What did you expect to find when you just clicked on “GRC Technology”? Certainly not the construction plan for a GRC machine where you enter your business processes and out comes your risk appetite and compliance. As always in information technology, there is hardware – which we can neglect – and software to GRC. The software itself, again as we know it from other areas, is composed of a multitude of software technologies. Data warehousing, real-time applications, transactional systems, web frontends, XML and many others together build more or less integrated tools that support GRC. There are many opinions on which technologies to use and how to combine them in an optimal way in order to cover all requirements of Integrated GRC. It is going to be part of my research to investigate the most promising approaches and to identify similarities and gaps. Of the latter, I expect to find many. French Caldwell, VP and Research Director at Gartner, went as far as stating:
“There is no such thing as a complete GRC solution. Governance cannot be shrinkwrapped. There are some vendors that offer Finance GRC Management applications, and others that offer IT GRC Management applications–but then there are dozens and dozens of other vendors that offer GRC-related technologies ranging from audit management to IT technical controls automation to e-discovery. No vendor combines all these capabilities into a single product, or even a single portfolio offering. “ Switzer, C. S. (2007): Ask the analysists: Where are we going with technology for GRC? GRC 360°, Spring 2007, pp. 7-8.
GRC Resources for the moment focuses on the Finance GRC Management applications. Governance, risk management, compliance, segregation of duties, automated controls and so on are all part of Finance GRC. From a conceptional and technical point of view these solutions should incorporate everything required in other areas of GRC (e.g. IT compliance, environmental health…) except for the respective business process blueprints.
- The summer/fall 2006 edition of GRC 360° carries the title “Getting connected – The partnership of technology and GRC”. It contains a handful of interesting articles on GRC technology.
- A comparison of Oracle’s and SAP’s GRC strengths has been compiled by Michael Rasmussen in the article”Big hitters target GRC” (2007).
- Wilhide, K. (2007): Vendor Needs and Strategies. Oracle and SAP: Parallel Paths to GRC Supremacy.
Another piece on the approaches of Oracle and SAP, this time by Kathleen Wilhide from IDC.
- Dittmar, L. (2006): IT as an Enabler of GRC: What does Utopia look like? In: Business Trends Quarterly, Q4/2006.
- Mitchell, S. (2007): IT and GRC: A Crucial Partnership. In: GRC 360, Spring 2007, pp. 13, 16.