Deliver Your News to the World

SAP Expands Its Market-Leading Family of Governance, Risk and Compliance Management Solutions


Holistic Governance, Risk and Compliance Management Applications
Address Global Public and Private Sector Challenges Across the Entire Enterprise;

SAP Adds Three New Applications and Highlights Relationship with Cisco Systems

SAN JOSE / PALO ALTO, Calif. - September 06, 2006 - SAP AG (NYSE: SAP) today announced the expansion of its market-leading portfolio of solutions designed to help large and small enterprises manage governance, risk and compliance (GRC). SAP said it will be adding three new products to its robust GRC offering, a portfolio that already comprises dozens of products spanning numerous GRC requirements for multiple industries. SAP is delivering a unified foundation that allows for a comprehensive GRC solution, which provides proactive transparency across the entire enterprise. SAP also announced a strategic relationship in North America with Cisco Systems, Inc. to enhance the effectiveness of SAP® solutions for GRC by taking advantage of the Cisco Service-Oriented Network Architecture (SONA) within the IT network infrastructure (see related announcement at

SAP solutions for GRC deliver integrated applications that manage business process and IT infrastructure risks as well as operational and corporate-level risk across the entire enterprise. SAP announced today it will enhance this market-leading portfolio with the launch of three new applications—SAP GRC Repository, SAP GRC Process Control and SAP GRC Risk Management. The portfolio of proven applications addresses the specific GRC requirements of public sector organizations and companies across diverse industries, including, chemicals, financial services, oil and gas, pharmaceuticals and utilities.

“IDC believes that effective governance, risk and compliance management requires an ecosystem of solutions that form a platform that can be leveraged across multiple initiatives,” said Kathleen Wilhide, research director for Compliance and Business Performance Management (BPM) Solutions research, IDC. “By combining legacy solutions with the product portfolio of SAP’s recent acquisition of Virsa, SAP offers the opportunity for organizations to integrate flexible governance, risk and compliance capabilities and implement processes that support continuous governance and enhanced performance.”

New Applications Provide Foundation for Enterprise-Wide GRC Solution
Building on its existing GRC offerings, SAP today announced three new service-oriented architecture (SOA)-based applications designed to create a governance, risk and compliance foundation for all types of companies. SAP solutions for GRC will work together to serve as the building block for an end-to-end compliance solution. Built on top of this foundation will be enterprise services that meet the rigorous requirements of numerous industry-specific GRC mandates. SAP will drive continuous innovation on top of each of the three new GRC applications.

* SAP GRC Repository will document and maintain GRC information in a single central system of record, including corporate policies, board of director minutes, regulations, compliance and control frameworks as well as key business processes. SAP GRC Repository will also store and link risk and control libraries to multiple control frameworks and to international regulations. This centralization of key GRC information simplifies risk management, promotes business transparency and cuts the costs associated with GRC initiatives.
* SAP GRC Process Control will offer a risk-based approach that aligns key controls to business risks in order to promote desired employee behavior and optimize business processes. The process control application will automatically aggregate business process risks for the entire enterprise, provide supporting evidence of compliance, pinpoint control violations to prioritize corrective action and prevent material weaknesses from developing and persisting. The software will integrate automated control monitoring for SAP and non-SAP applications.
* SAP GRC Risk Management will help customers to implement collaborative risk management processes that provide a thorough analysis of key business risks at multiple levels of the enterprise, across organizational entities, business processes and IT infrastructure. SAP has designed intuitive and collaborative processes to guide professional risk managers and business owners in identifying financial, legal and operational risks, analyzing business opportunities in light of these risks, and developing appropriate responses.

General availability for SAP GRC Repository and SAP GRC Process Control will be November 30, 2006. SAP GRC Risk Management will ship in December 2006. All three products will be sold individually. (For additional information about SAP solutions for GRC please visit or see the addendum to this announcement at

“Cephalon recognized the efficiency and value of process control tools early on and we successfully implemented an early version of SAP GRC Process Control,” said Bryan Reasons, vice president, Risk Management, Cephalon, Inc. “With the full release of SAP GRC Process Control, we expect to gain a cost-effective balance of continuous monitoring and automated manual controls. This is particularly important in achieving our financial and regulatory compliance objectives.”

Strong GRC Expertise, Broad Solution Scope, Holistic Framework
The new applications build on SAP’s deep expertise and existing solutions for wide-reaching compliance requirements for different vertical industries while grouping all governance, risk and compliance solutions under an integrated GRC framework. SAP is the only enterprise software vendor to deliver GRC solutions that range from anti-terrorism, to anti-money laundering, to Basel II, to Solvency II, to data privacy, Sarbanes-Oxley compliance and beyond.

