SlideShare ist ein Scribd-Unternehmen logo

Build a Platform Approach to Compliance Management

C
Chris Hoffmann

This document discusses the evolving landscape of enterprise compliance solutions. It notes that compliance has become a top priority for companies due to the large number of regulations they must address. While many vendors offer point solutions that focus on specific compliance areas, the document argues that companies need integrated platforms that can manage compliance across the entire enterprise in a consistent manner. It outlines key components that should be included in comprehensive compliance solutions and governance, risk, and compliance programs. Finally, it presents models for how compliance solutions can take a holistic "top-down/bottom-up" approach to better meet enterprises' evolving needs.

Business
1 von 15
Downloaden Sie, um offline zu lesen
NEXT GENERATION COMPLIANCE BUILDING A PLATFORM APPROACH TO ENTERPRISE COMPLIANCE AND RISK MANAGEMENT A TripleTree Industry Analysis SPOTLIGHT REPORT WWW.TRIPLE-TREE.COM 952.253.5300
TABLE OF CONTENTS INTRODUCTION 2 THE COMPLIANCE LANDSCAPE – DEFINING A SECTOR AMID RAPID GROWTH 4 ASSESSING AND MANAGING ENTERPRISE RISK 5 MATURING PLATFORMS 9 CONCLUSION 11 THE TRIPLETREE TEAM 12 TripleTree, LLC 7601 France Avenue South Suite 150 Minneapolis, MN 55435 t 952.253.5300 f 952.253.5301 www.triple-tree.com MINNEAPOLIS 952.253.5300 WWW.TRIPLE-TREE.COM Q1 2008 COMPLIANCE PAGE 1
INTRODUCTION Compliance is undoubtedly one of hottest, but perhaps one of the most misunderstood sectors within enterprise software. The complexity of corporate governance and a stricter regulatory environment are driving the market for solutions that help enterprises manage risk, satisfy compliance mandates, and meet government initiatives. Though the scope of the term compliance varies from vendor to vendor, TripleTree views compliance as the broader set of business practices and technologies that seek to find solutions in the areas of enterprise risk management, corporate governance, IT governance, and compliance controls management. The vendor landscape is rapidly expanding as both emerging vendors and global technology leaders roll out solutions and product road maps for an expanding market. These solutions are engineered to address a flood of regulatory requirements in establishing good governance practices and industry standards which are now at the forefront in the highest levels within most organizations. This Executive Digest is the first in a series from TripleTree addressing the evolution of governance, risk and compliance market. At a high level, it assesses why compliance and risk management needs are top-of-mind for enterprises and where vendors are creating automated solutions to serve these evolving set of needs. It will conclude with a viewpoint of how an enterprise-wide compliance platform and ecosystem will evolve in what is currently a highly fragmented market. Looking ahead to future Executive Digest reports, TripleTree’s compliance research agenda will cover: • An expanded view on compliance, risk management, and governance platforms with perspectives on platform approaches to managing compliance initiatives; • A review of the various delivery models and deployment scenarios for compliance solutions ranging from licensed software to SaaS, and hybrid models to outsourcing; and • A viewpoint for emerging company CEOs on compliance solutions that will assess how this sector may mature including areas for cooperation, likely vendor consolidation and ideas for value maximization. PAGE 2 Q1 2008 COMPLIANCE WWW.TRIPLE-TREE.COM MINNEAPOLIS 952.253.5300
COMPLIANCE MANAGEMENT Compliance Management is Top-of-Mind for C-Level Executives Enterprises of all sizes are scrambling to establish compliance solutions to address the tens of thousands of federal, state, local, and international regulations ranging from well known mandates such as Sarbanes-Oxley (SOX), Patriot Act, HIPAA, and NERC in the U.S., to J/SOX in Japan and Basel II in Europe, plus a number of lesser known compliance arenas like FISMA, PCI and alpha-numeric combinations like ISO 15489 and SEC 17a-4. There are simply too many regulations affecting every aspect of an organization’s business processes and systems to manage them effectively ad-hoc. With billions of dollars of potentially business-wrecking fines, it is becoming increasingly clear that compliance initiatives must be addressed through automation and a comprehensive, repeatable process rather than as a one-off project. A range of functionality can be included in a comprehensive compliance solution. Based on TripleTree’s ranking of compliance vendors, a basic list of tech-enabled functions must minimally include: • Business Process Modeling • Controls Automation (both IT & Business/Financial) • Dashboards • Document Management • Financial Reporting Integration • Policy Management • Risk Management • Audit Support Given the cross functional application and infrastructure technologies that are impacted by compliance mandates, today’s compliance solutions must link or collaborate with enterprise content management, business intelligence, business performance management, and various reporting and analytical applications. MINNEAPOLIS 952.253.5300 WWW.TRIPLE-TREE.COM Q1 2008 COMPLIANCE PAGE 3
THE COMPLIANCE LANDSCAPE Defining a Sector Amid Rapid Growth An entire sector of software vendors have emerged to offer solutions engineered to automate compliance processes and features as previously listed. TripleTree tracks over 300 such vendors and has only scratched the surface. A few vendors have designed a platform approach to broad-based compliance issues within the enterprise, but the majority are best classified as point solution vendors addressing only particular compliance control areas. Many others have largely stumbled into the compliance category from adjacent markets such as security, business intelligence, or content management. The rise of the point solution vendors began in the late 1990s as enterprises began to realize that manually addressing regulations through audits and ad-hoc home-grown tracking applications was simply not cost effective. Largely, many of these firms have specialized in one or a few regulatory mandates such as Sarbanes- Oxley and have worked to broaden their solution into other regulatory and control areas. In addition to these specialists, ‘compliance’ has become a magic descriptor finding its way into almost every enterprise software vendor’s solution vernacular and product road map, making it very difficult for enterprises to sort out an ever growing landscape of providers. Though no clear consensus exists on the current size of the compliance market, some analysts peg the sector as a greater than $50 billion opportunity and others see it as much smaller. The wide range in sizing is indicative of how varied the market definitions of the space are. Based on scores of TripleTree vendor briefings and end- user feedback, what is clear is that the definitions of compliance are shifting to meet economic and legislative demands. As such, the more innovative providers of compliance solutions are being forced to pivot and hone their market awareness, strategy, messaging and product development. • Definitions: Common definitions for compliance areas are absent in our risk-aware business culture. Compliance is a broad reaching concept that touches a number of business processes and functional domains within an organization. Vendor solutions need simplification for interest and adoption to grow. • Fragmentation: Many organizations are using numerous compliance solutions particular to the needs of the CFO, general counsel, chief compliance officer, CIO, and marketing. With these distinct buyers come misconceptions about how compliance policies should be mandated and managed. • Incomplete Solutions: A majority of software vendors claim to have a complete compliance solution but only address a narrow set of requirements around specific control points or a handful of regulations. • Emerging Vendor Leadership: Enterprise platform players and a select group of innovative ISVs are driving solution definition in the compliance sector. During the next few quarters, awareness, acceptance and a resulting consolidation in the sector will occur as global firms fill gaps in their solutions. PAGE 4 Q1 2008 COMPLIANCE WWW.TRIPLE-TREE.COM MINNEAPOLIS 952.253.5300
ASSESSING AND MANAGING ENTERPRISE RISK Approaching compliance management with consistency across an organization is challenging. In most organizations, compliance control is not a holistic process and most issues are addressed at the business unit or product level. The following is a simplified view of a typical enterprise: • Human capital management teams must adhere to labor laws • Finance departments manage various regulations and disclosures as well as provide means for transparency and independent verification • Manufacturing teams address product safety and quality requirements • Legal dictates internal policies while collaborating with external counsel on litigation issues, discovery, and IP protection • IT departments focus on security and data privacy • Marketing departments are managing key customer and billing information with sales teams, channel partners and customer service. As a by-product of this fragmentation, information and process silos have emerged across these departments and the resulting compliance investments will remain ad-hoc for the foreseeable future. However, compliance solutions that remain narrowly focused around discreet issues will struggle to become a relevant compliance platform. Regulatory Compliance Regulatory compliance remains a critically important function and a component of most broad risk management and governance platforms. To properly understand and manage risk, meet regulatory and corporate requirements, and execute on governance initiatives, enterprises need a robust and comprehensive application suite and these suites are beginning to materialize as Governance, Risk and Compliance (GRC) solutions. For many compliance vendors, GRC and their component terms (governance, risk and compliance) are often used interchangeably. However, TripleTree believes clear distinctions should and must be drawn between the scope and functionality for solutions that address compliance risk management and governance automation. GRC Compliance management is the label used to describe a holistic compliance framework which can span an enterprise through transparent and efficient processes. We narrowly classify GRC as a subsegment of technology solutions within the broader compliance management framework. Though this naming convention may seem counterintuitive given that ‘C’ in GRC stands for ‘compliance’, this nomenclature is used by a majority of leading vendors and industry analyst groups. While several GRC solutions exist, TripleTree defines a complete GRC program as one which takes a federated approach integrating compliance control points into broader, collaborative enterprise-wide schemas. End-users can be easily confused as vendors use GRC as an umbrella term to describe point based solutions that treat individual compliance and risk initiatives as compartmentalized silos within an organization, as opposed to taking a more top-down approach. MINNEAPOLIS 952.253.5300 WWW.TRIPLE-TREE.COM Q1 2008 COMPLIANCE PAGE 5
IT Governance Through our proprietary research, TripleTree has discovered patterns where IT Governance (ITG) is transcending pre-defined boundaries into a broader IT governance, risk and compliance management (IT-GRC) definition. Broadly speaking, traditional ITG is a framework by which organizations leverage internal . IT assets to support and manage governance, risk and compliance initiatives Understanding the across the enterprise. Inherent in these ITG strategies are how the procedures Components of GRC and responsibilities which govern risk and compliance integrate with work flows. While GRC vendors cater to the CEO and CFO, IT Governance solutions have been deployed as controls designed to resolve pain points of the CIO such as Governance is the framework data management, portfolio management, performance management and disaster that defines how corporations are recovery. Vendors are finding that the most effective ITG platforms integrate managed to achieve corporate technologies which extract value from the IT infrastructure by integrating previously isolated IT control points into a top-down decision making process. goals. Early IT Governance solutions were limited to best-of-breed applications that helped facilitate Project Portfolio Management (PPM) initiatives and decision Risk Management is the process making processes surrounding IT investments. By providing tools that helped of identifying and assessing analyze, prioritize, and make decisions, these solutions created a framework and enterprise risk within a developed process by which organizational IT goals could be measured and initiatives for framework to address those risks. value creation discovered. Though risk management is a discipline practiced throughout Corporate leaders are now taking a top-down approach for compliance control across the enterprise and are looking to IT as a critical support for GRC and all enterprise, it has historically been enterprise compliance initiatives. implemented on an ad-hoc basis to address isolated risk silos. An Enterprise-Wide View on Compliance Management Though many vendors currently offer tools that address many compliance control Compliance Management points, a platform has not yet evolved to adequately address all key elements of defines how corporations conform enterprise compliance management. to guideline laws set forth by governmental agencies or industry An enterprise-wide compliance solution must address both the management needs that span business and IT. Information management, analytics, financial standards. It also defines internal controls, internal audits, eLearning, labor laws and traditional IT governance policies and best practices. areas like asset management, security, and content management are inclusive Compliance technologies have of these needs. A holistic enterprise compliance platform must address both traditionally been control point the “top-down” business-facing processes and systems and the “bottom-up” IT solutions which help users conform controls of the organization. to a set of parameters for a specific risk or regulation (i.e. Sarbanes- Only by creating an enterprise-wide ecosystem that unifies the decision making Oxley). These technologies process between GRC, ITG, ERP, BI, and CPM systems can an organization fully typically implement transparency realize the value of its compliance programs. measures to assure outsiders that an organization is compliant. PAGE 6 Q1 2008 COMPLIANCE WWW.TRIPLE-TREE.COM MINNEAPOLIS 952.253.5300
