From GRC to Great
Oracle’s acquisition of LogicalApps adds best-in-class capabilities.
by Ann C. Logue, August 2008
Sarbanes-Oxley may seem like old news, but issues of governance, risk, and compliance (GRC) are still fresh for business. New regulatory requirements are popping up everywhere. And laws aside, smart enterprises know that strong business processes keep daily activities on track. “Regulatory bodies around the world are trying to protect shareholders, and they’re demanding transparency,” says Chris Capdevila, founder of LogicalApps, a leading provider of automated GRC controls for enterprise applications, and now Oracle’s vice president of GRC Applications Strategy.
In October 2007, Oracle acquired LogicalApps, which provides governance controls that can be embedded into an enterprise resource planning (ERP) system. That helps companies set controls for real-time monitoring of access to and changes in inventory items, general ledger accounts, order-to-cash and procure-to-pay cycles, payroll, and other items. When compliance is easy, it becomes more effective. Business units can incorporate it into their workflow instead of resisting yet another request for information.
Oracle Governance, Risk, and Compliance Controls Suite lets companies collect useful compliance information through continuous monitoring and enforcement. It protects operations so that compliance activities add value rather than layers of costs and tasks. In addition, the system creates a tamper-proof audit trail designed with multiagency and multinational reporting needs in mind. Even before Oracle acquired LogicalApps, many Oracle customers already used the software to improve their compliance monitoring and reporting, so it was a perfect fit.
One LogicalApps customer is Intuit, makers of the well-known accounting and tax preparation software. At Intuit, the Controls Advisory Office works on high-risk activities that could create a drain on the company’s resources, such as business process risks, manual business controls, application functionality controls, and business process access controls. LogicalApps transformed compliance from a massive commitment of personnel to review manual controls and document exceptions after the fact into an ongoing process that helps the business hum along with automatic checks and notifications.
Another customer is Cymer, which makes excimer light sources used in semiconductor manufacturing. The company has implemented Oracle E-Business Suite, using applications ranging from Self-Service Human Resources to Purchasing. Management knew that the company had to comply with Sarbanes-Oxley, but they also wanted to get business value from the investment by creating strong yet efficient business operations.
The applications are embedded into the Oracle system to make GRC controls work for the organization, not just the regulators; the controls ensure business process integrity. This technology enables customers to automate GRC activities, such as enforcing proper segregation of duties in enterprise applications, reducing fraud with continuous monitoring of business transactions, and providing defensible evidence of a proper control environment. With LogicalApps, organizations are better able to enforce corporate policies in real time by embedding granular controls and monitors into their business applications. GRC becomes part of the business, not an afterthought.
“It’s not only the integrity of your reported numbers that’s at stake,” says Capdevila. “It’s the integrity of the business itself. Compliance has to be integrated into systems and the culture.”
The Compliance Challenge
The key to effective compliance, says Scott Mitchell, chairman and CEO of the Open Compliance and Ethics Group, a nonprofit organization in Phoenix, is to help business managers understand the risk and requirements of their business so that compliance can become integrated into what they do every day. Good compliance is part of the annual strategic plan. Bad compliance? That’s driven by inflexible corporate oversight done with little understanding of the core functions of the business.