Excel is the biggest competitor in the Enterprise GRC space, Gartner’s French Caldwell said to me on a call about SAP’s new IT GRC partnership with CA.
That sentiment jived with a survey we recently conducted on SAP priorities on SearchSAP.com. Most of our readers said they weren’t using SAP’s GRC applications, either because they weren’t aware of them or they didn’t need them.
But Caldwell’s clients are finding that managing everything in Excel leads to “spreadsheet chaos,” he said. Therefore, he’s seeing more interest in buying one platform to automate these processes.
And to that end, they’re looking for something to manage both Enterprise GRC and IT GRC. Enterprise GRC software automates the process of collecting data related to risk and compliance. IT GRC applies controls around the infrastructure and validates the controls enabled by these applications are working properly.
SAP isn’t ready to meet all of their needs, but it took a step in that direction last week with a partnership announcement with CA.
SAP has steadily been boosting its GRC platform, Caldwell said. Last year, SAP enabled integration between the compliance management piece (controls and testing of controls) and the risk management piece (risk assessments are a very important part of planning and scoping where put compliance efforts)
Now, SAP’s looking at how improve the visibility and integration of both audit management and the policy management, Caldwell said. SAP’s doing the development work now, and the software should be in ramp-up by the end of the year sometime in 2011.
With CA, SAP plans to sell customers integrated tools to manage IT GRC and Enterprise GRC.
In turn, the partnership with CA is not exclusive – and that is a good thing. SAP customers already have other products to manage IT GRC — such as Symantec and McAfee — and SAP needs to make it easier to integrate with those products, Caldwell said.
Yet it’s still playing catch-up – vendors such as Oracle and best-of-breeds like OpenPages still lead the way.
But SAP’s making headway here – including against its “next largest competitor,” according to a blog by Michael Rassmussen.
“To date, Oracle has had the broadest ala carte GRC offering. But customers regularly complain to Corporate Integrity about the lack of integration between the breadth of Oracle GRC solutions. SAP and CA offer a deeper suite of GRC solutions but have already demonstrated interesting integration between critical products. If you consider SAP’s additional partnership with Greenlight Technologies – SAP extends into the Oracle environment for managing GRC.”