Figure 1: TripleTree’s Compliance Market Map Q-Diagram Business Risk and Compliance E nvironmental Indus try Specific F inancial Health & S afety R egulations C ontrols Internal Audit E thics P rograms F raud As s es s ment/AMC Strategic Storage C orporate F ilings Consulting Marketing C ompliance Framework Operational R is k C ontract Management S hared S ervices • Auditing / R eporting / Dashboards R is k Analytics Archival & IP /Knowledge Records • Analytics Enterprise Management Management • P olicy / P roces s Management IT Risk Apps • W orkflow Human R es ources • B est P ractices IT Compliance t • Legislative / Regulatory Training C ertification C apacity P lanning - S ox, B as el II, HIP AA, C OB IT ERP • Document Management P erformance Management Content eDis covery • Incident Management Security Management • C onsulting / Services IT S tandards / S OA Us er Activity Monitoring Data Management/ IL M ID Management & Database S egregation of Duty Partners Dis as ter R ecovery/ C ontinuity S ervic e Management P roject P ortfolio P roject P ortfolio R es ource C hange & C onfiguration As s et R es ource Management Management Management Management IT Risk and Compliance Source: TripleTree TripleTree has outlined a list of 30 representative control points within an enterprise risk and compliance management platform. Control points on the top half of the diagram are functions typically associated with business risk and compliance management. The bottom half of the diagram shows IT risk and compliance management control points. The Shared Services box in the center tie together compliance within the business units and the IT elements throughout an organization. These services help to better integrate governance, risk and compliance decision processes with other business goals. MINNEAPOLIS 952.253.5300 WWW.TRIPLE-TREE.COM Q1 2008 COMPLIANCE PAGE 7
Figure 2: A “Top-Down/Bottom-Up” Approach to Compliance Business Risk and Compliance Foundation Common Based Engine Analytics Frameworks Extensible (SOA) IT Risk and Compliance Source: TripleTree This “top-down/bottom-up” model is considered a goal for many of today’s compliance providers as organizations ultimately will want a comprehensive solution from a trusted vendor. Engineered solutions designed to help an organization understand and manage its broad compliance initiatives efficiently will include automated control points for both the business units and IT. Because enterprise compliance suites are early in their evolution, organizations must work toward adopting a federated framework by integrating several point based controls into a unified system. Organizations that apply this federated approach should seek a pre-integrated multi-vendor solution based on a common data repository. This will help to maintain a holistic view of business risk and compliance initiatives that are in line with business processes. Moreover, the unified data repository will allow organizations to leverage common shared services and enable executives to make decisions based on a single, consistent data source as opposed to deciphering multiple disconnected data streams. PAGE 8 Q1 2008 COMPLIANCE WWW.TRIPLE-TREE.COM MINNEAPOLIS 952.253.5300
MATURING PLATFORMS As stated, the fragmented market for compliance solutions has been comprised of a narrow set of control points, a limited set of regulations and some foundations in IT governance. Recent sector consolidation point toward a maturation of thinking by leading vendors. We predict the evolution of compliance solutions will be driven by leading enterprise software vendors and specialized compliance management vendors racing to fulfill enterprise compliance needs as represented in both halves of our Q-Diagram on page 7. Today’s compliance specialists are represented by a list of vendors offering both licensed software and SaaS-based solutions. • CA • Oracle • Resolver • Compliance 360 • OpenPages • SAP • HP • Paisley • Others • IBM • Protiviti Vendor comparisons are difficult since sector definitions and actual capabilities within the compliance stack do not match up. From the list above, each firm represents some functionality for financial controls, audit automation or regulatory control. Solution maturity is varied. Risk Management capabilities also vary widely among vendors. For instance, one vendor may have strong dashboard and reporting capabilities alerting users to compliance deficiencies, while another may take a more process-centric approach focused on deficiency remediation. Yet another vendor may have engineered strong ties into a business intelligence-centric, corporate performance management suite for complex analytics. A few vendors are messaging and delivering around a “top-down/bottom-up” approach by touching on several areas of business risk and compliance as well as IT risk and compliance. However, no single vendor (or ecosystem of ISVs) provides the comprehensive enterprise-wide compliance solution like the one outlined in our Q-Diagram. Consolidation - Further Defining the Sector Not surprisingly, global technology platform vendors like Oracle and SAP are beginning to push their GRC/compliance message and assemble their respective platforms. In terms of capability, market reach, and ability to execute, we consider the global vendors as the group most capable of assembling the functionally for a holistic enterprise compliance platform. Oracle’s strategy includes leading with its financial applications, middleware, content management (Stellent), and recently acquired compliance assets such as LogicalApps. Ecosystem partners (ISVs and service providers) will become increasingly important to Oracle as it broadens its compliance definition within its GRC strategy. SAP’s GRC strategy is based on the strength of its financial application platform, MINNEAPOLIS 952.253.5300 WWW.TRIPLE-TREE.COM Q1 2008 COMPLIANCE PAGE 9
HCM, and supply chain assets. Newly acquired capabilities from the likes of Versa also play a significant role. SAP’s pending Business Objects acquisition foretells of an increasing focus on analytics and intelligence as a broader risk management strategy. Figure 3: Representative Compliance Market Activity Consolidation D ate B uyer Target D escription Business Risk and Compliance O ct-07 Wolters Kluwer PwC (TeamMate Software) Audit management & risk assessment O ct-07 O racle LogicalApps ERP compliance & monitoring software Sep-07 X erox Advectis Document management & collaboration SaaS Jun-07 Iron Mountain Accutrac Software Records management & compliance software Nov-06 Oracle Stellent Content management software Apr-06 SAP Virsa Systems, Inc. Segregation of duties; SOX compliance Feb-06 Fujitsu Consulting GIM Risk Management SOX compliance sysetms integration IT Risk and Compliance Sep-07 O racle Bridgestream Identity and access management Dec-06 IBM Consul Risk Management IT & compliance management software Jul-06 HP Mercury Business Technology Optimization (BTO) software Jun-05 CA Niku IT management and governance software As we foreshadow a consolidation trend, a range of potential consolidators come to mind. In addition to the obvious global enterprise software vendors, firms in the integrated information management, publishing, and document services sectors make interesting acquirers. Certain industry-focused vendors and offshore BPO vendors are also of consideration. Key Drivers: • Compliance is a top-of-mind category; • Global technology leaders in applications and infrastructure are racing to be seen as having the most extensive compliance management platform and by extension want to shape the category and its components; • While no single vendor can organically build a holistic platform today, (the “top-down/bottom-up approach”) compliance ecosystems (e.g. SAP’s recent linkage with Cisco Systems) will begin to emerge and consolidate in order to address multiple compliance requirements; • Disruptive delivery models like SaaS and hybrid solutions (SaaS- enabled BPO) will become more prevalent, just as they have in other software categories; • Since no clear sector leader exists, time-to-market is critical. Most of the global players know that a “buy” strategy is a more definitive path to market than “build/partner”; and • Non-traditional players view compliance as a necessary competence for up-sell and cross-sell revenue growth. 2008 will be a pivotal year for M&A in the sector. PAGE 10 Q1 2008 COMPLIANCE WWW.TRIPLE-TREE.COM MINNEAPOLIS 952.253.5300
CONCLUSION The compliance automation category includes many components, such as compliance control point automation, GRC, IT Governance/IT-GRC, risk management, and risk analytics. Today, this category is one of the top areas of enterprise spend. Though the market is still somewhat undefined, the leading enterprise software vendors, pure-play ISVs, and several non-traditional players are working to redefine the category and establish a leadership position. This leadership position will be defined on a range of capabilities and compliance solution CEOs must therefore remain constantly aware of the criterion with which they are being evaluated in the market. Because of its importance to the C-Suite and the significant addressable market, TripleTree predicts that a host of players will aggressively pursue a leadership position through internal investment and acquisition. For these CEOs considering liquidity options, below are a few key points: • Market definitions are solidifying now, and over the next six quarters consolidation will conclude. • Depending on a number of factors, valuation guidelines for licensed software or services-centric compliance businesses will be in the 1-3x revenue range (TTM) with opportunities for premium value creation. • For pure-play SaaS businesses, recurring revenue growth will be a key metric for garnering a premium well in excess of licensed software businesses. • Once the initial wave of consolidation has concluded and enterprise vendors establish their platform strategies, additional tuck-under deals will occur, but likely at lower valuations. As an investment bank and strategic advisor, TripleTree is committed to helping emerging companies understand how to take advantage of trends like those outlined in this report. Over the next few quarters, our compliance research agenda and webcasts will further assess the evolving market, where disruption is likely, and review vendors delivering on their vision. We welcome the opportunity to learn more about your business and how we can help your team climb to the next plateau of market leadership. MINNEAPOLIS 952.253.5300 WWW.TRIPLE-TREE.COM Q1 2008 COMPLIANCE PAGE 11
THE TEAM Kevin Green, Managing Partner • Co-founded TripleTree, LLC • 25+ years building and advising IT companies • Senior executive roles in public and private IT companies; two as CEO • Active with numerous industry associations, and Board of Directors, including SIIA and Connextions • BA and MBA, University of San Diego David Henderson, Managing Partner • Co-founded TripleTree, LLC • 22+ years in venture capital, business development and as a senior operating executive • Seven years of public accounting experience at Arthur Andersen • CEO of a $400 million asset bank holding company • Active Board of Director on several public and private companies • BA, Moorhead State University; Certified Public Accountant Scott Tudor, Managing Partner • Joined TripleTree in 1998 • Specializes in IT Outsourcing & Managed Services and Healthcare IT • Worked on more than 30 transactions with leading global companies such as UnitedHealth Group and Hewlett Packard • Served as TripleTree’s research chairman • BA and JD, University of Illinois; MBA, Carlson School of Management, University of Minnesota Chris Hoffmann, Senior Principal/Research Director, Technology • Joined TripleTree in 2005 • 19+ years of experience an operating executive, consultant, and analyst in the technology industry • Transaction activity focus in the areas of software and technology • Former President of Tier1 Research; executive positions at Gartner, GE Capital Consulting and IBM Global Services • BA, University of Minnesota-Duluth; advanced studies through the University of Minnesota and Michigan State University Brian Klemenhagen, Senior Principal • Joined TripleTree in 1999 with over ten years of combined investment banking and Wall Street equity research experience • Primary engagement manager across technology, software and outsourcing sectors • Principal contributor to TripleTree’s SaaS research • Prior to joining TripleTree was with RBC Dain Rauscher • BA, Gustavus Adolphus College; MBA, Carlson School of Management, University of Minnesota PAGE 12 Q1 2008 COMPLIANCE WWW.TRIPLE-TREE.COM MINNEAPOLIS 952.253.5300
THE TEAM Scott Donahue, Principal • 15+ years financial strategy analysis and business development consultation including marketing, operations support, and technical product development • Expertise in IT operations and services delivery approaches • Wall Street experience • Served in management roles at leading IT firms • BA, University of California - Santa Barbara; MBA, University of Michigan Scott Prentice, Associate • Focus on M&A and private placement activity in the technology sector • Previously worked on M&A activity at Ingenix, a division of UnitedHealth Group • Prior experience included technology capital investment at Target Corporation and as an IT consultant with Computer Science Corporation • BA, Bethel College; MBA, Carlson School of Management, University of Minnesota Michael Boardman, Senior Analyst • Specializes in research and analysis of industry trends and investment opportunities within Software and IT Services • Prior experience includes an internship with Merrill Lynch • Held a Cisco Certified Networking Associate Degree (CCNA) • BA, University of Minnesota; BSB, Carlson School of Management, University of Minnesota Matthew Flores, Senior Analyst • Dedicated to research and analysis within Enterprise Software, Telco, and Wireless • Research and transaction experience with TripleTree’s Healthcare and Mobile Wireless Teams • BA, Bates College Jeff Kaplan, Senior Advisor • Advises TripleTree’s technology team • Founder and Managing Director of THINKstrategies • Founder of the Software as a Service (SaaS) Showplace® and Managed Service Showplace® • Founding member of the SIIA SaaS Executive Council • Frequent speaker at industry events and contributing columnist for BusinessWeek, Mass High Tech Journal, Financial Times of London, and Network World, among many other industry leading publications MINNEAPOLIS 952.253.5300 WWW.TRIPLE-TREE.COM Q! 2008 COMPLIANCE PAGE 13
About TripleTree TripleTree, LLC is a research-based investment bank serving growth companies, investors and global acquirers. TripleTree conducts proprietary research that guides our work in M&A, growth capital and financial advisory services. Our value-based approach benefits technology- enabled businesses in sectors like healthcare, where technology and services are converging in new delivery models and in other industries where management and investors are in search of creative ways to penetrate and dominate markets and build value. TripleTree’s unique personality is shaped by the experience of our principals, who as former business builders and transaction advisors create strategic outcomes that maximize value for our clients. Copyright © 2008 by TripleTree, LLC t 952-253-5300 f 952-253-5301 7601 France Avenue South Suite 150 Minneapolis, Minnesota 55435 www.triple-tree.com

