Due to my long absence this post comes a bit late, however I did not want to hide from the readers that MetricStream offers a free download of the Gartner Magic Quadrant for GRC Platforms (Q2/2008). OpenPages, Paisley, Oracle and MetricStream were placed in the leaders quadrant. For further information please refer to the report. [Download from MetricStream.com]
CFO Research Services in collaboration with Crowe Chizek recently published the results of an interesting survey among senior finance executives. The report is called “The Changing Landscape of Risk Management“. Insights include the shifting focus from financial to operational risk, probably a result of financial risk being in better control after Sarbanes-Oxley implementations over the past years. The integral role of CFOs and executive boards in risk management is backed up. From a GRC perspective it is notable that 65% of respondents named “managing risk across the entire company” as particularly challenging over the next 12 months. Awareness of the need of and understanding of risk management is still scarce. In order to improve this situation the authors suggest to pass risk management tasks to the internal audit function, acting as an enabler and promoter of risk management. The report is free for download after registration at CFO.com. [The Changing Landscape of Risk Management]
As promised I had a look around the web to find articles about the implications of the financial crisis on GRC. I hardly found anything worth mentioning, apart from the ubiquitous vague and emotional articles recommending new regulations for banks. Software vendors have hardly commented on the situation, being more concerned to deal with the expected decline in sales. SAP announced the strongest cost-saving measures since the break-down of the new economy. Each board member renounces to 10 days of holiday, all management consulting is stopped, projects with third-party involvement are postponed to next year where possible, all meetings have to be held in SAP facilities, orders for company cars and office equipment will be scrutinised, and so on and so forth, and of course all this is topped by a headcount freeze and the cancellation of all existing vacancies. Hard to swallow for the employees, but an unavoidable move to protect the company’s performance.
CFO Research published a report revealing that senior finance executives increasingly focus on risk management as a result of the financial crisis. 55% of respondents expect changes in their company’s risk management practices. Governance topics dominate these changes: altering cash management practices, investments strategies and customer and supplier relationships. With new regulations expected to be introduced, more and more companies should realise that they need a comprehensive and effective approach to their GRC topics. The search for better risk management solutions will automatically lead the attention to GRC.
If the demands for increased transparency of financial portfolios are answered, inter-company risk management is also going to gain importance. Where possible, risks should be tracked down to the first member of the chain. Banks should not rely on buying tranches with AAA ratings, not knowing who are the debtors included in the product. It is a bit strange that banks, who of all companies have the most advanced risk management in place, seem to be lacking it most. Over the last decade non-financial companies have been increasingly active in the financial market. Porsche, for instance, made 4 billion euros of benefits out of a 7.4 billion revenue in 2006/07 due to hedges for Volkswagen shares. If these trigger-happy companies are affected by the crisis as well (allegedly not to be expected in Porsche’s case), they will either cut down their investments on the financial market and refocus on their traditional core competencies, or they will have to increase spend on risk management. Balance sheets at the end of this year are going to deliver a first impression of how strong the impact of the financial crisis is on non-financial companies.
I knew the stock markets were going to react to the decrease in global productivity due to my first long holiday in years. However I did not expect the reaction to be this harsh! All jokes aside: the end of American investment banks as we know them, losses of hundreds of billion dollars, bankruptcies and nationalisations seem to herald a severe recession. You can find news on the happenings on basically every website reporting about economy or politics. GRC Resource will try to provide resources on the effect of these events on GRC soon. Stay tuned.
After Siemens was found guilty of bribery, leading to fines, additional tax payments and consulting costs of about €1.9 billion, the company has announced the unconventional step of suing 11 former board members for compensation. Among the culprits is also former CEO Heinrich von Pierer. Until 1999, money spent in order to win contracts in foreign countries could still be offset against taxes in Germany. Since then law has changed though, and the €1.3 billion spent by Siemens caused a notable bribery scandal and lots of bad press for one of the world’s largest company’s with 430.000 employees. [Financial Times]
In what is arguably Austria’s biggest bank fraud, nine executives have been sentenced to terms of 18 months on probation up to 5 years in prison, plus nine and a half years in prison for the most prominent culprit, former chief executive Helmut Elsner. Through risky speculations and subsequent falsifications of the balance sheet, the group caused losses amounting to €1.7 billion. [Financial Times]
Last Friday, Courtney Bjorlin from SearchSAP.com reported of a struggle going on between SAP and Gartner analyst French Caldwell. In a research note following the Sapphire 2008 in Orlando, Caldwell accused SAP of lacking a GRC management component in its GRC portfolio. SAP has now rejected Caldwell’s claims, adducing that the functionality the analyst expects to be in an additional component is already integrated into the existing modules today. We are looking forward to see how this debate will evolve. [Source]
A new issue of GRC 360° magazine is now available for download at the OCEG website (free registration required). These are the featured articles:
Springtime not only brings us some sunny days this year, but also two new books on GRC.
SAP GRC For Dummies is going to be available starting from May 12 onwards for about $30. Published by John Wiley & Sons it is the first piece from Denise Broady and Holly Roland. Dan Woods, who has participated in several other “For Dummies” books (e.g. NetWeaver), is listed as a co-author. As soon as more information is available you will find it on GRC Resource.
Anthony Tarantino, known from publications such as the “Manager’s Guide to Compliance”, now follows up with the Governance, Risk and Compliance Handbook. The book promises to provide “Technology, Finance, Environmental and International Guidance and Best Practices”. GRC Resource is going to review the book, which sells at a proud price of over $100.
As SearchDataManagement.com reports, AMR Research published a new market analysis identifying risk management as the top driver of GRC initiatives, surpassing compliance.
“GRC really sprang up from people’s approach to managing some of the concerns around Sarbanes-Oxley,” [report author] Hagerty said. “Organizations that didn’t have to deal with that, which was any private firm in the United States as well as any firm that didn’t trade on U.S. exchanges — the rest of the world, pretty much — didn’t care about it.” But times have changed, he said.”
Moreover the report provides a GRC market size forecast:
“Worldwide, GRC-related technology and services spending is expected to increase by 7.4% in 2008 to $32 billion, according to the report, which surveyed 420 companies in the U.S., Germany and Japan. Demand for GRC services and consultants will rise nearly 22% as companies look for outside help in crafting their risk management strategies.”
[Source: Kelly, J. (2008): Risk management surpasses compliance as top GRC priority.]