The convergence of GRC and cybersecurity reflects a broader need for enterprise-wide discipline, built not only on strong policies but on technical safeguards that anticipate and prevent failure. According to Oracle’s  Modern Defense-in-Depth framework, today’s ERP systems require a layered security strategy that spans physical, network, identity, application, and data layers—recognizing that vulnerabilities may arise anywhere across this interconnected landscape.

The principle of least privilege, for instance, must now apply to both users and applications. Yet many organizations still struggle with basic role hygiene and segregation of duties. According to the 2023 IBM Cost of a Data Breach report, misconfigured systems and compromised credentials accounted for 24% of breaches, with the average breach in a hybrid cloud environment costing $3.8 million. Within ERP systems, even seemingly minor oversights—such as improperly cloned test environments or excessive admin access—can open doors to fraud or attack, as history and case law continue to show.

To effectively manage these risks, organizations need to adopt a proactive mindset. This means treating GRC and cybersecurity not as parallel disciplines, but as two halves of a continuous control system. As Oracle’s guidance emphasizes, “no single security control is sufficient”; defense-in-depth requires controls at every stage of the ERP lifecycle—from user access and role provisioning to change management, file uploads, and integration endpoints.

Beyond technical measures, education remains a vital defense. Enterprise employees—from line workers to board members—must be trained to recognize social engineering, phishing, and data-sharing risks. Generative AI is already being used to automate scam creation and evade detection, accelerating the need for real-time monitoring and adaptive security systems. As AI is weaponized by both defenders and attackers, human judgment—sharpened by context and continuous learning—will remain essential.

What this means for ERP insiders

Master the fundamentals of GRC. ERP and IT leaders should adopt a layered security strategy aligned with zero-trust principles. Begin with identity and access management (IAM), enforcing multifactor authentication, role-based provisioning, and periodic audits of privileged users. Extend GRC to encompass all data exchanges, integrations, and extensions beyond the ERP core. Leverage automation in security operations—using AI to detect anomalies in financial transactions, user behavior, and third-party interactions. Equip business and HR leaders with a clear GRC roadmap, making risk management a shared priority. Align with board-level expectations by regularly reporting on metrics such as time to detect, mean time to contain, and control coverage.

Embed GRC and cybersecurity controls at design stage of ERP modernization. Several organizations are already achieving measurable results from integrated ERP security strategies. For instance, a U.S.-based aerospace manufacturer leveraging Oracle ERP Cloud and Autonomous Database reported a 70% reduction in time spent on audits and eliminated over 2,500 orphaned roles across its global instance. Another multinational used AI-driven user behavior analytics to prevent a six-figure payment fraud attempt by identifying an unusual pattern in invoice approvals. These outcomes are not isolated—organizations that embed GRC and cybersecurity controls at the design stage of ERP modernization projects are seeing faster compliance cycles, fewer breaches, and greater agility in adapting to regulatory changes.

Market outlook foretells GRC as competitive advantage. The global market for GRC platforms is expected to grow at a CAGR of 12.6%, reaching $75 billion by 2030, while cybersecurity spending in the ERP segment is projected to increase by 17% annually through 2027. With regulatory pressure intensifying—driven by GDPR, DORA, and evolving ESG mandates—organizations can no longer afford siloed risk management. ERP vendors like Oracle, SAP, and Microsoft are embedding AI-native security features and GRC dashboards directly into their cloud platforms. In this environment, the winners will be those who invest early in intelligent, automated defenses—and who treat GRC not as a cost center, but as a competitive advantage.

The post GRC and Cybersecurity: Rethinking Risk in the Era of ERP Modernization appeared first on ERP Today.

With Oracle ceasing active development and only offering Sustaining Support, organizations must act now to mitigate compliance risks and transition to alternative solutions. The end of Oracle GRC impacts multiple business functions, from finance and audit to IT security and enterprise risk management. If your company hasn’t begun planning for this shift, you may soon find yourself exposed to compliance gaps, operational inefficiencies, and security vulnerabilities.

Who is Affected by the End of Oracle GRC?

The discontinuation of Oracle GRC will have widespread consequences across key business functions, particularly those responsible for governance, risk management, compliance, finance, and IT security. As such, organizations must be prepared for a fundamental shift in how they manage these critical areas.

Governance, Risk, and Compliance (GRC) professionals will be among the most directly affected by Oracle GRC’s sunset. These individuals rely heavily on the platform to enforce regulatory policies, automate risk detection, and manage internal controls. GRC managers and analysts will therefore need to evaluate alternative platforms to ensure continuity in risk monitoring and policy enforcement.

Internal auditors, who depend on Oracle GRC’s automated tracking and reporting capabilities, will also have to reassess their audit workflows and find new tools that allow them to maintain efficiency and transparency in compliance reporting.

Compliance officers will also be impacted, as they will need to redefine their regulatory frameworks, ensuring that their organizations continue to meet industry and legal standards despite the absence of Oracle GRC’s built-in compliance tools.

