(The following is also available over at Approva’s Audit Trail.)
The deal has been announced and will finally be done in November. Nobody is particularly surprised that Oracle is buying LogicalApps, least of all, us here at Approva. With this transaction Oracle will now have a controls automation tool needed to continue its fight with SAP. Analysts, bloggers, and prospective customers have asked: where does this leave Approva and the answer is – exactly where we want to be: Approva remains the independent controls monitoring company – and the only one with the proven ability to work across applications, in multiple platforms and for any kind of control.
Oracle (and similarly SAP) are taking the approach of strongly tying and embedding their controls monitoring tools in their ERP packages. What’s wrong with this approach? It is fundamentally too limited in scope and vision. Yes, managing controls in ERP systems is critical, especially in a SOX world. But, a tool that scopes controls automation down to SoD analysis for a specific ERP package (and, for that matter, a specific version therein) can only provide a keyhole view and doesn’t truly serve the GRC needs of the enterprise. Since LogicalApps only addressed Oracle E-Business Suite, with this acquisition Oracle continues to neglect its red haired step children: PeopleSoft, JD Edwards, Hyperion, Siebel… where’s the controls love for them?
To say that governance, risk, and compliance (GRC) is an ill-defined piece of buzzword bingo may be the understatement of the last few years. If someone says they have a complete GRC platform to meet all enterprise needs, kindly escort them out of the building via the nearest window. The point is that we, vendors, service providers, and customers, are still feeling out what truly needs to be in a complete GRC solution set and over time “GRC” will continue to evolve before it solidifies into a commonly accepted set of capabilities. Accepting this limited definition of controls automation that ERP vendors are serving up will cost their customers and force them to reinvest over time. By definition, a constrained, embedded approach to controls automation is shortsighted. It cannot meet the future needs of GRC because it cannot adapt to other systems and other processes that will eventually fall under the controls monitoring umbrella.
Approva’s approach has been and will continue to be fundamentally different. By staying independent and ERP agnostic, while at the same time providing rich domain expertise in those ERP packages, we provide customers better controls monitoring capabilities than the ERP vendors. We do this not only in these ERP applications, but we also provide the ability to do so in any application. Furthermore, we do this for any kind of automate-able control, be it traditional authorization-related segregation of duty or any kind of business process that our customers and business partners dream up. And we do all of this without the premium or baggage associated with ERP vendors.
Freedom to monitor any kind of control. Freedom to leverage our deep domain expertise as well as that of our partners in the audit world. Yep, staying independent is all about freedom for Approva and it is this freedom we give to our customers – even Oracle’s red haired step kids. I may not know what the final definition of GRC will be, but I do know that Approva’s independent approach to controls monitoring will serve its customers better than any controls monitoring tool shackled to just a single ERP package.
Ian:
Thanks for the heads-up. I’m glad that you are still independent.
Mark
I think all of the posts here neglect the commerical picture, of at least what my research on the SOX ERP market uncovered in my MBA Thesis.
LogicalApps was started as a provider of Control Automation for SAP.
They lost out in that market place to VERSA (Market leader of controls in SAP). From what i understand Approva is moving into the JDE market with ApprovaOne over the last 12 to 18 months to stay alive.
They’ve come up against the likes of Q Software Global who have been provided GRC/IC for over decade, well before A) SOX and Compliance was an issue B) Before most of the new-age vendors of controls existed.
Auditors want the most simplistic approach to delivering audit reports. What auditors tend not to think about is the management and change control of security outside of the quarterly/bi annual audits that take place……
thats why the JDE CNC wants the simplest and most seamless technology solutions, that install easily, do not require multiple systems/databases built off there JDE Boxes…
When you shop you want a single stop shop/mall/website…thus vendors feel that they pay large amounts of support to ERP companies like Oracle and thus by acquiring them they will add better value for the customers.
As for independence!!! Approva are aligned with E&Y – they have at least won several of there awards, for which i don’t even think any of the other IC vendors were even considered….thats just an illusion on independence….
I think TheArtOfAudit missed my point on independence. Approva is not tied to any one ERP platform unlike LogicalApps and Virsa. There is no illusion there, just the simple reality that Approva provides cross-platform, cross-application controls monitoring for its customers day in and day out.