By Michael Lortz, Senior Director, Solution Marketing, SAP BusinessObjects GRC Solutions

Here at SAP we have recently launched SAP BusinessObjects Governance, Risk, and Compliance (GRC) 10.0 solutions. It all started in Las Vegas at the North American version of GRC2011 and will continue with the European regional launch at GRC2011 in Amsterdam. To me, the big news of our GRC solutions is the value that our customers get. A number of customers have already pointed out their expectations for how SAP BusinessObjects GRC 10.0 solutions will deliver value.

Three Categories of GRC Returns—Where Are You?

In the many recent conversations that I have had with customers, I found that GRC returns can be characterized in three fairly distinct categories that align nicely with the maturity of a company’s GRC program.

  • Many companies can recognize and measure increased efficiencies and reduced costs in their GRC programs. These returns most often come from a reduction, sometimes significant, in manual efforts. As an example, customers have completely replaced spreadsheets and documents used to track broad compliance initiatives or risks spread across multinational companies. There are plenty of other examples where automation drives repeatability, predictability, and objectivity—important for GRC programs.
  • Some companies point to reduced risk and fewer compliance violations. This often comes as a result of automated monitoring. Organizations can prevent or minimize the impact and duration of risk events. Companies that achieve this second category of GRC returns avoid or minimize the impact of risk events, like diminished revenue streams, reputational damage, decreased customer loyalty, or even lower shareholder value.
  • The biggest returns come at companies that can cite specific performance increases linked directly to risk or compliance programs. This comes as a result of providing information about risks and current risk levels to decisions makers and enabling them to use that risk information to make better-informed decisions. There are also examples of companies that have been able to turn their compliance programs into differentiators for their products or services.

Where does your company stand?

What type of returns do you get from your GRC investments?

Can you measure the return? Do you?