|
(CFOZone) By Ronald Fink
To hear software vendors SAP and CA Technologies tell it, companies are asking for trouble by failing to integrate the computer systems that manage the governance, risk and compliance (or GRC) of their business processes with those that oversee their technology security, service assurance, and project and portfolio management.
Most companies, the vendors say, run separate systems to manage their supply chain or comply with Sarbanes Oxley, for example, and to oversee their IT departments' initiatives in those areas. But that's a formula for everything from missing revenue and earnings targets to falling victim to fraud, according to the vendors' representatives.
"Most organizations manage their IT GRC separately from the rest of their GRC efforts; this increases cost and risk to the organization," Dave Hansen, general manager of the Management Products and Solutions and Security customer solutions units at CA Technologies, said in a press release today.
To address that issue, SAP and CA Technologies have collaborated so that their technologies can help companies make sure their systems for managing IT are linked with those that manage their business.
Without combining IT GRC efforts with business GRC initiatives, companies may not be able to understand the full impact of a delay in processing transactions within the supply chain, Tom McHale, vice president of product management at CA, insisted in an interview with CFOZone on Monday.
Thanks to the collaboration of SAP and CA Technologies, McHale said that companies can measure the efficiency of transactions and thereby "quantify the cost of delay" in terms of forgone revenue.
Equally important, added James Dunham, group vice president of SAP GRC solutions, companies can use the technologies to more closely monitor their potential exposure to fraudulent transactions.
Dunham observed that when the GRC systems for business and IT processes are not integrated, companies run a far greater risk of fraud, simply because the segregation of duties that SarbOx requires to be in place within the financial department may not match up with those on the IT side.
More specifically, Dunham explained, an individual who normally has only one financial duty might be able to manipulate the results of others, thanks to access he or she has been granted to the computer systems that automate the company's financial processes.
Without solutions from SAP and CA Technologies, he added, checking to see that such an employee is not abusing his or her access to the IT system is "hit or miss," so "you can't make a decision" as to whether or to what extent that is occurring.
Only registered users can write comments.
Please login or register. |