Empfohlen

PWC Survey 2010 Report
PWC Survey 2010 ReportPWC Survey 2010 Report
PWC Survey 2010 ReportKim Jensen
 
PriceWaterhouseCoopers: Information Security 2010 - Trial by Fire (Survey)
PriceWaterhouseCoopers: Information Security 2010 - Trial by Fire (Survey)PriceWaterhouseCoopers: Information Security 2010 - Trial by Fire (Survey)
PriceWaterhouseCoopers: Information Security 2010 - Trial by Fire (Survey)United Interactive™
 
Idc cost complexitycompliance
Idc cost complexitycomplianceIdc cost complexitycompliance
Idc cost complexitycomplianceReadWrite
 
Enterprise Pricing Policies Crucial To Risk Mitigation
Enterprise Pricing Policies Crucial To Risk MitigationEnterprise Pricing Policies Crucial To Risk Mitigation
Enterprise Pricing Policies Crucial To Risk Mitigationrkmcgann
 
Directions 2008 The Research
Directions 2008 The ResearchDirections 2008 The Research
Directions 2008 The Researchsalterbaxter
 
IDC Energy Insights - Enterprise Risk Management
IDC Energy Insights - Enterprise Risk ManagementIDC Energy Insights - Enterprise Risk Management
IDC Energy Insights - Enterprise Risk ManagementFindWhitePapers
 
Optimize Costs & Deliver Value through Enterprise Contract Management Software
Optimize Costs & Deliver Value through Enterprise Contract Management SoftwareOptimize Costs & Deliver Value through Enterprise Contract Management Software
Optimize Costs & Deliver Value through Enterprise Contract Management SoftwareIcertis
 
TripleTree CRM
TripleTree CRMTripleTree CRM
TripleTree CRMChris Hoffmann
 

Empfohlen

PWC Survey 2010 Report
PWC Survey 2010 ReportPWC Survey 2010 Report
PWC Survey 2010 ReportKim Jensen
 
