On 12 October 2009, during the Oracle OpenWorld governance, risk and compliance (GRC) keynote address, Oracle unveiled its first step toward integrating Hyperion Financial Management (HFM) with Oracle Enterprise Governance, Risk and Compliance Manager. This first integration enables more efficient risk-based audit planning.

Previously, Gartner has called to attention improvements in financial governance made possible by bringing together corporate performance management and GRC applications. Identification and effective management of risks in the "last mile of finance" can improve the close process, and linking key performance indicators (KPIs) and key risk indicators (KRIs) can further improve business performance. Although Oracle's early effort at integration of GRC applications with Hyperion has not reached those lofty goals, it has demonstrated the value of better decision support and analysis.

The OpenWorld Oracle demonstration showed how such integration can support scoping an audit more effectively. Enterprise GRC Manager, which is in beta and soon will be generally available, imports seamlessly the chart of accounts and organization hierarchy data from HFM. Enterprise GRC Manager correlates risks and controls to the chart of accounts, and filtering tools enable the user to sort the accounts in many ways — by geography, business unit, size of the account, variation and volatility, and by risk factors. The result is a scoped-down chart of accounts with associated risks and controls that form the basis of the audit.

This integration makes clear the benefits derived from applying risk-based decision support to an important business function. Oracle has also demonstrated integration of financial analytics with GRC and integration of some GRC continuous controls monitoring for Hyperion. Oracle and other vendors should do more to enable out-of-the-box integration of performance management and GRC.

Enterprises:

• If you are considering upgrading or acquiring Fusion editions of HFM and Enterprise GRC Manager, and will have both in-house, use this integration to focus audit efforts on the higher-risk accounts, reduce audit planning time and cut testing expenses.
• If you are considering acquiring an enterprise GRC platform, include the vendor's plans for performance management support as a consideration in the buying decision, as the integration of financial governance with operational risk and performance management has high business value.
• If you are an Oracle customer and seek to improve financial governance, push Oracle to clarify its road map for integration of Hyperion and GRC offerings.

• "Saving Money With Financial Governance Applications"— Financial governance applications improve the accuracy of financial statements and the underlying quality of financial/accounting data, enhancing the efficiency and cost-effectiveness of the financial management process. By John Van Decker
• "2009 Gartner FEI Technology Study: U.S. Compliance and GRC Technologies"— As a best practice, IT organizations should proactively advise the CFO on solutions for compliance and risk management to better support business performance. By John Van Decker and French Caldwell

(You may need to sign in or be a Gartner client to access the documents referenced in this First Take.)