Guest Column | December 16, 2008

GRC Is The New ERP

By John H. Capobianco, Lumigent Technologies

Back in September, Larry Ellison mused that IT "is more fashion-driven than women's fashion." I'm not going to argue the point, but unlike their fashion industry counterparts, IT trends typically have a longer shelf life. How many colors — not including red, for current economic reasons — have been pitched as the "new black" in the last 12 months? Several.

In IT, the touchstone technology for enterprise-wide, business process automation is enterprise resource planning. While ERP remains the core enterprise technology after 15+ years, governance, risk, and compliance (GRC) is the next big area of business automation. In other words, GRC is the "new ERP."

We're already seeing parallels emerge between the two. ERP started with financial controls, and GRC is starting with financial controls. Over time, the ERP vendors added modules for manufacturing, supply chain management, human resources, customer relationship management, and other business areas.
But they started as a general ledger, as a financial control system.

In the same way, GRC will ultimately evolve into a consolidated, enterprise-wide system with vertical solutions that include technologies for collecting data, reporting and presentation, and trending and forecasting.
Today, GRC vendors like Paisley, MetricStream, and OpenPages are making early deployments in reporting and dash boarding. Others like Cognos and Approva are working on forecasting and trend analysis. And companies like Lumigent are focused on data acquisition.

Like ERP, GRC will grow both horizontally and vertically at the same time.
That is, GRC will expand its three, core technology sets while its solution sets expand beyond financials to address GRC processes elsewhere in the enterprise, from human resources to IT and beyond. The two expansions will follow different trajectories, however, and almost every new solution set will debut as a compliance offering, with related risk and governance functions to be delivered later.

Why start with compliance? It's where organizations feel the most pain. The cost of manual compliance reporting alone can reach millions annually, and compliance reporting is purely an exercise in CYA. There's no top line or bottom line benefit to demonstrating compliance to regulators. Automating that manual activity is the most effective method of driving down the costs of regulatory compliance.

Moreover, the GRC process really starts with C, with compliance information gathered during the testing and monitoring of controls and data. Risk enters the picture when that compliance information is interpreted in the context of business risk to generate options for mitigating any identified risks. Finally, the governance function evaluates the available options, determining the most appropriate course of action.

So, it all starts with compliance, but GRC is no flash-in-the-pan, IT trend.
Trust me; making informed, risk-based business decisions is going to be fashionable for quite a while.

John H. Capobianco is president and CEO of Lumigent Technologies, Inc., the first to market with automated financial controls for primary business applications to drive down the cost of regulatory compliance. Learn more about Lumigent at http://www.lumigent.com, and contact John at john.capobianco@lumigent.com.

SOURCE: Lumigent Technologies, Inc.

This website uses cookies to ensure you get the best experience on our website. Learn more