Dashboard Insight recently spoke with Oracle's Chris Leone about his varied BI products, his customers and the target audiences for his GRC solutions.
Dashboard Insight: What areas of the B.I. stack do your GRC solutions cover?
Chris Leone: Oracle GRC Intelligence, part of the Oracle GRC Applications Suite, monitors risk and compliance programs across the enterprise, automatically highlighting areas of control weakness and unacceptable levels of risk. The solution is built on Oracle’s industry-leading BI foundation to provide interactive role-based dashboards, full ad hoc query and analysis, and proactive intelligence delivery and alerts. These capabilities empower users at all levels – from front-line operational users to senior management – with the critical information they need to meet regulatory compliance requirements and effectively manage risk.
DI: Oracle is the largest business software company in the world. How do you assure all your customers (big and small) that they are getting a successful business-specific GRC solution?
CL: We commit to our customers’ success in three ways:
- Deliver best-in-class GRC solutions. The Oracle GRC Applications Suite is a robust solution that not only helps our customers meet current regulatory requirements today, it also provides a strategic platform for meeting future requirements with pervasive risk insight and analytics, cross-industry and industry-specific GRC process management, and leading controls enforcement and integration with information security technologies. Oracle was ranked as a leader in Enterprise GRC Platforms in the latest Gartner GRC Magic Quadrant.
- Provide unparalleled service through a global 24x7 support network. We are focused on delivering exceptional customer service to drive business value for our customers and to enable them to achieve maximum success with their Oracle solutions.
- Strengthen the Global GRC Partner Ecosystem. By working with key audit firms, risk consultancies and systems integrators, Oracle accelerates the time to value for our customers as they select and deploy GRC solutions. Our rich partnerships also drive further innovation in the GRC space with joint research and development investments.
DI: You have more than 15 GRC products listed on your site. With such a vast line of GRC offerings, how is a potential customer to know where to start?
CL: GRC is a broad market space itself. At Oracle, we categorize these solutions into three simple and logical segments: GRC Reporting and Analytics, GRC Process Management and finally, GRC Controls.
Our customers typically start with their biggest pain point. For example, they might have a need to automate segregation of duties enforcement in enterprise applications. So they would begin with Oracle GRC Controls. Or, if a customer wants to build an ISO 14001 framework for environmental compliance, then they would begin with Oracle GRC Manager. If a customer is concerned with database administrator access, then they would begin with Oracle Database Vault.
The key take-away is that Oracle provides the most complete and integrated GRC solutions available in the marketplace. We invest in best-in-class solutions and do the heavy-lifting to ensure the modules work together, so that our customers don’t have to. Our clients can rest assured that our solutions will help them address their most critical needs today, while building a sustainable foundation to support future requirements.
DI: Can you elaborate on how the Oracle Fusion GRC Intelligence (GRCI) solution delivers both out-of-the-box dashboards and pre-delivered metrics for on-the-spot analysis?
CL: GRCI delivers KPIs and role-based dashboards that track the progress of risk and control activities while spotlighting specific areas of concern such as unmitigated risks and ineffective controls. Specifically, users can view the status of control testing, aging of open issues, financial statement certifications, audit findings and other critical GRC processes. Users can easily obtain the status of specific sign-offs, unsatisfied control objectives and ineffective controls across processes or the entire organization. At the same time, detailed information remains readily available from the reports through drill down and guided navigation capabilities.
Examples of pre-built analytics include risks KPIs, certification KPIs, control KPIs, access policy KPIs and more.
DI: What’s the process if someone wanted to evaluate your solutions?
CL: Oracle has solution specialists worldwide who are ready to engage with customers to help them identify, evaluate and acquire the right solution for their needs.
For customers who are in the early stages of research, we’ve provided an online SolutionSpace where they can view brief demos, download whitepapers and datasheets, and find out about live events and conferences that showcase Oracle GRC applications.
The Oracle GRC applications SolutionSpace is at this URL: http://www.oracle.com/webapps/dialogue/dlgpage.jsp?p_ext=Y&p_dlg_id=6755039&src=6642152&Act=21
DI: Tell us about your customers, what key clients are using your solutions?
CL: Oracle GRC customers come from every industry including high tech, manufacturing, financial services, state, local, and federal governments, life sciences, and professional services. Our customers include publicly traded corporations as well as privately owned companies. In size, our customers range from mid-side to large enterprises.
Some of our key customers include Intuit, Unum, Sapient, United States Postal Service, and Switch and Data.
DI: Who are the target audiences within an organization for GRC solutions? Is this changing or broadening?
CL: There are three main target audiences for GRC solutions:
- Finance (CFO, Controller, Finance VPs)
- Audit and Risk Management (CRO, CAO, Risk Manager, Internal Auditors)
- IT (CIO, CSOs, IT Directors, Application Security Managers).
The office of finance and audit are the stewards of financial reporting and business process integrity so they have traditionally played a pivotal role for GRC solutions.