IT and security teams will face significant challenges as well. Chief Information Security Officers (CISOs) and security analysts must implement new security frameworks and policies to maintain the same level of access control and governance that Oracle GRC provided. Without a clear transition plan, organizations risk introducing security vulnerabilities and compliance gaps. ERP administrators, who oversee security configurations and user access rules, will play a crucial role in ensuring that alternative solutions are seamlessly integrated into existing enterprise systems. These teams must work swiftly to migrate identity and access management policies to a new platform, ensuring that critical security controls remain intact and business operations are not disrupted.

Financial and accounting leadership will also experience major disruptions. Chief Financial Officers (CFOs) and financial controllers have depended on Oracle GRC to oversee financial governance, fraud detection, and compliance with ever-evolving financial regulations. Without it, they must identify and implement new solutions that offer similar capabilities to prevent financial misstatements and ensure compliance. Meanwhile, accounts payable and receivable managers will need to integrate new fraud detection and transaction monitoring solutions to maintain visibility and control over financial transactions. Failing to do so could expose organizations to financial fraud risks and regulatory penalties.

Oracle ERP and technology consultants will be instrumental in guiding businesses through this transition. As companies evaluate their next steps, ERP consultants and solution architects will need to identify the best alternatives to Oracle GRC, ensuring that any new solution integrates seamlessly with existing Oracle ERP systems. In particular, technology advisors should be tasked with assessing third-party risk management platforms, determining which options best align with an organization’s unique compliance needs, and assisting in the technical implementation of new governance tools.

The discontinuation of Oracle GRC will have far-reaching effects

What Are Your Options?

With Oracle GRC being phased out, businesses must explore alternative solutions. While Oracle recommends transitioning to Oracle Risk Management Cloud, this solution does not fully replicate all functionalities of the legacy GRC suite—particularly Oracle Preventive Controls Governor (PCG). As a result, companies must carefully evaluate their options to maintain strong compliance and security frameworks.

1. Transition to Oracle Risk Management Cloud

Oracle’s cloud-based Risk Management Cloud offers some access control and risk monitoring capabilities, particularly in areas such as audit management and transaction monitoring. However, it lacks certain key functionalities that Oracle GRC users may be accustomed to, particularly in preventive control enforcement. Organizations considering this route should conduct a detailed gap analysis to determine whether the Oracle Risk Management Cloud meets all their governance needs or if additional solutions are required.

2. Consider Third-Party GRC Solutions

Many enterprises may find that third-party GRC platforms provide a more comprehensive alternative to Oracle GRC. Several industry-leading solutions offer robust compliance, risk, and security management capabilities, including:

• SAP GRC solutions – A strong alternative for organizations that already operate within the SAP ecosystem. With tools such as SAP Risk Management and SAP Business Integrity, the ERP giant provides comprehensive risk, compliance, and audit management functionalities.
• Microsoft Purview Compliance Manager – An ideal option for organizations heavily invested in the Microsoft ecosystem, offering compliance tracking, data governance, and risk assessment.
• IBM OpenPages – A robust enterprise risk and compliance management platform that integrates AI-driven insights for governance and regulatory reporting.
• ServiceNow GRC solutions – ServiceNow’s platform includes cloud-based risk and compliance management solutions that offer automation, workflow integration, and real-time monitoring to support enterprise-wide governance frameworks.

Each of these solutions offers different features and capabilities, so organizations should conduct thorough evaluations to determine which best fits their needs.

3. Evaluate Custom & Hybrid Approaches

Some organizations may opt for a custom or hybrid approach to governance and compliance management. This might involve integrating multiple tools to achieve the same functionality that Oracle GRC provided or developing in-house risk management frameworks tailored to specific business needs. While this approach offers greater flexibility, it also requires a strong commitment to ongoing maintenance and development.

A successful transition from Oracle GRC requires careful planning and execution

Steps to Prepare for the Transition

To ensure a seamless transition away from Oracle GRC, organizations should take a structured approach:

• Conduct an Impact Assessment – Identify the specific GRC modules in use and assess the risks associated with their discontinuation.
• Evaluate Alternative Solutions – Compare Oracle Risk Management Cloud with third-party platforms and determine the best fit for your business needs.
• Develop a Transition Roadmap – Establish clear timelines, allocate resources, and define key milestones for migrating to a new GRC solution.
• Engage ERP & Compliance Experts – Work with consultants, compliance specialists, and ERP advisors to facilitate a smooth transition.
• Communicate with Stakeholders – Keep all affected teams informed about the changes, and provide training to ensure smooth adoption of new tools and processes.

The Time to Act is Now

The retirement of Oracle GRC is more than just an IT concern — it is a business-critical issue that impacts compliance, security, and financial oversight. Organizations that fail to prepare adequately risk exposing themselves to regulatory violations, fraud, and operational inefficiencies. The window to make a proactive transition is closing quickly, and delaying action could lead to costly disruptions.

Businesses must take immediate steps to assess their options, implement alternative solutions, and ensure they remain compliant in a post-Oracle GRC landscape. Whether adopting Oracle Risk Management Cloud, migrating to third-party platforms, or implementing custom solutions, success will depend on proactive planning and a well-executed transition strategy.