PriceWaterhouseCoopers: Information Security 2010 - Trial by Fire (Survey)
PriceWaterhouseCoopers: Information Security 2010 - Trial by Fire (Survey)PriceWaterhouseCoopers: Information Security 2010 - Trial by Fire (Survey)
PriceWaterhouseCoopers: Information Security 2010 - Trial by Fire (Survey)United Interactive™
 
Idc cost complexitycompliance
Idc cost complexitycomplianceIdc cost complexitycompliance
Idc cost complexitycomplianceReadWrite
 
Enterprise Pricing Policies Crucial To Risk Mitigation
Enterprise Pricing Policies Crucial To Risk MitigationEnterprise Pricing Policies Crucial To Risk Mitigation
Enterprise Pricing Policies Crucial To Risk Mitigationrkmcgann
 
Directions 2008 The Research
Directions 2008 The ResearchDirections 2008 The Research
Directions 2008 The Researchsalterbaxter
 
IDC Energy Insights - Enterprise Risk Management
IDC Energy Insights - Enterprise Risk ManagementIDC Energy Insights - Enterprise Risk Management
IDC Energy Insights - Enterprise Risk ManagementFindWhitePapers
 
Optimize Costs & Deliver Value through Enterprise Contract Management Software
Optimize Costs & Deliver Value through Enterprise Contract Management SoftwareOptimize Costs & Deliver Value through Enterprise Contract Management Software
Optimize Costs & Deliver Value through Enterprise Contract Management SoftwareIcertis
 
TripleTree CRM
TripleTree CRMTripleTree CRM
TripleTree CRMChris Hoffmann
 
Untangling Product Complexity in M&A
Untangling Product Complexity in M&AUntangling Product Complexity in M&A
Untangling Product Complexity in M&AMichael Hu
 
Energy Risk Management
Energy Risk Management Energy Risk Management
Energy Risk Management MetricStream Inc
 
Business continuity management and risk -The role of standards
Business continuity management and risk -The role of standardsBusiness continuity management and risk -The role of standards
Business continuity management and risk -The role of standardsBSI British Standards Institution
 
Allgress Brochure
Allgress BrochureAllgress Brochure
Allgress Brochurelinkedinlion11
 
Global Supply Chain Mega Trend Interview
Global Supply Chain Mega Trend InterviewGlobal Supply Chain Mega Trend Interview
Global Supply Chain Mega Trend InterviewUnni Krishnan (CMILT, IRTS)
 
The Relevance and Value of a “Storage Hypervisor”
The Relevance and Value of a “Storage Hypervisor”The Relevance and Value of a “Storage Hypervisor”
The Relevance and Value of a “Storage Hypervisor”IBM India Smarter Computing
 
Information Is The Lifeblood Of A Business
Information Is The Lifeblood Of A BusinessInformation Is The Lifeblood Of A Business
Information Is The Lifeblood Of A BusinessAlasdair Kilgour
 
Forrester GRC Q1 2016 Report
Forrester GRC Q1 2016 ReportForrester GRC Q1 2016 Report
Forrester GRC Q1 2016 ReportDaryl Resnick
 
The path to self disruption: Nine steps of a digital transformation journey
The path to self disruption: Nine steps of a digital transformation journeyThe path to self disruption: Nine steps of a digital transformation journey
The path to self disruption: Nine steps of a digital transformation journeyThe Economist Media Businesses
 
The Path to Self-Disruption
The Path to Self-DisruptionThe Path to Self-Disruption
The Path to Self-DisruptionHewlett Packard Enterprise Business Value Exchange
 
Webinar: Why Commodity Analytics is the Next Big Thing for Trading, Risk, & S...
Webinar: Why Commodity Analytics is the Next Big Thing for Trading, Risk, & S...Webinar: Why Commodity Analytics is the Next Big Thing for Trading, Risk, & S...
Webinar: Why Commodity Analytics is the Next Big Thing for Trading, Risk, & S...Eka Software Solutions
 
It Budget Tips
It Budget TipsIt Budget Tips
It Budget Tipsagiliancecommunity
 
Digital Asset Management (DAM) Strategy
Digital Asset Management (DAM) Strategy Digital Asset Management (DAM) Strategy
Digital Asset Management (DAM) Strategy Infosys
 
Opportunity Snapshot - Accelerating Digital Transformation With Technology (F...
Opportunity Snapshot - Accelerating Digital Transformation With Technology (F...Opportunity Snapshot - Accelerating Digital Transformation With Technology (F...
Opportunity Snapshot - Accelerating Digital Transformation With Technology (F...havoc2003
 
Digital Asset Management Strategies
Digital Asset Management StrategiesDigital Asset Management Strategies
Digital Asset Management StrategiesInfosys
 
Top 10 Pitfalls Of Am
Top 10 Pitfalls Of AmTop 10 Pitfalls Of Am
Top 10 Pitfalls Of AmApplication Management
 
The Path to Self-Disruption
The Path to Self-DisruptionThe Path to Self-Disruption
The Path to Self-DisruptionHewlett Packard Enterprise Business Value Exchange
 
GRC FOR CAPITAL MARKETS: Beyond Corporate Governance
GRC FOR CAPITAL MARKETS: Beyond Corporate GovernanceGRC FOR CAPITAL MARKETS: Beyond Corporate Governance
GRC FOR CAPITAL MARKETS: Beyond Corporate GovernanceGary Cable
 
Forget fail-fast - just fail well
Forget fail-fast - just fail wellForget fail-fast - just fail well
Forget fail-fast - just fail wellMaricla Kandzorra
 
201205 The Intersection: Technology and Insurance
201205 The Intersection: Technology and Insurance201205 The Intersection: Technology and Insurance
201205 The Intersection: Technology and InsuranceSteven Callahan
 
200806 tech decisions_new_trackoldsystems
200806 tech decisions_new_trackoldsystems200806 tech decisions_new_trackoldsystems
200806 tech decisions_new_trackoldsystemsSteven Callahan
 
Innovation connections quick guide managing ict risk for business pdf
Innovation connections quick guide managing ict risk for business pdfInnovation connections quick guide managing ict risk for business pdf
Innovation connections quick guide managing ict risk for business pdfAbdulbasit Almauly
 

Weitere ähnliche Inhalte

Was ist angesagt?

Untangling Product Complexity in M&A
Untangling Product Complexity in M&AUntangling Product Complexity in M&A
Untangling Product Complexity in M&AMichael Hu
 
Business continuity management and risk -The role of standards
Business continuity management and risk -The role of standardsBusiness continuity management and risk -The role of standards
Business continuity management and risk -The role of standardsBSI British Standards Institution
 
The Relevance and Value of a “Storage Hypervisor”
The Relevance and Value of a “Storage Hypervisor”The Relevance and Value of a “Storage Hypervisor”
The Relevance and Value of a “Storage Hypervisor”IBM India Smarter Computing
 
Information Is The Lifeblood Of A Business
Information Is The Lifeblood Of A BusinessInformation Is The Lifeblood Of A Business
Information Is The Lifeblood Of A BusinessAlasdair Kilgour
 

Was ist angesagt? (7)

Untangling Product Complexity in M&A
Untangling Product Complexity in M&AUntangling Product Complexity in M&A
Untangling Product Complexity in M&A
 
Energy Risk Management
Energy Risk Management Energy Risk Management
Energy Risk Management
 
Business continuity management and risk -The role of standards
Business continuity management and risk -The role of standardsBusiness continuity management and risk -The role of standards
Business continuity management and risk -The role of standards
 
Allgress Brochure
Allgress BrochureAllgress Brochure
Allgress Brochure
 
Global Supply Chain Mega Trend Interview
Global Supply Chain Mega Trend InterviewGlobal Supply Chain Mega Trend Interview
Global Supply Chain Mega Trend Interview
 
The Relevance and Value of a “Storage Hypervisor”
The Relevance and Value of a “Storage Hypervisor”The Relevance and Value of a “Storage Hypervisor”
The Relevance and Value of a “Storage Hypervisor”
 
Information Is The Lifeblood Of A Business
Information Is The Lifeblood Of A BusinessInformation Is The Lifeblood Of A Business
Information Is The Lifeblood Of A Business
 

Ähnlich wie Build a Platform Approach to Compliance Management

Forrester GRC Q1 2016 Report
Forrester GRC Q1 2016 ReportForrester GRC Q1 2016 Report
Forrester GRC Q1 2016 ReportDaryl Resnick
 
The path to self disruption: Nine steps of a digital transformation journey
The path to self disruption: Nine steps of a digital transformation journeyThe path to self disruption: Nine steps of a digital transformation journey
The path to self disruption: Nine steps of a digital transformation journeyThe Economist Media Businesses
 
Webinar: Why Commodity Analytics is the Next Big Thing for Trading, Risk, & S...
Webinar: Why Commodity Analytics is the Next Big Thing for Trading, Risk, & S...Webinar: Why Commodity Analytics is the Next Big Thing for Trading, Risk, & S...
Webinar: Why Commodity Analytics is the Next Big Thing for Trading, Risk, & S...Eka Software Solutions
 
Digital Asset Management (DAM) Strategy
Digital Asset Management (DAM) Strategy Digital Asset Management (DAM) Strategy
Digital Asset Management (DAM) Strategy Infosys
 
