{"id":1507,"date":"2006-09-07T00:00:00","date_gmt":"2006-09-07T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2006\/09\/07\/sap-pushes-compliance-as-strategy\/"},"modified":"2021-12-30T11:39:30","modified_gmt":"2021-12-30T11:39:30","slug":"sap-pushes-compliance-as-strategy","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2006\/09\/07\/sap-pushes-compliance-as-strategy\/","title":{"rendered":"SAP Pushes Compliance as Strategy"},"content":{"rendered":"<p>SAP wants companies to think of governance, risk and compliance (GRC) management in strategic terms.  The leading vendor of enterprise software, based in Walldorf, Germany, introduced an integrated set of solutions to help enterprises manage their GRC issues.  The solutions build on existing SAP solutions, as well as applications that SAP acquired when it purchased compliance solutions vendor Virsa in May.  The first solution, called GRC Repository, will allow companies to document and maintain GRC information, such as corporate policies, board of director minutes, regulations, compliance, control frameworks and key business processes in a central system of records.  The second solution, GRC Process Control, automatically aggregates business process risks for the entire enterprise, provides supporting evidence of compliance, pinpoints control violations to prioritize corrective action and prevents material weaknesses from developing and persisting.  The software will integrate automated control monitoring for SAP and non-SAP applications.  The third component of the offering, GRC Risk Management, helps enterprises implement collaborative risk-management processes.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Doug Merritt, executive vice president and general manager of suite optimization products and technology at SAP, said that consultants in the compliance arena, regulatory bodies and other vendors will also be able to contribute to this repository.    &#8220;It allows companies to manage hugely heterogeneous landscapes,&#8221; noted Merritt.  Merritt said the solution will help risk managers and business owners identify financial, legal and operational risks, analyze business opportunities in light of these risks, and develop appropriate responses.<\/p>\n<p>The key to all three solutions, the company said, is that they give line-of-business executives greater visibility of how governance and risk-management policies are implemented and followed in the course of doing business.   Effective GRC management can do more than ensure that companies are in compliance with Sarbanes-Oxley and other regulations, said Merritt.  &#8220;GRC is more business-driven than just keeping the CEO out of jail,&#8221; said Merritt in response to a question from internetnews.com during a conference call this week.  &#8220;Understanding the relative risks and rewards of different activities is as critical or more critical than regulatory reporting,&#8221; he said.<\/p>\n<p>Amit Chatterjee, senior vice president of the risk and compliance management unit at SAP, said that whatever can be monitored can be managed.  <\/p>\n<p>SAP GRC Repository and SAP GRC Process Control will be generally available Nov. 30.  Other solutions, particularly those pertinent to industry verticals, will become part of the new solution during the second quarter of next year.<\/p>\n<p>SAP also announced that it is bringing these products to market jointly with networking solutions vendor Cisco Systems (Quote, Chart).<\/p>\n<p>http:\/\/www.internetnews.com\/ent-news\/article.php\/3630606<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1507","post","type-post","status-publish","format-standard","hentry","category-product"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1507","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1507"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1507\/revisions"}],"predecessor-version":[{"id":3994,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1507\/revisions\/3994"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1507"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1507"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1507"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}