SAP’s approach to GRC enables companies and governments to establish an integrated framework of centrally managed GRC processes and information, thus enhancing their ability to identify and collaboratively analyze risks identified at multiple levels and regional locations of their organizations.

“As a U.S.-based company, Xerox was looking for an efficient solution to sustain control compliance across the Xerox Europe SAP landscapes in accordance with Sarbanes-Oxley legislation,” said Ben Christensen, service delivery manager, Xerox Europe. “These controls span users, roles and processes that all require access and authorization evaluation, testing, and remediation. We opted for three SAP solutions for GRC-Virsa Compliance Calibrator, Access Enforcer and Firefighter-to achieve real-time compliance using preventative, detective and mitigating controls. As a result, we have control of segregation-of-duties (SoD) issues and a robust system to identify control gaps and remediate risks.”

SAP solutions for GRC are designed to automatically monitor business process and IT controls to manage entity-level and IT risks at all levels of the organization. This integrated approach provides “CXOs”-C-level executives across various roles, from CEOs, CIOs and CFOs to chief compliance and chief risk officers-with an actionable dashboard that presents a complete and accurate risk profile of the organization and also detects high risk events and prioritizes risk responses and corrective or preventive action.

“Today’s CXOs need to boost business transparency and predictability in order to protect brand reputation and ultimately to increase stakeholder value,” said Doug Merritt, executive vice president and general manager, Suite Optimization, SAP. “To best support strategic objectives, they need software solutions that enable full transparency into business performance, foster predictable business results and ensure business process sustainability. SAP’s integrated portfolio solves the challenges of fragmentation across management organizations, IT systems and operating regions. With SAP’s comprehensive solutions to identify and respond to risks, implement proper governance and help ensure compliance, C-level executives can better focus resources to accelerate innovation and growth with confidence.”

Ongoing Commitment to Compliance Market
On May 12, 2006, SAP completed the acquisition of Virsa Systems and incorporated its existing rich portfolio of horizontal and industry-specific compliance software under a newly formed GRC business unit. (See May 17, 2006 press release, titled “SAP Launches Governance, Risk and Compliance Management Business Unit to Lead New, Emerging Market.”) Currently more than 1,000 companies worldwide use SAP solutions for GRC. With the aim of helping companies make GRC an integral part of their business and IT strategies, the dedicated unit leverages SAP’s deep expertise and existing software for wide-reaching compliance requirements such as the Sarbanes-Oxley Act in the United States; applications such as SAP® Global Trade Services to help companies across diverse industries manage international trade compliance challenges; and solutions for distinct industry demands including emissions standards in chemicals and utilities sectors, FDA requirements for pharmaceutical companies and Basel II for the banking sector.

About SAP
SAP is the world’s leading provider of business software*. Today, more than 34,600 customers in more than 120 countries run SAP® applications-from distinct solutions addressing the needs of small and midsize enterprises to suite offerings for global organizations. Powered by the SAP NetWeaver® platform to drive innovation and enable business change, SAP software helps enterprises of all sizes around the world improve customer relationships, enhance partner collaboration and create efficiencies across their supply chains and business operations. SAP solution portfolios support the unique business processes of more than 25 industries, including high tech, retail, financial services, healthcare and the public sector. With subsidiaries in more than 50 countries, the company is listed on several exchanges, including the Frankfurt stock exchange and NYSE under the symbol “SAP.” (Additional information at

(*) SAP defines business software as comprising enterprise resource planning and related applications such as supply chain management, customer relationship management, product life-cycle management and supplier relationship management.

Any statements contained in this document that are not historical facts are forward-looking statements as defined in the U.S. Private Securities Litigation Reform Act of 1995. Words such as “anticipate,” “believe,” “estimate,” “expect,” “forecast,” “intend,” “may,” “plan,” “project,” “predict,” “should” and “will” and similar expressions as they relate to SAP are intended to identify such forward-looking statements. SAP undertakes no obligation to publicly update or revise any forward-looking statements. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations The factors that could affect SAP’s future financial results are discussed more fully in SAP’s filings with the U.S. Securities and Exchange Commission (“SEC”), including SAP’s most recent Annual Report on Form 20-F filed with the SEC. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of their dates.

Copyright © 2006 SAP AG. All rights reserved.
SAP, R/3, mySAP,, xApps, xApp, SAP NetWeaver and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serve informational purposes only. National product specifications may vary.

For customers interested in learning more about SAP products:
Global Customer Center: +49 180 534-34-24
United States Only: 1 (800) 872-1SAP (1-800-872-1727)


This news content was configured by WebWire editorial staff. Linking is permitted.

News Release Distribution and Press Release Distribution Services Provided by WebWire.