SAP moves beyond compliance

SAP has stepped up its efforts to champion the governance, risk and compliance (GRC) cause by allowing companies to build a unified GRC framework that minimises risk exposure, aligns business strategy and ensures compliant business execution, says Public Technology.

SAP has spent a lot of time explaining its GRC strategy and is starting to build real, integrated applications around it. The challenge for SAP now is to encourage enterprises to take the leap and kick-start formalised GRC programmes.

That not only means packaging up best practice implementation guidelines that address the technology and process complexities of an integrated GRC system, but also helping them to think about building a strategic business case.

Oracle has introduced Oracle Enterprise Governance, Risk and compliance (GRC) Manager and the latest release of Oracle Enterprise GRC Controls to deliver a complete approach to regulatory compliance, risk management, and controls automation, states BusinessWeek.

Oracle's Enterprise GRC Manager and Enterprise GRC Controls are tightly integrated so organisations can align the identification, assessment, and prioritisation of risks with the ideal risk treatment through a combination of both manual and automated controls.

This integrated approach gives organisations an enterprise understanding of which risks are critical and enables an immediate and coordinated response.

The Information Systems Audit and Control Association (ISACA), an IT governance body, has unveiled its Risk IT Framework, a document it describes as "the first global IT-related risk framework to provide a comprehensive view of the business risks associated with IT initiatives," reports Computing.co.uk.

The Risk IT Framework is a free-to-download, 107-page document, which ISACA says builds on its globally recognised Control Objectives for Information and related Technology (COBIT) framework for IT governance, to provide a missing link between conventional enterprise risk management and IT risk management and control.

ISACA Risk IT taskforce chairman and developer, Urs Fischer, said Risk IT would save time, cost and effort by providing a clear method to focus on IT-related business risks such as late project delivery, compliance, misalignment, obsolete IT architecture and IT service delivery problems.