SAP continues to show thought leadership and growth in the GRC space as revealed in the GRC Insider conference last week. The conference itself is a combination of GRC, Financials, and Human Resources tracks put together for SAP users. The overall conference had over 2000 individuals in attendance with significant growth in GRC’s presence over previous years.
Of particular interest is the contrast of SAP’s GRC strategy to other companies in the industry. What many vendors assume to be competitive they would actually find complimentary. SAP strengths in GRC are in . . .
Where does SAP need to show further growth in GRC? There is no one stop technology shop for GRC – any organization looking to define a technology GRC strategy will soon realize that SAP is a solid core, but not enough. SAP is particularly weak, or needs further growth in the following GRC functional areas:
  • Content and process management. SAP’s GRC strategy has been focused on business transactions and intelligence where most other GRC vendors have focused on GRC documentation and workflow/process management. SAP does not have strong content and process management capabilities/technologies within its portfolio – and is hesitant to offer this directly as they have a rich ecosystem of enterprise content and business process management partners. SAP really should consider acquiring a GRC vendor with strong content/process management capabilities or work out a GRC market strategy that integrates one of their ECM/BPM partners in this space.
  • Human resources. The most surprising blind spot in SAP’s GRC strategy to me is the lack of integration with SAP’s human resources management business. A significant portion of GRC involves the HR element – training, background checks, policies & procedures, access management, approvals, etc. There was tight integration at the conference between GRC and Financials, but the Human Resources track (as well as SAP’s GRC technology) remains completely separate from GRC. SAP is a dominant player in the HR market and one would think they would be quick to integrate and deliver a holistic GRC solution in this area.
One final thought that occurred to me . . . how would Thomson’s acquisition of Paisley impact SAP? To date the two offering are complimentary. Paisley documents, communicates, and manages workflows for GRC and does not automate transactions. The Thomson acquisition of Paisley aims to deliver and integrate rich tax/accounting content into the Paisley audit/GRC platform. While this still remains complimentary – what would happen if Thomson would acquire an automated/continuous control-monitoring vendor (e.g., ACL, Approva, Oversight Systems) that directly competes with SAP Process & Access Controls? The complete integration of information/content, process management, and automated controls could really shake up the space.

Leave a Reply

Your email address will not be published. Required fields are marked *