Tuesday, August 20, 2019
Corporate Compliance Insights
  • Home
    • Home
  • About
    • About CCI
    • Write For CCI
    • Advertise With Us
  • Articles
    • All Articles by Date
    • Jump to Topic
      • Compliance
      • Ethics
      • Risk
      • FCPA
      • Governance
      • Fraud
      • Audit
      • HR Compliance
      • Data Privacy
      • Financial Services
      • Leadership and Career
  • Industry News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
    • Home
  • About
    • About CCI
    • Write For CCI
    • Advertise With Us
  • Articles
    • All Articles by Date
    • Jump to Topic
      • Compliance
      • Ethics
      • Risk
      • FCPA
      • Governance
      • Fraud
      • Audit
      • HR Compliance
      • Data Privacy
      • Financial Services
      • Leadership and Career
  • Industry News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
No Result
View All Result
Home Featured

Enterprises Left Exposed Through GRC “Shelfware”

by Scott Goolik
November 27, 2018
in Featured, Risk
ERP program on tablet

The Underlying Issue with Many GRC Solutions

GRC software is especially critical in organizations that rely on enterprise resource planning (ERP) software – such as SAP or Oracle – to essentially run all aspects of their business, from the supply chain to finance. However, the GRC software that comes with it is often overly complex and seldom deployed, resulting in unused “shelfware” that leaves the enterprise exposed to risk and fraud. This article provides tips on how corporate compliance and risk managers can avoid the “shelfware” trap and always remain audit-ready.

If you buy a piece of software, but never deploy it, does it exist?

This philosophical question is broadly impacting the security and risk industries. Years of fearmongering forced companies to buy overlapping products they didn’t need, and now many have ended up putting them unused on a virtual “shelf” – commonly called “shelfware.”

Just as the executives of those companies falsely assume their systems are protected (given they have bought products for that purpose), corporate compliance executives are beginning to realize they may not actually be compliant, never mind audit-ready.

A key driver for the shelfware issue is complexity. Governance, risk and compliance (GRC) software is especially critical in organizations that rely on enterprise resource planning (ERP) software – such as SAP or Oracle – to essentially run all aspects of their business, from the supply chain to finance.

The ERP software itself is very complex, and the GRC software that comes with it – often “thrown in” to help close the deal – is just as complex. In the best case, it typically requires the IT department to deploy, customize and use it. In the worst case, it can turn into a whole new project that requires outside consultants to customize it for a specific enterprise’s environment, adding time and cost to what was previously viewed as a “free” and “easy-to-deploy” software system.

Unfortunately, requiring IT or outside consultants to make GRC software work takes ownership and management of GRC and access controls out of the hands of those who should be in charge: with business users. Corporate compliance executives are then left with GRC shelfware while the organization remains exposed to risk and fraud.

Here are some tips on how to avoid the GRC shelfware trap:

Explore All Your Options

Even if your organization has made a significant investment in an ERP system that comes with GRC software, check the other options on the market to see what will suit your unique needs and ensure fast deployment, adoption by business users and audit-ready compliance.

Nondisruptive Deployment

ERP software is the “heart and lungs” of most organizations, so whatever you deploy cannot distract your team from running the business and ensuring compliance. This is another leading cause of GRC shelfware.

Fast Time-to-Benefit

If getting real risk and compliance insight takes weeks, months or years, there is no value. GRC and access controls software should be able to provide comprehensible insight to your environment quickly, typically within hours and up to a few days.

Actionable Business Intelligence

If your GRC and access controls software is deployed and providing raw data, but your business users are unable to decipher what it means, there is no value. GRC software needs to speak the language of business users as well as risk and compliance teams, not software engineers or IT administrators.

Ready for Hybrid IT Environments

As enterprises increasingly look to hybrid cloud platforms during migrations of their ERP and other software, it’s important that GRC software is cloud-ready. This can ensure any upgrades or migrations do not create new holes in their segregation of duties processes or other access controls and potentially expose the company to increased fraud – or turn into yet another consulting project.

To avoid ending up being exposed by GRC shelfware, IT needs to provide the infrastructure and help automate processes. But at the end of the day, it’s up to business decision-makers to ensure how best to address risks and access controls and to use GRC software that is designed from that perspective.


Tags: enterprise resource planningGRC
Previous Post

Privacy Law Discussions: Who’s Leading The Way?

 Next Post

Boosting SR 14-1 and IFRS 16 Compliance

Scott Goolik

Scott Goolik is VP of Compliance and Security Services at Symmetry. A recognized expert in the field of SAP security and compliance, Scott has over 20 years of expertise in SAP security and is a regular presenter at SAP industry trade shows and ASUG events.

Related Posts

legal scales on blue background with binary code

Complying with California’s New Privacy Law

August 19, 2019
closeup of yellow clock

How Employers Should Prepare for the New Overtime Threshold

August 19, 2019
raining gavels on gray background

Global Rise of Collective Investor Actions Significant Risk for Companies

August 16, 2019
baggie of white powder and knife on black background

New DOJ Guidance: Credit for Compliance Program in Cartel Investigations

August 16, 2019
Next Post
reflection of digital screen on closeup of eye

Boosting SR 14-1 and IFRS 16 Compliance

Scce workshop
Internal auditor compliance event
Volkov's book about DOJ featuring a road sign on the cover
Compliance Job Interview Q&A

RSS SEC Litigation News

  • Crystal World Holdings, Inc., et al. August 19, 2019
    SEC Charges Issuer for Misleading Investors in the Sale of Unregistered Securities
  • Scott P. Strochak August 19, 2019
    SEC Charges Head Sales Agent in South Florida Alternative Investments Scheme
  • Samuel Brown, et al. August 16, 2019
    SEC Obtains Final Judgment Against Former Stock Promoter
No Result
View All Result

We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • Audit
  • Columns
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • HR Compliance
  • Leadership and Career
  • Mr. Monitor
  • News
  • Opinion
  • Podcasts
  • Resource Library
  • Risk
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • News
  • Podcasts
  • eBooks
  • Whitepapers
  • Videos

© 2019 Corporate Compliance Insights