IT executives and information security officers not only advise their organizations as technology experts during the selection of GRC solutions; they also use GRC solutions themselves to manage compliance with IT service level and security policies.
In the past, risk management has been associated with hazard avoidance or insurance but now organizations are taking a broader view of risk, moving towards operational risk management, so risk managers within organizations are being charged to review solutions that can help with risk identification, assessment, monitoring and reporting.
DI: Is Oracle seeing more companies looking to integrate their GRC solutions with other business applications, such as business intelligence? What opportunities does Oracle offer here?
CL: Absolutely. GRC solutions help organizations apply sound practices for proper oversight and control. A key requirement therefore is for GRC solutions to integrate with other business applications such as ERP and CRM solutions where critical business transactions are processed every day. Oracle GRC Controls, part of the Oracle GRC Applications Suite, provides embedded controls monitoring to enforce proper segregation of duties, configuration change management, and transaction verification.
Another critical point of integration is for GRC solutions to use business intelligence technology in order to provide the levels of transparency and analytics that are critical to proactive compliance and risk management. Oracle GRC Intelligence, another component of the Oracle GRC applications suite, is natively built on Oracle’s BI foundation to help deliver early and pervasive insight to customers.
Another request we have seen from customers is to integrate application controls monitoring with user provisioning. Oracle GRC Controls are therefore integrated with Oracle Identity Management to provide compliant user-provisioning across the enterprise.
Finally, as part of improving financial reporting integrity, there is a need for GRC solutions to be integrated with the critical financial consolidation and reporting solutions that help to generate the corporation’s financial statements. Oracle GRC Intelligence is integrated with Oracle’s Hyperion Financial Management solutions to provide that closed-loop control over the financial close process.
DI: Have the recent economic troubles affected the demand for your line of GRC products?
CL: The recent volatility in the economic environment has affected the demand for GRC solutions by renewing the focus on cost effectiveness and ROI. Organizations today want to invest in solutions that are proven and backed by financially stable providers.
There is also the realization that economic volatility is giving rise to an increasing scrutiny from regulators. So the pace of regulatory change is not going to abate any time soon. Therefore organizations are looking to the future and realizing that they need to take a more strategic, platform-based approach to compliance and risk management; otherwise they will not be able to address future requirements in a sustainable manner and their costs will spiral out of control.
DI: What trends does Oracle see for the GRC market?
CL: One of the top trends is the rationalization of fragmented efforts that currently characterize compliance activities. While Sarbanes-Oxley and other financial reporting mandates have driven the need to prove the effectiveness of financial controls, it is only one of the many mandates that affect firms around the world. Increasingly we are starting to see CFOs and CIOs broadening their view of risk and compliance, and looking for ways to reduce the duplication, manual efforts, and high costs associated with their current compliance programs.
Another trend is the increasing concern around fraudulent activities in the enterprise. Industry consolidation and the resulting corporate restructuring efforts threaten to throw existing controls such as segregation of duties into disarray. In fact, the Public Company Accounting Board (PCAOB) recently issued an alert to auditors asking them to pay closer attention to company financial statements due to the heightened pressure on executives and managers, leading to more potential instances of corporate misconduct.
Finally, we are seeing emerging interest in risk management. Companies today have to take on more risk in an effort to remain competitive. For example, firms are expanding into markets they are unfamiliar with; they are outsourcing processes to third-party service providers; they are extending support to ailing suppliers and customers. Because of this, executives want to manage risk in a more strategic fashion, and incorporate stronger risk discipline and transparency into their planning processes.
DI: What new products or developments can we expect from Oracle in future months?
CL: GRC is a critical concern for Oracle’s customers and I’m very excited about continuing to innovate to serve their needs. Our customers are looking for the next level of functionality in a number of different areas.
- GRC Controls Automation – by automating and embedding controls directly into core business applications, clients can increase the effectiveness of their internal controls while reducing the amount of time and effort spent from manual testing and verification.
- Financial Governance – by integrating their financial consolidation and reporting software with compliance process and controls automation, clients can target the financial period close process which accounts for the majority of material weaknesses uncovered during financial statement audits.
- Risk Management – clients are evolving towards relevant risk management, not just to avoid the risks associated with compliance failure, but increasingly to make risk-aware decisions that will positively impact business performance.
Chris Leone is Group Vice President of Applications Product Strategy for Oracle's Fusion Applications Suite inclusive of the ERP and CRM functional domains. In this role, Mr. Leone is responsible for driving the business requirements, functional investment priorities and broader business strategies for these areas. He is also responsible for the strategy and development process of the emerging GRC Applications Suite.
For the last 16 years, Mr. Leone has been developing enterprise software applications for large and mid-enterprise companies. At PeopleSoft, Mr. Leone was responsible for the product management activities of the company's Financial Management and Enterprise Performance Management product lines. Prior to joining PeopleSoft, he was Vice President of Marketing and Product Management at Hyperion, where he was responsible for product strategy of business performance management solutions.
Mr. Leone earned his bachelor's degree in accounting and finance and a master's in finance and management from Loyola Marymount University.