Assessing Your GRC Strategy
Customers are exhausted with big projects. License costs coupled with expensive implementation services have executives still looking for the promised return on investment. The recent OPEC study points to business value potential for enterprise scope endeavors. My experience is customers are lacking an overall enterprise strategy and embarking on a project by project approach. The first issue which ignited the GRC impetus was managing segregation of duties. After several years many SAP GRC Customers have yet to get beyond the basic risk analysis and remediation phases of their journey. Role redesigns and other associated services have interrupted the ultimate attainment of value from proactive risk-free provisioning. This is just one example. Many business and audit groups have chosen the deployment of point solutions to take on their needs. So now there are underutilized solutions owned by many, and the costs for internal or external IT resources to maintain the infrastructures required also adds costs as changes and updates are needed. And to make matters worse there are still new regulations and issues to be solved. How can customers get to a more pro-active enterprise strategy?
There are many solutions and service providers that will try to “market” their solution as enterprise. However, after the purchase is made, the “reality” comes to the surface. We believe these options and evaluations are not disclosed in lengthy “RFP’s” that deal with many of the archaic ways customers are currently managing compliance processes. Instead, we believe a strategic plan should drive the RFP so that options for solutions are presented. Options are what the customer should know, and can lead to a more holistic, cost effective solution.
Why not take a step back and get an assessment of where you are and how you compare to others? Both benchmarking against a best practices model and actual experiences from existing customers will help you get an honest and independent view of your GRC program.
Our Customer Exchange Forum was created to provide customers a safe place to post ratings and evaluations of products. This provides future and current customers more experience knowledge to test “marketing claims” by providers. In addition, many service providers can be rated on their approach and effectiveness in getting the solution implemented and producing sustained value for the organization. This is even more meaningful when products come out of Ramp-up and have limited customer experiences. Those that have taken the plunge can put their observations and warnings out for others on the product. Please help us fill this gap by posting your experience today!
Assorted Members of the CAG Team providing insightful information on current topics related to GRC, Security, and Audit.