su53 has a team attending the event sessions and meeting clients, prospects and partners at the GRC 2008 event in Amsterdam on 4th November, and is staying on for the Finance/HR event here for the rest of the week. Although on a smaller scale than the March event in Orlando, there are still 600 delegates expected, with over half coming for the GRC day in particular. The change in interest from six months ago in the US is apparent less anxiety around compliance and more focus on costs of compliance and of compliance solutions. SAP's product positioning is also evolving and Narina Sippy, SAP's Senior VP for GRC, hinted at this in her keynote speech (see below).

Keynote themes

1. Focus is increasingly on strategic performance and using GRC for competitive advantage, rather than just to address specific risk issues
2. Increased perspective around a unified approach to risk management, aggregating and managing risk activities, automating controls across the process, and monitoring risks & controls across systems
3. Highlighted 1m+ fines from the UK FSA in 2007 where, even though controls didn't fail, they were badly designed
4. 87% of risks are non-financial, though the market focus is still predominantly on finance
5. Focus is increasingly moving away from access controls alone to Access/Process Controls and Risk Management
6. GRC is starting to be seen in three models Finance, Supply Chain (around Global Trade Services) and Environmental Health (around EH&S)

What are the common themes amongst delegates?

1. Lots have either bought or are looking to buy Access Controls, and asking for advice on best practice
2. Many are looking at upgrades and the merits of global standardisation on single GRC instances
3. There is more interest in Process Controls and, to a lesser extent, Risk Management but very few examples of people using it yet

su53 Partners

• Greenlight is growing well and having good success, especially in the US and global businesses, enhancing use of GRC cross platform e.g. Oracle, JDE, Hyperion, legacy
• CISCO Sona allied to SAP^® GRC delivers network data security powered by Cisco AON and SAP^® Process Controls
• Runbook is an interesting application, automating SLA compliance, PEC etc. Looks a sensible idea for anyone needing compliance certainty from their service providers