It was great to see some of the friendly faces that we’ve grown to expect at such events and to expand our network of contacts in the GRC market. Our booth location is next to Alert Enterprise (Virsa founder Jasvir Gil’s company) and it’s been good to chat with him and his team about their developments over the last year. Other companies we’ve spent time with and intend to work with include:

	www.alertenterprise.com Integrating IT and physical security across diverse systems, applications, databases and geographically distributed assets
	www.csi-tools.com Providers of inexpensive stand-alone SoD and security toolset
	www.dgntechnologies.com Largely ex Virsa/SAP developers based in US and Indian
	www.greenlightcorp.net Developers of GRC add-on utilities & cross application connectors
	www.realtimenorthamerica.com Provide biometric controlled access to SAP

Our Pete Fitzsimmons – who’s ex Virsa – has been renewing his acquaintances with some old colleagues (he seems to know everyone!) and it was great to meet Susan Stapleton (Director of SAP GRC Customer Advisory Office) and put a face to the name. We’ve also had time today to get some detailed demonstrations in the SAP Labs of the new Risk Management 3.0 pre Ramp-up and this product is looking impressive. 

The main session today was SAP GRC BusinessObjects VP Narina Sippy, who delivered an inspiring keynote presentation that really showed SAP’s vision and maturity. Some key messages from this were:

GRC in the past was fragmented but is changing – primarily as a more holistic view of risk management across the business takes shape, but also as the leading organisations treat GRC differently, as a source of strategic performance enhancement.

Of course we all talk about risk but the flip side is reward – and understanding risk v reward drives performance. Narina took an example in the airline industry. Southwest Airlines managed the risk of fuel price fluctuation and in 1999 hedged oil provision at $51/barrel. That has saved them $2 billion! However Singapore Air’s risk assessment was less effective and they didn’t move until 2007, when they hedged oil at $121/barrel – pretty much the top of the marker. At current prices they are paying 300% premium and in Q4 last year alone they lost $341m.

Customer spotlight 1: Pearson - Frank Di Pentima (VP, Financial Compliance)
Profile: 15,000 users, use GRC RAR, SPM, v5.2 across SAP and non-SAP (via Greenlight connectors). Pearsons recognised value in being proactive. The business case was simple as they are risk averse with a strong focus on brand and reputation, and already had a pre-built rule book.

Customer spotlight 2: Sharp Electronics - Wyatt McManus (Process Management and Business Controls)
9 divisions in US, 2 in manufacturing and 7 in sales and marketing.
Their need was to standardise and stabilise their control environment. The focus was on financial controls and subject to JSOX. They began with Access Controls (RAR and SPM) but also deployed Process Controls with limited scope. They particularly like the document repository, key in their JSOX focus. They are now digitising their other business controls as well as looking at GTS.

Customer spotlight 3: McKesson - John Sapp (Senior Manager IT GRC)
$102Billion revenue - “Probably the biggest company you don’t know off”. John is clearly a big thinker. In his view it’s about organisational collaboration across Internal audit, technology risk management, and Compliance. Federated GRC requires collaboration. Key is defining the stakeholders and understanding the current state. McKesson has made 23 acquisitions in 4 years, and each one brings a new set of challenges. In his view, you should forget tactical solutions - “A fool with a tool is still a fool”. John challenged everyone to think “Are you risk averse or risk aware?” The next stage on from that is being risk intelligent. GRC does drive strategic performance in his view – but it absolutely does need
executive sponsorship and visionary leadership. Interestingly 12 months ago John’s role didn’t exist but he went to GRC2008, got the message, and went back and defined the new job!

Back in the exhibition hall it was busy, but between the bursts of customers and prospects, we took the chance to meet the other 30 or so exhibitors and to ask how they were finding the market – and the responses (one we filtered out the bravado and spoofing...) to our mind largely fell into two camps. Some were focused on how bad the recession and economy is and were shedding jobs and cutting salaries (and that excludes the companies finding it so tough they weren’t here at all this year!). Others were saying that they’d rethought their business model and were more focused than before and in growth mode. However I think everyone agreed on two things – firstly, that the US market seems hardest hit and secondly, that decisions on new projects were taking much longer than before.