Opportunity Snapshot - Accelerating Digital Transformation With Technology (F...
Opportunity Snapshot - Accelerating Digital Transformation With Technology (F...Opportunity Snapshot - Accelerating Digital Transformation With Technology (F...
Opportunity Snapshot - Accelerating Digital Transformation With Technology (F...havoc2003
 
Digital Asset Management Strategies
Digital Asset Management StrategiesDigital Asset Management Strategies
Digital Asset Management StrategiesInfosys
 
GRC FOR CAPITAL MARKETS: Beyond Corporate Governance
GRC FOR CAPITAL MARKETS: Beyond Corporate GovernanceGRC FOR CAPITAL MARKETS: Beyond Corporate Governance
GRC FOR CAPITAL MARKETS: Beyond Corporate GovernanceGary Cable
 
Forget fail-fast - just fail well
Forget fail-fast - just fail wellForget fail-fast - just fail well
Forget fail-fast - just fail wellMaricla Kandzorra
 
201205 The Intersection: Technology and Insurance
201205 The Intersection: Technology and Insurance201205 The Intersection: Technology and Insurance
201205 The Intersection: Technology and InsuranceSteven Callahan
 
200806 tech decisions_new_trackoldsystems
200806 tech decisions_new_trackoldsystems200806 tech decisions_new_trackoldsystems
200806 tech decisions_new_trackoldsystemsSteven Callahan
 
Innovation connections quick guide managing ict risk for business pdf
Innovation connections quick guide managing ict risk for business pdfInnovation connections quick guide managing ict risk for business pdf
Innovation connections quick guide managing ict risk for business pdfAbdulbasit Almauly
 
MindTree Considers Leading Enterprise Contract Management Software
MindTree Considers Leading Enterprise Contract Management SoftwareMindTree Considers Leading Enterprise Contract Management Software
MindTree Considers Leading Enterprise Contract Management SoftwareIcertis
 
The Cloud Is The Corporation Abeyta
The Cloud Is The Corporation AbeytaThe Cloud Is The Corporation Abeyta
The Cloud Is The Corporation Abeytabern co
 
Sungard_Digital_September2015_FINAL
Sungard_Digital_September2015_FINALSungard_Digital_September2015_FINAL
Sungard_Digital_September2015_FINALRobert Rosenberg
 
GRC 101 ISACA Bengaluru on 28th Dec 2013
GRC 101 ISACA Bengaluru on 28th Dec 2013GRC 101 ISACA Bengaluru on 28th Dec 2013
GRC 101 ISACA Bengaluru on 28th Dec 2013FixNix Inc.,
 
Ariba Knowledge Nuggets: Contracts in the Cloud
Ariba Knowledge Nuggets: Contracts in the CloudAriba Knowledge Nuggets: Contracts in the Cloud
Ariba Knowledge Nuggets: Contracts in the CloudSAP Ariba
 

Ähnlich wie Build a Platform Approach to Compliance Management (20)

Forrester GRC Q1 2016 Report
Forrester GRC Q1 2016 ReportForrester GRC Q1 2016 Report
Forrester GRC Q1 2016 Report
 
The path to self disruption: Nine steps of a digital transformation journey
The path to self disruption: Nine steps of a digital transformation journeyThe path to self disruption: Nine steps of a digital transformation journey
The path to self disruption: Nine steps of a digital transformation journey
 
The Path to Self-Disruption
The Path to Self-DisruptionThe Path to Self-Disruption
The Path to Self-Disruption
 
Webinar: Why Commodity Analytics is the Next Big Thing for Trading, Risk, & S...
Webinar: Why Commodity Analytics is the Next Big Thing for Trading, Risk, & S...Webinar: Why Commodity Analytics is the Next Big Thing for Trading, Risk, & S...
Webinar: Why Commodity Analytics is the Next Big Thing for Trading, Risk, & S...
 
It Budget Tips
It Budget TipsIt Budget Tips
It Budget Tips
 
Digital Asset Management (DAM) Strategy
Digital Asset Management (DAM) Strategy Digital Asset Management (DAM) Strategy
Digital Asset Management (DAM) Strategy
 
Opportunity Snapshot - Accelerating Digital Transformation With Technology (F...
Opportunity Snapshot - Accelerating Digital Transformation With Technology (F...Opportunity Snapshot - Accelerating Digital Transformation With Technology (F...
Opportunity Snapshot - Accelerating Digital Transformation With Technology (F...
 
Digital Asset Management Strategies
Digital Asset Management StrategiesDigital Asset Management Strategies
Digital Asset Management Strategies
 
Top 10 Pitfalls Of Am
Top 10 Pitfalls Of AmTop 10 Pitfalls Of Am
Top 10 Pitfalls Of Am
 
The Path to Self-Disruption
The Path to Self-DisruptionThe Path to Self-Disruption
The Path to Self-Disruption
 
GRC FOR CAPITAL MARKETS: Beyond Corporate Governance
GRC FOR CAPITAL MARKETS: Beyond Corporate GovernanceGRC FOR CAPITAL MARKETS: Beyond Corporate Governance
GRC FOR CAPITAL MARKETS: Beyond Corporate Governance
 
Forget fail-fast - just fail well
Forget fail-fast - just fail wellForget fail-fast - just fail well
Forget fail-fast - just fail well
 
201205 The Intersection: Technology and Insurance
201205 The Intersection: Technology and Insurance201205 The Intersection: Technology and Insurance
201205 The Intersection: Technology and Insurance
 
200806 tech decisions_new_trackoldsystems
200806 tech decisions_new_trackoldsystems200806 tech decisions_new_trackoldsystems
200806 tech decisions_new_trackoldsystems
 
Innovation connections quick guide managing ict risk for business pdf
Innovation connections quick guide managing ict risk for business pdfInnovation connections quick guide managing ict risk for business pdf
Innovation connections quick guide managing ict risk for business pdf
 
MindTree Considers Leading Enterprise Contract Management Software
MindTree Considers Leading Enterprise Contract Management SoftwareMindTree Considers Leading Enterprise Contract Management Software
MindTree Considers Leading Enterprise Contract Management Software
 
The Cloud Is The Corporation Abeyta
The Cloud Is The Corporation AbeytaThe Cloud Is The Corporation Abeyta
The Cloud Is The Corporation Abeyta
 
Sungard_Digital_September2015_FINAL
Sungard_Digital_September2015_FINALSungard_Digital_September2015_FINAL
Sungard_Digital_September2015_FINAL
 
GRC 101 ISACA Bengaluru on 28th Dec 2013
GRC 101 ISACA Bengaluru on 28th Dec 2013GRC 101 ISACA Bengaluru on 28th Dec 2013
GRC 101 ISACA Bengaluru on 28th Dec 2013
 
Ariba Knowledge Nuggets: Contracts in the Cloud
Ariba Knowledge Nuggets: Contracts in the CloudAriba Knowledge Nuggets: Contracts in the Cloud
Ariba Knowledge Nuggets: Contracts in the Cloud
 

Mehr von Chris Hoffmann

Empowering Individuals to Be Better Healthcare Consumers
Empowering Individuals to Be Better Healthcare ConsumersEmpowering Individuals to Be Better Healthcare Consumers
Empowering Individuals to Be Better Healthcare ConsumersChris Hoffmann
 
Post-Acute Care & Beyond
Post-Acute Care & BeyondPost-Acute Care & Beyond
Post-Acute Care & BeyondChris Hoffmann
 
The Evolving Business Case for Social Media in Healthcare
The Evolving Business Case for Social Media in HealthcareThe Evolving Business Case for Social Media in Healthcare
The Evolving Business Case for Social Media in HealthcareChris Hoffmann
 
Health, Wealth, & Support for Seniors
Health, Wealth, & Support for SeniorsHealth, Wealth, & Support for Seniors
Health, Wealth, & Support for SeniorsChris Hoffmann
 
Innovation and the Health Care Needs of Seniors
Innovation and the Health Care Needs of SeniorsInnovation and the Health Care Needs of Seniors
Innovation and the Health Care Needs of SeniorsChris Hoffmann
 
HIX: Health Insurance Exchanges
HIX: Health Insurance ExchangesHIX: Health Insurance Exchanges
HIX: Health Insurance ExchangesChris Hoffmann
 
TripleTree mHealth Research & Survey Report
TripleTree mHealth Research & Survey ReportTripleTree mHealth Research & Survey Report
TripleTree mHealth Research & Survey ReportChris Hoffmann
 
TripleTree Collaboration
TripleTree CollaborationTripleTree Collaboration
TripleTree CollaborationChris Hoffmann
 
TripleTree Wireless & Mobile Health
TripleTree Wireless & Mobile HealthTripleTree Wireless & Mobile Health
TripleTree Wireless & Mobile HealthChris Hoffmann
 
TripleTree Saas Platforms
TripleTree Saas PlatformsTripleTree Saas Platforms
TripleTree Saas PlatformsChris Hoffmann
 

Mehr von Chris Hoffmann (13)

