CA Technologies And SAP Reduce The Risk In Risk Management

CA Technologies and SAP recently announced a collaborative partnership to help their customers better manage risk and compliance initiatives across both business and IT infrastructure processes. That has the potential of both reducing the risk in risk management, as well as the risk in not being compliant. Before we examine the CA Technologies and SAP partnership specifically, let's consider its broader context. Beyond the "real" physical world our five senses were designed to perceive lies the non-physical world of information and its related processes. Despite being intangible, information is one of the foundations of our society for individuals and organizations. Consider the consequences if your bank account information electronically disappeared.

Both publicly and privately held companies face real-world risks related to information assets that can disrupt business process with unpleasant consequences, such as loss of revenue, loss of market share and unfavorable publicity. So it comes as no surprise that risk management is one of the primary responsibilities of any business, but more and more businesses are including risk management in a broader context called Governance, Risk Management and Compliance (GRC for short). Now, many GRC initiatives begin as planning exercises (and planning is a necessary step), but IT vendors are focusing on how software that manages processes dealing with information can actively enable or complement visibility, control, and decision-making that makes GRC an active concept going beyond passive planning activities.

Of course, that is where the CA and SAP collaboration comes into the story. Note that the companies typically play in very different IT market spaces. CA plays in the IT infrastructure management, and SAP plays in business process applications.

These are two different domains: the business process domain that captures and processes information, such as financial or supply chain data, that is external to IT and the IT infrastructure domain dealing with information, such as security or the health of hardware components, which is internal. The two companies describe the business processes domain as being "above the line" in that the business users are the ones that pay attention to the information, and the IT infrastructure as being "below the line" in the sense that IT administrators are most concerned with it.

Now each domain has information important to it alone. For example, let's take supply chains where disruptions can have significant financial and customer satisfaction consequences. In many or even most organizations, information and processes related to ineffective demand forecasting and scheduling are the exclusive domain of the business user, and information on whether all the supply-chain databases are backed up correctly is the sole province of IT.Yet, there is information captured by IT about the IT infrastructure that can potentially enrich business users' decision-making and strategizing. In essence, this is what the CA Technologies/SAP partnership is all about. What CA Technologies and SAP are doing is linking business processes to key performance indicators which measure risk, to the necessary responses, which are the actions that need to be taken to mitigate the risk. For example, information from CA products, such as CA's Introscope, can be made available to business users concerned with the performance of Web application management.

Is this significant? Potentially, yes. To be effective, GRC needs to go beyond passive planning to perform a more active business role. Although the two domains, application and infrastructure, have separate roles, in many instances information captured in the infrastructure domain can enrich business users so they can monitor, interpret its importance, and take the necessary actions in a timely manner to eliminate risks or ensure compliance.

For example, if CA passes information to SAP GRC software about databases slowing down, the business users may have some insight on why that is happening, such as a surge in orders or other external cause. Business users and IT can work out whether the issue is normal and temporary or perhaps symptomatic of a previously unknown systemic issue that requires remediation. The goal is for both domains to able to work together more closely to enhance business governance by maximizing the efficiency of applications and processes, reduce risks such as supply-chain disruptions and ensure compliance, such as properly managing and securing financial information related to Sarbanes-Oxley. That is GRC made real.

For businesses in general, CA Technologies and SAP are recognized as large, well-known, reliable and successful vendors with rich and diversified product portfolios. Still, partnerships in the IT space often struggle to survive much beyond their initial press announcements. So what is different about SAP, a business applications vendor, and CA, an IT infrastructure vendor, that would enable the partnership to be successful in terms of the bottom line to both companies and significant in terms of customer acceptance?

First, the two companies are in such different software product domains that any partnership is almost automatically additive and not competitive. Second, their mutual self-interests are congruent. That is to say that both would derive benefits if customers can take advantage of the fruits of the partnership, but that just means that the pair are likely to be able to work well together. For both revenue success and significant customer acceptance, both companies are going to have to work closely together to clearly articulate numerous areas where the integration they propose can have a real impact. Since the partnership has just been announced, these points have not all been worked out. While the success of their efforts will only become known in the future, CA and SAP's past successes and deep expertise in their relative domains suggest that they should be capable of meeting this challenge. Disclaimer: At the date of posting, neither CA or SAP are clients of the Mesabi Group or David Hill.