SOURCE: Approva

November 26, 2007 11:00 ET

Governance, Risk and Compliance Strategy Still a Priority Despite Business Challenges and Lack of Holistic Approach

Investment in Risk-Based Compliance Can Make GRC a Reality; SOX Efforts Pay Off

RESTON, VA--(Marketwire - November 26, 2007) - The lack of a single point of ownership and accountability seems to be a major roadblock to a successful Governance, Risk and Compliance (GRC) strategy, but an overwhelming majority of public company executives remain committed to implementing a GRC plan in the near future despite organizational challenges. Approva® Corporation, the leader in continuous controls monitoring and audit automation software, recently conducted a state of the GRC industry survey to examine public companies' perception of the three-lettered acronym that is gaining traction in the boardroom. More than 200 respondents from publicly traded companies responded to the Approva GRC survey. Respondents included internal and external auditors, IT, finance and compliance professionals; with nearly 60% representing companies with one billion or more in annual sales.

As expected, lack of executive ownership, limited coordination among functional groups and pallid funding remains problematic. However, the majority of those surveyed have a governance, risk and compliance plan in place.

"Battle-worn from the years of implementing Sarbanes-Oxley programs, compliance groups now understand how to make governance, risk and compliance a reality out of existing and future investments," said Prashanth "PV" Boccasam, CEO of Approva. "The majority of the respondents are using or plan to use commercial software to automate compliance efforts and realize the value of extending corporate investment towards a well governed risk management process. Enterprises are now starting to understand that good governance translates into good business."

Key Findings Include:

 --  56% have a GRC strategy in place, with 84% believing that governance,
     risk and compliance should be viewed holistically

 --  Nearly half are using or plan to use a commercial software solution
     to automate compliance efforts

 --  59% of respondents believe no single point of ownership and
     accountability to be the biggest challenge to implementing a GRC plan
     within their company

 --  82% of respondents believe that ease of use is a key factor in
     evaluating GRC software.

 --  The top five benefits from IT controls and compliance investments,
     according to survey respondents, are:

        -  successful audit results
        -  overall business process improvements
        -  reduced risk of fraud and mistakes
        -  reduced time spend monitoring and testing IT controls
        -  reduced time spent preparing for and supporting IT audit

"There needs to be a paradigm shift in how companies transform the benefits realized from their Sarbanes-Oxley investments to a more long term risk-based approach to governance and compliance," said Scott Mitchell, CEO, Open Compliance and Ethics Group (OCEG). "The first step towards employing a GRC strategy to drive business performance is to get the right people in the room to speak the same language, and that's the challenge most companies are currently dealing with."

"With more than five years of Sarbanes-Oxley compliance under our belts, public company CFOs have now learned how to effectively address regulatory requirements, obtain executive sponsorship for major initiatives and realize business benefits from controls," said Michael P. Cangemi, CEO of Financial Executives International (FEI), the professional association of choice for senior financial management and reporting best practices. "The next level in corporate governance is to align the CFO, CIO and CSO organizations to join hands as partners in GRC."

"The landscape is too complicated with too many silos," said Paul van Kessel, partner of Ernst & Young (E&Y). "Over the last five years, companies made huge progress in managing their financial and related IT risks. The focus is now on two related topics. First: decrease the cost of compliance by elimination, simplification, standardization and automation of controls and second: integration of the financial risk management frameworks and approaches with enterprise risk management and business improvement initiatives."

Available Experts

The following experts can discuss Approva's governance, risk and compliance survey, as well as provide commentary on the corporate environment surrounding GRC programs and initiatives:

-- Michael P. Cangemi, CEO of FEI, Approva Advisory Board Member, and Former Editor-In-Chief of the ISACA IS Control Journal

As president and CEO of FEI, the professional association of choice for senior-level corporate financial executives, Michael P. Cangemi oversees the organization's efforts to advance ethical and responsible financial management practices within corporations. As a noted author, speaker and business consultant in the areas of internal audit, audit management, information systems and accounting, Cangemi is an expert in the latest trends of concern for executives.

-- Scott Mitchell, President and CEO, Open Compliance and Ethics Group (OCEG)

As CEO of OCEG, Scott Mitchell is responsible for promoting OCEG's mission to help corporations implement and align their governance, risk and compliance management activities to drive business performance and promote integrity across the organization. As one of the foremost experts on governance, risk and compliance, Mitchell is helping to drive GRC program innovation.

-- Prashanth "PV" Boccasam, CEO of Approva

PV has an unrivaled appreciation for spotting the convergence of business and IT trends and conceiving how new technologies can be applied to address problems that are top priorities for C-Level executives, including governance, risk and compliance. With public company executives continuing to share their concerns and experiences, PV has proprietary insight into the future of the governance, risk and compliance space. For more on PV's point of view on GRC, visit Audit Trail.

-- Paul van Kessel, Partner and Global Leader for Ernst & Young's IT Risk and Advisory Services

As a Global Leader for Ernst & Young, Paul van Kessel is responsible for the delivery of a wide range of risk and advisory services designed to help enhance IT governance/risk management activities and improve IT processes of organizations. By working on Continuous Control Monitoring for almost 15 years, Van Kessel drives continuous innovation into the GRC solutions that Ernst & Young is providing to clients.

About Approva

Approva® Corporation is the industry-leading provider of governance, risk and compliance (GRC) software for continuous controls monitoring and audit automation. We enable business, finance, IT and audit professionals to automate controls across SAP, Oracle, JD Edwards, PeopleSoft and other legacy applications. Our products are a controls monitoring standard for a majority of the Big-4 audit firms. Global companies such as Bayer, DirecTV, Discovery Communications, First Advantage, Honeywell, P&G, Pratt & Whitney, Siemens and T-Mobile rely on Approva to reduce compliance risk, increase operational efficiency and flag exceptions to their business controls. Approva has certified integrations with Microsoft, Sun Microsystems, IBM and SAP to provide a holistic GRC solution. For more information, visit www.approva.net.

Editors Note: For company news and other information, please log onto to Approva's press room at www.approva.net/news.

Contact Information