GRC Journal - (Page 68) Tackling the Information Challenge HR: Yes, standardizing on methodologies terminologies in the framework for GRC management is definitely a focus of what SAP is delivering. We don’t see how you could establish the common framework and understanding without the standardization of terminology in the practices. This is something that has to go beyond any one of our organizations. Holly, I’ve heard SAP’s executive Doug Merritt talk about getting to taxonomy and terminologies that we can all relate to. Where are we on that journey and what do you see happening over the months and years ahead with regards to that? HR: On that journey, I think that the whole industry is just getting started. There is a common understanding now of the different types of compliance issues that companies are dealing with and how risk management can contribute to that and how an effective governance program ties into the overall infrastructure. We are still in a situation where companies are calling different types of controls, for example, different things. I expect to see the evolution continue over the next few years as this is a fairly new market and we are just getting started. Why suddenly is there an increased focus on information governance? EG: It is the result of a number of factors. Obviously, there have been a lot of regulations over the last five to 10 years that have focused us down this path to start addressing compliance and governance issues. In the past, companies never really spent a lot of time looking at these areas because there was no urgent requirement that forced them to. Senior management is beginning to realize that information is really king, and companies are looking at ways to use information to get a competitive advantage for their organization to be able to adjust in a rapidly changing environment. I think senior management is starting to realize that they need to look at information governance in order to stay agile in a highly competitive environment. JM: It has to do with value creation. Since any GRC system problem has to do with information and process management, we can use the same compliant or wellgoverned systems to create business value. Since we can improve productivity or reduce costs while improving GRC capabilities, there is an upside opportunity for value creation. Since GRC forces improvements in systems, information and process, not only will we have wellgoverned systems, but we have systems that contribute actual value to the business. HR: Beyond regulations, competitive advantages and the value creation, most companies in the U.S. and elsewhere in the world are also dealing with unparalleled and unprecedented exposures from a legal and financial perspective. A lot of those exposures are actually coming from non-traditional sources. Since companies are starting to feel these exposures in their wallets, in addition to the desire to protect their brand, this has driven a lot of these initiatives. As long as I’ve been helping companies with IT strategies, there has been a quest for improved management dashboards. Is the technology up to it this time? About a decade ago, there was a big push; however, the vision was ahead of the capabilities. This time around, are we able to deliver this realtime, accurate and timely information? EG: The technology is absolutely out there. There is a lot more interoperability, stability and scalability among systems out there today than ever before. The biggest thing that might hinder us going forward is the process and people side. It is a matter of whether we can get the process and the people moving in the right direction and whether we can achieve what the vision was about 10 years ago. The problem isn’t that the technology isn’t available; it’s that most organizations have no idea what they want to do so it’s extremely difficult for the IT organizations to respond tothe business needs. This is again an example of the need of all the stakeholders to come together to design one over-arching strategy. JM: Most customers have an IT environment supported by investments in some very good technologies that have been upgraded over time. The IT could have included an ERP systems implementation or even something basic like enterprise connectivity. A successful GRC implementation provides the proper architecture to leverage these IT investments. The other key is that people have become familiar with using these technologies. For instance, it is not uncommon for users to go to a Web link to access their applications and information. In addition, the application software has gotten much more flexible and sophisticated, which supports the use of newer GRC dashboards. I think most users have confidence that a properly designed, architected and implemented system can deliver very accurate information – quickly and in a number of formats. Holly, SAP has been delivering great software for a long time. I think historically, a lot of the customer drivers were around enabling transactions. It seems as though we are at a real inflection point in terms of moving toward a focus on information as opposed to transactions. Are you feeling that at SAP? HR: Yes. I think that companies have understood how to make the most out of their transaction processing systems, and mostly in that context they are struggling with either how to outsource some of the transactions or how to integrate the diverse systems. Also, there 30 Business Trends Quarterly Technology Solutions. Business Strategy.
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.