Today, enterprises around the globe operate IT processes covering areas such as security, availability, infrastructure and IT project management. These processes support the core business processes that organizations use to operate successfully, including procure-to-pay, order-to-cash and hire-to-retire. However, the management of risk and compliance around IT processes, or IT GRC, remains quite distinct and separate from the risk and compliance issues related to business processes. Most organizations manage their IT GRC separately from their enterprise GRC efforts. As a result, they face increased costs and labor efforts from having uncoordinated GRC initiatives. More importantly, they may not be appropriately managing the key IT risks and controls that could cause significant business impact. Critical business decisions cannot be made effectively when IT GRC efforts are not integrated with business GRC initiatives.
"CIOs and IT risk managers when communicating to the CFO must explain IT risks in terms of business performance," according to French Caldwell of Gartner.
Enterprise IT management products from CA Technologies combined with GRC solutions from the SAP BusinessObjects portfolio provide customers with continuous monitoring of IT control and risk metrics. Additionally, an enterprise GRC solution from SAP offers customers a competitive advantage by helping them manage risk across their IT and business processes, thus enabling them to determine potential impact considering both IT and business controls. Potential benefits include the improved ability to:
Automate and standardize GRC activities with pre-defined workflow and reporting.
Protect business value through continuous monitoring of both IT and business controls, which helps ensure that risks are managed to a level that is acceptable to the business.
"Most organizations manage their IT GRC separately from the rest of their GRC efforts; this increases cost and risk to the organization," said Dave Hansen, general manager, Management Products and Solutions and Security customer solutions units, CA Technologies. "Our work with SAP helps organizations remove the silos of GRC management by incorporating continuous monitoring of IT risk and compliance metrics into business process risk management."
Initial product focus is on continuously monitoring security, IT project and portfolio management, and assuring service performance. CA Enterprise Log Manager, CA Clarity™ PPM, and CA Wily Application Performance Management can provide content for the SAP® BusinessObjects™ Risk Management and SAP® BusinessObjects™ Process Control applications to map into the IT and business frameworks. This also helps continuously monitor these frameworks so that risk and compliance issues can be identified and mitigated proactively before events occur.
"With SAP’s leadership in business applications and CA Technologies IT management leadership, our solution with CA Technologies provides a unique capability to integrate business and IT GRC," said Jim Dunham, group vice president, GRC Solutions, SAP. "By continuously monitoring controls across both the IT and the applications stack, GRC leaders now have the visibility they need to bring business relevance to IT GRC."
This collaboration follows on the heels of a successful reseller agreement that SAP and CA Technologies have had in place since 2008 for CA Wily Application Performance Management and SAP applications. [July 16, 2010]
Send this IT news to a friend