Lumigent recently got a new CEO- a guy called John Capobianco. He is refocusing the company in some interesting ways. What I find most refreshing about the Lumigent GRC story is that its all about compliance hardening existing applications. Lumigent’s strategy is to work with packaged applications vendors to harden their apps for compliance purposes-reporting to industry standards, monitoring user access logs and so on.
I recently received one of John’s opinion pieces where he described GRC as the new ERP. How could I not agree? I have argued the same thing! Recent events in financial services make it even more imperative that organisations treat compliance as a shared service, with a shared flexible infrastructure. You can rest assured the new Obama executive is going to create a lot of new compliance legislation. If you bought a solution to SOX unfortunately that isn’t going to cut it. A compliance oriented architecture would have been a better investment. Given the period of rapid change in risk management and compliance that we currently face I am thinking I will probably dust of our COA model, rename it GRC, and see if we can build some community momentum around it. In 2004 organisations weren’t ready to think strategically about compliance, and keeping costs down (we heard a lot of whinging about SOX from public companies, but didn’t see many really smart compliance efforts)
What is important right now is probably ensuring that your packaged apps can deliver compliance capabilities without you having to do the work. The first two apps to be hardened are PeoplesSoft Financials and Deltek Costpoint. Customers include GAP and Bank of America.
2009 could be a good year for Lumigent.
disclosure: not much to say. Lumigent is not a client. SAP is.