Empowering Individuals to Be Better Healthcare Consumers
Empowering Individuals to Be Better Healthcare ConsumersEmpowering Individuals to Be Better Healthcare Consumers
Empowering Individuals to Be Better Healthcare Consumers
 
Post-Acute Care & Beyond
Post-Acute Care & BeyondPost-Acute Care & Beyond
Post-Acute Care & Beyond
 
The Evolving Business Case for Social Media in Healthcare
The Evolving Business Case for Social Media in HealthcareThe Evolving Business Case for Social Media in Healthcare
The Evolving Business Case for Social Media in Healthcare
 
Health, Wealth, & Support for Seniors
Health, Wealth, & Support for SeniorsHealth, Wealth, & Support for Seniors
Health, Wealth, & Support for Seniors
 
Innovation and the Health Care Needs of Seniors
Innovation and the Health Care Needs of SeniorsInnovation and the Health Care Needs of Seniors
Innovation and the Health Care Needs of Seniors
 
HIX: Health Insurance Exchanges
HIX: Health Insurance ExchangesHIX: Health Insurance Exchanges
HIX: Health Insurance Exchanges
 
TripleTree mHealth Research & Survey Report
TripleTree mHealth Research & Survey ReportTripleTree mHealth Research & Survey Report
TripleTree mHealth Research & Survey Report
 
TripleTree eDiscovery
TripleTree eDiscoveryTripleTree eDiscovery
TripleTree eDiscovery
 
TripleTree Collaboration
TripleTree CollaborationTripleTree Collaboration
TripleTree Collaboration
 
TripleTree Acuity2010
TripleTree Acuity2010TripleTree Acuity2010
TripleTree Acuity2010
 
TripleTree Acuity2009
TripleTree Acuity2009TripleTree Acuity2009
TripleTree Acuity2009
 
TripleTree Wireless & Mobile Health
TripleTree Wireless & Mobile HealthTripleTree Wireless & Mobile Health
TripleTree Wireless & Mobile Health
 
TripleTree Saas Platforms
TripleTree Saas PlatformsTripleTree Saas Platforms
TripleTree Saas Platforms
 

Kürzlich hochgeladen

7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...Paul Menig
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxWorkforce Group
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxpriyanshujha201
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
Understanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key InsightsUnderstanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key Insightsseri bangash
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitHolger Mueller
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetDenis Gagné
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Neil Kimberley
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Centuryrwgiffor
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...Suhani Kapoor
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
Unlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfUnlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfOnline Income Engine
 

Kürzlich hochgeladen (20)

7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
Understanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key InsightsUnderstanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key Insights
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
Unlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfUnlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdf
 

