We've all heard lots of hype around the topic of GRC lately (Governance, Risk Management, and Compliance).  Yet, sometimes hype occurs because there are significant business benefits associated with a technology area, and this is the case with GRC.

The challenge, though, with IT GRC is that there has not been a unified approach to the integration of IT controls with GRC management solutions.   There are some GRC vendors who offer comprehensive solutions for GRC management, but without direct integration with IT controls, the information managed by these solutions is generally neither timely nor necessarily accurate.  And, without high quality IT controls status information, the overall business benefit of GRC management decreases significantly.

CA recently announced a partnership with SAP in order to leverage the leadership of the CA IT controls with the SAP GRC management solution.   This announcement is interesting because it really does leverage the best of both of these leadership areas.  Part of the announcements was a roadmap for integration of some of the CA IT solutions with the SAP GRC product.  This integration will help to bridge the "risk and compliance silos" so that executives can achieve a more unified, consistent view of risk and compliance across all of IT.

As part of this ongoing partnership, I recently wrote an article for SAP Insider that describes this approach, and some of the benefits that it can provide.  A copy of the article can be found on this page.  It's the last article in the list - if you'd rather not subscribe to SAP Insider, just drop me an email sumner.blount@ca.com and I'll send you the the article.