James Governor's Monkchips

Lumigent: An App Savvy Approach to Governance, Risk and Compliance

Share via Twitter Share via Facebook Share via Linkedin Share via Reddit

Lumigent recently got a new CEO- a guy called John Capobianco. He is refocusing the company in some interesting ways. What I find most refreshing about the Lumigent GRC story is that its all about compliance hardening existing applications. Lumigent’s strategy is to work with packaged applications vendors to harden their apps for compliance purposes-reporting to industry standards, monitoring user access logs and so on.

I recently received one of John’s opinion pieces where he described GRC as the new ERP. How could I not agree? I have argued the same thing! Recent events in financial services make it even more imperative that organisations treat compliance as a shared service, with a shared flexible infrastructure. You can rest assured the new Obama executive is going to create a lot of new compliance legislation. If you bought a solution to SOX unfortunately that isn’t going to cut it. A compliance oriented architecture would have been a better investment. Given the period of rapid change in risk management and compliance that we currently face I am thinking I will probably dust of our COA model, rename it GRC, and see if we can build some community momentum around it. In 2004 organisations weren’t ready to think strategically about compliance, and keeping costs down (we heard a lot of whinging about SOX from public companies, but didn’t see many really smart compliance efforts)

What is important right now is probably ensuring that your packaged apps can deliver compliance capabilities without you having to do the work. The first two apps to be hardened are PeoplesSoft Financials and Deltek Costpoint. Customers include GAP and Bank of America.

2009 could be a good year for Lumigent.

disclosure: not much to say. Lumigent is not a client. SAP is.

2 comments

  1. […] James Governor’s Monkchips » Lumigent: An App Savvy Approach to Governance, Risk and Compliance What I find most refreshing about the Lumigent GRC story is that its all about compliance hardening existing applications. Lumigent’s strategy is to work with packaged applications vendors to harden their apps for compliance purposes-reporting to industry standards, monitoring user access logs and so on. (tags: compliance grc redmonk lumigent jamesgovernor) […]

  2. Ah, the price of selective prescience: right architecture, wrong name! The moniker, Compliance Oriented Architecture, makes perfect sense: that’s where most companies are feeling the regulatory pain – on the IT and the business side of the house. Once the auditors show up, the meter starts running (so do the CIO, CFO, controller, compliance officer and assorted personnel). And for most companies, that meter keeps running well into the millions of dollars by the time all the questions and material weaknesses and deficiencies have been addressed. You can bet your last Monkchip that companies are thinking about compliance strategy now. So, definitely, dust off your COA, rename it GRCOA, and get ready for wild and woolly 2009. It could be a good year for both of us!

    John Capobianco
    President and CEO, Lumigent Technologies

Leave a Reply

Your email address will not be published. Required fields are marked *