Build a Platform Approach to Compliance Management

  • 1. NEXT GENERATION COMPLIANCE BUILDING A PLATFORM APPROACH TO ENTERPRISE COMPLIANCE AND RISK MANAGEMENT A TripleTree Industry Analysis SPOTLIGHT REPORT WWW.TRIPLE-TREE.COM 952.253.5300
  • 2. TABLE OF CONTENTS INTRODUCTION 2 THE COMPLIANCE LANDSCAPE – DEFINING A SECTOR AMID RAPID GROWTH 4 ASSESSING AND MANAGING ENTERPRISE RISK 5 MATURING PLATFORMS 9 CONCLUSION 11 THE TRIPLETREE TEAM 12 TripleTree, LLC 7601 France Avenue South Suite 150 Minneapolis, MN 55435 t 952.253.5300 f 952.253.5301 www.triple-tree.com MINNEAPOLIS 952.253.5300 WWW.TRIPLE-TREE.COM Q1 2008 COMPLIANCE PAGE 1
  • 3. INTRODUCTION Compliance is undoubtedly one of hottest, but perhaps one of the most misunderstood sectors within enterprise software. The complexity of corporate governance and a stricter regulatory environment are driving the market for solutions that help enterprises manage risk, satisfy compliance mandates, and meet government initiatives. Though the scope of the term compliance varies from vendor to vendor, TripleTree views compliance as the broader set of business practices and technologies that seek to find solutions in the areas of enterprise risk management, corporate governance, IT governance, and compliance controls management. The vendor landscape is rapidly expanding as both emerging vendors and global technology leaders roll out solutions and product road maps for an expanding market. These solutions are engineered to address a flood of regulatory requirements in establishing good governance practices and industry standards which are now at the forefront in the highest levels within most organizations. This Executive Digest is the first in a series from TripleTree addressing the evolution of governance, risk and compliance market. At a high level, it assesses why compliance and risk management needs are top-of-mind for enterprises and where vendors are creating automated solutions to serve these evolving set of needs. It will conclude with a viewpoint of how an enterprise-wide compliance platform and ecosystem will evolve in what is currently a highly fragmented market. Looking ahead to future Executive Digest reports, TripleTree’s compliance research agenda will cover: • An expanded view on compliance, risk management, and governance platforms with perspectives on platform approaches to managing compliance initiatives; • A review of the various delivery models and deployment scenarios for compliance solutions ranging from licensed software to SaaS, and hybrid models to outsourcing; and • A viewpoint for emerging company CEOs on compliance solutions that will assess how this sector may mature including areas for cooperation, likely vendor consolidation and ideas for value maximization. PAGE 2 Q1 2008 COMPLIANCE WWW.TRIPLE-TREE.COM MINNEAPOLIS 952.253.5300
  • 4. COMPLIANCE MANAGEMENT Compliance Management is Top-of-Mind for C-Level Executives Enterprises of all sizes are scrambling to establish compliance solutions to address the tens of thousands of federal, state, local, and international regulations ranging from well known mandates such as Sarbanes-Oxley (SOX), Patriot Act, HIPAA, and NERC in the U.S., to J/SOX in Japan and Basel II in Europe, plus a number of lesser known compliance arenas like FISMA, PCI and alpha-numeric combinations like ISO 15489 and SEC 17a-4. There are simply too many regulations affecting every aspect of an organization’s business processes and systems to manage them effectively ad-hoc. With billions of dollars of potentially business-wrecking fines, it is becoming increasingly clear that compliance initiatives must be addressed through automation and a comprehensive, repeatable process rather than as a one-off project. A range of functionality can be included in a comprehensive compliance solution. Based on TripleTree’s ranking of compliance vendors, a basic list of tech-enabled functions must minimally include: • Business Process Modeling • Controls Automation (both IT & Business/Financial) • Dashboards • Document Management • Financial Reporting Integration • Policy Management • Risk Management • Audit Support Given the cross functional application and infrastructure technologies that are impacted by compliance mandates, today’s compliance solutions must link or collaborate with enterprise content management, business intelligence, business performance management, and various reporting and analytical applications. MINNEAPOLIS 952.253.5300 WWW.TRIPLE-TREE.COM Q1 2008 COMPLIANCE PAGE 3
  • 5. THE COMPLIANCE LANDSCAPE Defining a Sector Amid Rapid Growth An entire sector of software vendors have emerged to offer solutions engineered to automate compliance processes and features as previously listed. TripleTree tracks over 300 such vendors and has only scratched the surface. A few vendors have designed a platform approach to broad-based compliance issues within the enterprise, but the majority are best classified as point solution vendors addressing only particular compliance control areas. Many others have largely stumbled into the compliance category from adjacent markets such as security, business intelligence, or content management. The rise of the point solution vendors began in the late 1990s as enterprises began to realize that manually addressing regulations through audits and ad-hoc home-grown tracking applications was simply not cost effective. Largely, many of these firms have specialized in one or a few regulatory mandates such as Sarbanes- Oxley and have worked to broaden their solution into other regulatory and control areas. In addition to these specialists, ‘compliance’ has become a magic descriptor finding its way into almost every enterprise software vendor’s solution vernacular and product road map, making it very difficult for enterprises to sort out an ever growing landscape of providers. Though no clear consensus exists on the current size of the compliance market, some analysts peg the sector as a greater than $50 billion opportunity and others see it as much smaller. The wide range in sizing is indicative of how varied the market definitions of the space are. Based on scores of TripleTree vendor briefings and end- user feedback, what is clear is that the definitions of compliance are shifting to meet economic and legislative demands. As such, the more innovative providers of compliance solutions are being forced to pivot and hone their market awareness, strategy, messaging and product development. • Definitions: Common definitions for compliance areas are absent in our risk-aware business culture. Compliance is a broad reaching concept that touches a number of business processes and functional domains within an organization. Vendor solutions need simplification for interest and adoption to grow. • Fragmentation: Many organizations are using numerous compliance solutions particular to the needs of the CFO, general counsel, chief compliance officer, CIO, and marketing. With these distinct buyers come misconceptions about how compliance policies should be mandated and managed. • Incomplete Solutions: A majority of software vendors claim to have a complete compliance solution but only address a narrow set of requirements around specific control points or a handful of regulations. • Emerging Vendor Leadership: Enterprise platform players and a select group of innovative ISVs are driving solution definition in the compliance sector. During the next few quarters, awareness, acceptance and a resulting consolidation in the sector will occur as global firms fill gaps in their solutions. PAGE 4 Q1 2008 COMPLIANCE WWW.TRIPLE-TREE.COM MINNEAPOLIS 952.253.5300
  • 6. ASSESSING AND MANAGING ENTERPRISE RISK Approaching compliance management with consistency across an organization is challenging. In most organizations, compliance control is not a holistic process and most issues are addressed at the business unit or product level. The following is a simplified view of a typical enterprise: • Human capital management teams must adhere to labor laws • Finance departments manage various regulations and disclosures as well as provide means for transparency and independent verification • Manufacturing teams address product safety and quality requirements • Legal dictates internal policies while collaborating with external counsel on litigation issues, discovery, and IP protection • IT departments focus on security and data privacy • Marketing departments are managing key customer and billing information with sales teams, channel partners and customer service. As a by-product of this fragmentation, information and process silos have emerged across these departments and the resulting compliance investments will remain ad-hoc for the foreseeable future. However, compliance solutions that remain narrowly focused around discreet issues will struggle to become a relevant compliance platform. Regulatory Compliance Regulatory compliance remains a critically important function and a component of most broad risk management and governance platforms. To properly understand and manage risk, meet regulatory and corporate requirements, and execute on governance initiatives, enterprises need a robust and comprehensive application suite and these suites are beginning to materialize as Governance, Risk and Compliance (GRC) solutions. For many compliance vendors, GRC and their component terms (governance, risk and compliance) are often used interchangeably. However, TripleTree believes clear distinctions should and must be drawn between the scope and functionality for solutions that address compliance risk management and governance automation. GRC Compliance management is the label used to describe a holistic compliance framework which can span an enterprise through transparent and efficient processes. We narrowly classify GRC as a subsegment of technology solutions within the broader compliance management framework. Though this naming convention may seem counterintuitive given that ‘C’ in GRC stands for ‘compliance’, this nomenclature is used by a majority of leading vendors and industry analyst groups. While several GRC solutions exist, TripleTree defines a complete GRC program as one which takes a federated approach integrating compliance control points into broader, collaborative enterprise-wide schemas. End-users can be easily confused as vendors use GRC as an umbrella term to describe point based solutions that treat individual compliance and risk initiatives as compartmentalized silos within an organization, as opposed to taking a more top-down approach. MINNEAPOLIS 952.253.5300 WWW.TRIPLE-TREE.COM Q1 2008 COMPLIANCE PAGE 5
  • 7. IT Governance Through our proprietary research, TripleTree has discovered patterns where IT Governance (ITG) is transcending pre-defined boundaries into a broader IT governance, risk and compliance management (IT-GRC) definition. Broadly speaking, traditional ITG is a framework by which organizations leverage internal . IT assets to support and manage governance, risk and compliance initiatives Understanding the across the enterprise. Inherent in these ITG strategies are how the procedures Components of GRC and responsibilities which govern risk and compliance integrate with work flows. While GRC vendors cater to the CEO and CFO, IT Governance solutions have been deployed as controls designed to resolve pain points of the CIO such as Governance is the framework data management, portfolio management, performance management and disaster that defines how corporations are recovery. Vendors are finding that the most effective ITG platforms integrate managed to achieve corporate technologies which extract value from the IT infrastructure by integrating previously isolated IT control points into a top-down decision making process. goals. Early IT Governance solutions were limited to best-of-breed applications that helped facilitate Project Portfolio Management (PPM) initiatives and decision Risk Management is the process making processes surrounding IT investments. By providing tools that helped of identifying and assessing analyze, prioritize, and make decisions, these solutions created a framework and enterprise risk within a developed process by which organizational IT goals could be measured and initiatives for framework to address those risks. value creation discovered. Though risk management is a discipline practiced throughout Corporate leaders are now taking a top-down approach for compliance control across the enterprise and are looking to IT as a critical support for GRC and all enterprise, it has historically been enterprise compliance initiatives. implemented on an ad-hoc basis to address isolated risk silos. An Enterprise-Wide View on Compliance Management Though many vendors currently offer tools that address many compliance control Compliance Management points, a platform has not yet evolved to adequately address all key elements of defines how corporations conform enterprise compliance management. to guideline laws set forth by governmental agencies or industry An enterprise-wide compliance solution must address both the management needs that span business and IT. Information management, analytics, financial standards. It also defines internal controls, internal audits, eLearning, labor laws and traditional IT governance policies and best practices. areas like asset management, security, and content management are inclusive Compliance technologies have of these needs. A holistic enterprise compliance platform must address both traditionally been control point the “top-down” business-facing processes and systems and the “bottom-up” IT solutions which help users conform controls of the organization. to a set of parameters for a specific risk or regulation (i.e. Sarbanes- Only by creating an enterprise-wide ecosystem that unifies the decision making Oxley). These technologies process between GRC, ITG, ERP, BI, and CPM systems can an organization fully typically implement transparency realize the value of its compliance programs. measures to assure outsiders that an organization is compliant. PAGE 6 Q1 2008 COMPLIANCE WWW.TRIPLE-TREE.COM MINNEAPOLIS 952.253.5300
