, Risk, and Compliance > Strategic Thought Group Active Risk Manager Sources: Forrester, Financial Week
|
|
|
|
CRAIN'S BENEFITS OUTLOOK 2009
SPECIAL REPORT
MOST POPULAR
|
MORE ANALYSIS
Crain Financial Group:
InvestmentNews |
Pensions & Investments |
Workforce Management
Copyright ©2009 Crain Communications Inc
All rights reserved.
Privacy Policy |
Terms & Conditions