  • 8. Figure 1: TripleTree’s Compliance Market Map Q-Diagram Business Risk and Compliance E nvironmental Indus try Specific F inancial Health & S afety R egulations C ontrols Internal Audit E thics P rograms F raud As s es s ment/AMC Strategic Storage C orporate F ilings Consulting Marketing C ompliance Framework Operational R is k C ontract Management S hared S ervices • Auditing / R eporting / Dashboards R is k Analytics Archival & IP /Knowledge Records • Analytics Enterprise Management Management • P olicy / P roces s Management IT Risk Apps • W orkflow Human R es ources • B est P ractices IT Compliance t • Legislative / Regulatory Training C ertification C apacity P lanning - S ox, B as el II, HIP AA, C OB IT ERP • Document Management P erformance Management Content eDis covery • Incident Management Security Management • C onsulting / Services IT S tandards / S OA Us er Activity Monitoring Data Management/ IL M ID Management & Database S egregation of Duty Partners Dis as ter R ecovery/ C ontinuity S ervic e Management P roject P ortfolio P roject P ortfolio R es ource C hange & C onfiguration As s et R es ource Management Management Management Management IT Risk and Compliance Source: TripleTree TripleTree has outlined a list of 30 representative control points within an enterprise risk and compliance management platform. Control points on the top half of the diagram are functions typically associated with business risk and compliance management. The bottom half of the diagram shows IT risk and compliance management control points. The Shared Services box in the center tie together compliance within the business units and the IT elements throughout an organization. These services help to better integrate governance, risk and compliance decision processes with other business goals. MINNEAPOLIS 952.253.5300 WWW.TRIPLE-TREE.COM Q1 2008 COMPLIANCE PAGE 7
  • 9. Figure 2: A “Top-Down/Bottom-Up” Approach to Compliance Business Risk and Compliance Foundation Common Based Engine Analytics Frameworks Extensible (SOA) IT Risk and Compliance Source: TripleTree This “top-down/bottom-up” model is considered a goal for many of today’s compliance providers as organizations ultimately will want a comprehensive solution from a trusted vendor. Engineered solutions designed to help an organization understand and manage its broad compliance initiatives efficiently will include automated control points for both the business units and IT. Because enterprise compliance suites are early in their evolution, organizations must work toward adopting a federated framework by integrating several point based controls into a unified system. Organizations that apply this federated approach should seek a pre-integrated multi-vendor solution based on a common data repository. This will help to maintain a holistic view of business risk and compliance initiatives that are in line with business processes. Moreover, the unified data repository will allow organizations to leverage common shared services and enable executives to make decisions based on a single, consistent data source as opposed to deciphering multiple disconnected data streams. PAGE 8 Q1 2008 COMPLIANCE WWW.TRIPLE-TREE.COM MINNEAPOLIS 952.253.5300
  • 10. MATURING PLATFORMS As stated, the fragmented market for compliance solutions has been comprised of a narrow set of control points, a limited set of regulations and some foundations in IT governance. Recent sector consolidation point toward a maturation of thinking by leading vendors. We predict the evolution of compliance solutions will be driven by leading enterprise software vendors and specialized compliance management vendors racing to fulfill enterprise compliance needs as represented in both halves of our Q-Diagram on page 7. Today’s compliance specialists are represented by a list of vendors offering both licensed software and SaaS-based solutions. • CA • Oracle • Resolver • Compliance 360 • OpenPages • SAP • HP • Paisley • Others • IBM • Protiviti Vendor comparisons are difficult since sector definitions and actual capabilities within the compliance stack do not match up. From the list above, each firm represents some functionality for financial controls, audit automation or regulatory control. Solution maturity is varied. Risk Management capabilities also vary widely among vendors. For instance, one vendor may have strong dashboard and reporting capabilities alerting users to compliance deficiencies, while another may take a more process-centric approach focused on deficiency remediation. Yet another vendor may have engineered strong ties into a business intelligence-centric, corporate performance management suite for complex analytics. A few vendors are messaging and delivering around a “top-down/bottom-up” approach by touching on several areas of business risk and compliance as well as IT risk and compliance. However, no single vendor (or ecosystem of ISVs) provides the comprehensive enterprise-wide compliance solution like the one outlined in our Q-Diagram. Consolidation - Further Defining the Sector Not surprisingly, global technology platform vendors like Oracle and SAP are beginning to push their GRC/compliance message and assemble their respective platforms. In terms of capability, market reach, and ability to execute, we consider the global vendors as the group most capable of assembling the functionally for a holistic enterprise compliance platform. Oracle’s strategy includes leading with its financial applications, middleware, content management (Stellent), and recently acquired compliance assets such as LogicalApps. Ecosystem partners (ISVs and service providers) will become increasingly important to Oracle as it broadens its compliance definition within its GRC strategy. SAP’s GRC strategy is based on the strength of its financial application platform, MINNEAPOLIS 952.253.5300 WWW.TRIPLE-TREE.COM Q1 2008 COMPLIANCE PAGE 9
  • 11. HCM, and supply chain assets. Newly acquired capabilities from the likes of Versa also play a significant role. SAP’s pending Business Objects acquisition foretells of an increasing focus on analytics and intelligence as a broader risk management strategy. Figure 3: Representative Compliance Market Activity Consolidation D ate B uyer Target D escription Business Risk and Compliance O ct-07 Wolters Kluwer PwC (TeamMate Software) Audit management & risk assessment O ct-07 O racle LogicalApps ERP compliance & monitoring software Sep-07 X erox Advectis Document management & collaboration SaaS Jun-07 Iron Mountain Accutrac Software Records management & compliance software Nov-06 Oracle Stellent Content management software Apr-06 SAP Virsa Systems, Inc. Segregation of duties; SOX compliance Feb-06 Fujitsu Consulting GIM Risk Management SOX compliance sysetms integration IT Risk and Compliance Sep-07 O racle Bridgestream Identity and access management Dec-06 IBM Consul Risk Management IT & compliance management software Jul-06 HP Mercury Business Technology Optimization (BTO) software Jun-05 CA Niku IT management and governance software As we foreshadow a consolidation trend, a range of potential consolidators come to mind. In addition to the obvious global enterprise software vendors, firms in the integrated information management, publishing, and document services sectors make interesting acquirers. Certain industry-focused vendors and offshore BPO vendors are also of consideration. Key Drivers: • Compliance is a top-of-mind category; • Global technology leaders in applications and infrastructure are racing to be seen as having the most extensive compliance management platform and by extension want to shape the category and its components; • While no single vendor can organically build a holistic platform today, (the “top-down/bottom-up approach”) compliance ecosystems (e.g. SAP’s recent linkage with Cisco Systems) will begin to emerge and consolidate in order to address multiple compliance requirements; • Disruptive delivery models like SaaS and hybrid solutions (SaaS- enabled BPO) will become more prevalent, just as they have in other software categories; • Since no clear sector leader exists, time-to-market is critical. Most of the global players know that a “buy” strategy is a more definitive path to market than “build/partner”; and • Non-traditional players view compliance as a necessary competence for up-sell and cross-sell revenue growth. 2008 will be a pivotal year for M&A in the sector. PAGE 10 Q1 2008 COMPLIANCE WWW.TRIPLE-TREE.COM MINNEAPOLIS 952.253.5300
  • 12. CONCLUSION The compliance automation category includes many components, such as compliance control point automation, GRC, IT Governance/IT-GRC, risk management, and risk analytics. Today, this category is one of the top areas of enterprise spend. Though the market is still somewhat undefined, the leading enterprise software vendors, pure-play ISVs, and several non-traditional players are working to redefine the category and establish a leadership position. This leadership position will be defined on a range of capabilities and compliance solution CEOs must therefore remain constantly aware of the criterion with which they are being evaluated in the market. Because of its importance to the C-Suite and the significant addressable market, TripleTree predicts that a host of players will aggressively pursue a leadership position through internal investment and acquisition. For these CEOs considering liquidity options, below are a few key points: • Market definitions are solidifying now, and over the next six quarters consolidation will conclude. • Depending on a number of factors, valuation guidelines for licensed software or services-centric compliance businesses will be in the 1-3x revenue range (TTM) with opportunities for premium value creation. • For pure-play SaaS businesses, recurring revenue growth will be a key metric for garnering a premium well in excess of licensed software businesses. • Once the initial wave of consolidation has concluded and enterprise vendors establish their platform strategies, additional tuck-under deals will occur, but likely at lower valuations. As an investment bank and strategic advisor, TripleTree is committed to helping emerging companies understand how to take advantage of trends like those outlined in this report. Over the next few quarters, our compliance research agenda and webcasts will further assess the evolving market, where disruption is likely, and review vendors delivering on their vision. We welcome the opportunity to learn more about your business and how we can help your team climb to the next plateau of market leadership. MINNEAPOLIS 952.253.5300 WWW.TRIPLE-TREE.COM Q1 2008 COMPLIANCE PAGE 11
  • 13. THE TEAM Kevin Green, Managing Partner • Co-founded TripleTree, LLC • 25+ years building and advising IT companies • Senior executive roles in public and private IT companies; two as CEO • Active with numerous industry associations, and Board of Directors, including SIIA and Connextions • BA and MBA, University of San Diego David Henderson, Managing Partner • Co-founded TripleTree, LLC • 22+ years in venture capital, business development and as a senior operating executive • Seven years of public accounting experience at Arthur Andersen • CEO of a $400 million asset bank holding company • Active Board of Director on several public and private companies • BA, Moorhead State University; Certified Public Accountant Scott Tudor, Managing Partner • Joined TripleTree in 1998 • Specializes in IT Outsourcing & Managed Services and Healthcare IT • Worked on more than 30 transactions with leading global companies such as UnitedHealth Group and Hewlett Packard • Served as TripleTree’s research chairman • BA and JD, University of Illinois; MBA, Carlson School of Management, University of Minnesota Chris Hoffmann, Senior Principal/Research Director, Technology • Joined TripleTree in 2005 • 19+ years of experience an operating executive, consultant, and analyst in the technology industry • Transaction activity focus in the areas of software and technology • Former President of Tier1 Research; executive positions at Gartner, GE Capital Consulting and IBM Global Services • BA, University of Minnesota-Duluth; advanced studies through the University of Minnesota and Michigan State University Brian Klemenhagen, Senior Principal • Joined TripleTree in 1999 with over ten years of combined investment banking and Wall Street equity research experience • Primary engagement manager across technology, software and outsourcing sectors • Principal contributor to TripleTree’s SaaS research • Prior to joining TripleTree was with RBC Dain Rauscher • BA, Gustavus Adolphus College; MBA, Carlson School of Management, University of Minnesota PAGE 12 Q1 2008 COMPLIANCE WWW.TRIPLE-TREE.COM MINNEAPOLIS 952.253.5300
  • 14. THE TEAM Scott Donahue, Principal • 15+ years financial strategy analysis and business development consultation including marketing, operations support, and technical product development • Expertise in IT operations and services delivery approaches • Wall Street experience • Served in management roles at leading IT firms • BA, University of California - Santa Barbara; MBA, University of Michigan Scott Prentice, Associate • Focus on M&A and private placement activity in the technology sector • Previously worked on M&A activity at Ingenix, a division of UnitedHealth Group • Prior experience included technology capital investment at Target Corporation and as an IT consultant with Computer Science Corporation • BA, Bethel College; MBA, Carlson School of Management, University of Minnesota Michael Boardman, Senior Analyst • Specializes in research and analysis of industry trends and investment opportunities within Software and IT Services • Prior experience includes an internship with Merrill Lynch • Held a Cisco Certified Networking Associate Degree (CCNA) • BA, University of Minnesota; BSB, Carlson School of Management, University of Minnesota Matthew Flores, Senior Analyst • Dedicated to research and analysis within Enterprise Software, Telco, and Wireless • Research and transaction experience with TripleTree’s Healthcare and Mobile Wireless Teams • BA, Bates College Jeff Kaplan, Senior Advisor • Advises TripleTree’s technology team • Founder and Managing Director of THINKstrategies • Founder of the Software as a Service (SaaS) Showplace® and Managed Service Showplace® • Founding member of the SIIA SaaS Executive Council • Frequent speaker at industry events and contributing columnist for BusinessWeek, Mass High Tech Journal, Financial Times of London, and Network World, among many other industry leading publications MINNEAPOLIS 952.253.5300 WWW.TRIPLE-TREE.COM Q! 2008 COMPLIANCE PAGE 13
  • 15. About TripleTree TripleTree, LLC is a research-based investment bank serving growth companies, investors and global acquirers. TripleTree conducts proprietary research that guides our work in M&A, growth capital and financial advisory services. Our value-based approach benefits technology- enabled businesses in sectors like healthcare, where technology and services are converging in new delivery models and in other industries where management and investors are in search of creative ways to penetrate and dominate markets and build value. TripleTree’s unique personality is shaped by the experience of our principals, who as former business builders and transaction advisors create strategic outcomes that maximize value for our clients. Copyright © 2008 by TripleTree, LLC t 952-253-5300 f 952-253-5301 7601 France Avenue South Suite 150 Minneapolis, Minnesota 55435 www.triple-tree.com