Is your organization ready for the end of Oracle GRC? If not, the time to prepare is now.

What this means for ERP Insiders

Act Now to Ensure Continuity: The discontinuation of Oracle GRC will have far-reaching effects across governance, risk management, IT security, and finance functions. Organizations must act quickly to identify alternative solutions that ensure ongoing compliance, security, and efficient operational processes. The risk of falling behind in adapting to new systems could lead to vulnerabilities, regulatory gaps, and inefficiencies, all of which could expose businesses to significant risks. The time to prepare for this transition is now to safeguard critical business functions.

Assess and Implement New Solutions: Organizations must thoroughly evaluate both Oracle Risk Management Cloud and third-party GRC platforms to identify the best alternative that meets their specific needs. It’s crucial to conduct a detailed gap analysis to ensure the selected platform covers all necessary functions such as risk monitoring, audit automation, and compliance enforcement. Whether transitioning to an Oracle-based solution or adopting a third-party tool, the chosen platform must integrate seamlessly with existing enterprise systems to prevent disruptions in governance and security practices.

Plan and Execute a Transition Strategy: A successful transition from Oracle GRC requires careful planning and execution. Businesses should develop a comprehensive roadmap that outlines clear timelines, resource allocation, and key milestones. Engaging ERP consultants, compliance experts, and other relevant stakeholders will be crucial in ensuring the transition is executed smoothly. Communication is key throughout this process—teams across the organization must be informed about the changes, receive appropriate training, and be supported in adapting to new tools and processes to maintain business continuity.

The post The End of Oracle GRC: Are You Ready? appeared first on ERP Today.

“Governance, risk, and compliance has long been a pain point for organizations, and despite the improvements we’ve seen in recent years, it’s clear many of those challenges still exist today, making it difficult for business to properly maintain their GRC program and effectively maintain trust.” said Matt Hillary, Drata VP of Security and CISO.

GRC Gains Strategic Importance Amid AI Growth & Regulatory Pressure

As AI adoption surges and global regulations tighten, companies face heightened scrutiny in protecting sensitive data and ensuring ethical business practices. According to the report, 96% of GRC professionals attribute increased attention to GRC to high-profile data breaches and compliance fines.

This is why companies need a well-structured GRC framework – it helps them align their strategic goals with legal, ethical, and security requirements, reducing financial and reputational risks, particularly as it pertains to regulatory compliance. With increasing data protection laws like GDPR, CCPA, and the EU AI Act, companies must demonstrate accountability and transparency in managing sensitive information. Failure to comply can lead to hefty fines, legal consequences, and loss of customer trust.

GRC also plays a critical role in risk management by identifying, assessing, and mitigating operational, cybersecurity, and financial risks. Organizations with a robust GRC strategy can proactively address security threats, prevent fraud, and ensure business continuity.

Additionally, GRC enhances decision-making by integrating governance policies with corporate performance. A well-implemented GRC strategy fosters a culture of accountability and ethical business practices, leading to stronger stakeholder confidence and long-term success.

Ultimately, businesses that prioritize GRC gain a competitive advantage by reducing risks, improving compliance, and strengthening trust with customers, investors, and regulators.

With businesses under growing regulatory pressure, 45% of respondents express concerns about balancing compliance with innovation, ensuring data privacy and protection, and maintaining operational resilience. As customer expectations around transparency and security increase, GRC is evolving from a regulatory requirement to a strategic enabler of long-term business success.

A staggering 98% of professionals believe GRC accomplishments should be actively communicated to customers and stakeholders to build trust and reinforce business credibility.

The Cost of Poor GRC Practices

Unfortunately, many companies still have issues implementing and adhering to successful GRC strategies. Companies that fail to maintain strong compliance postures and GRC processes experience serious consequences:

• 51% report brand safety and reputation damage due to compliance failures.
• 49% have suffered security or data breaches due to inadequate GRC strategies.
• 48% of GRC professionals struggle to keep pace with evolving compliance frameworks and identifying high-risk areas.

These findings underscore the financial and reputational risks businesses face when they fail to prioritize GRC.

AI’s Role in GRC: Opportunities & Challenges

The report highlights AI’s rapid adoption in the workplace, with 100% of surveyed companies expecting an increase in AI usage among employees within the next year. However, despite AI’s growing influence:

• 46% of professionals believe AI will enhance regulatory compliance by improving automation and risk analysis.
• However, 43% are concerned about AI bias, which could impact GRC decision-making.
• 39% fear AI “hallucinations”—instances where AI provides inaccurate or misleading compliance guidance.

These findings indicate that while AI offers automation and efficiency benefits, businesses must strengthen AI governance to mitigate potential risks.

“In addition to adding more compliance frameworks to their program, security and GRC teams should anticipate significant changes to the GRC function as a result of AI. GRC teams who aren’t prepared for these changes will experience major roadblocks with scaling their compliance programs and up-leveling their organizations to meet these demands,” said Hillary.

What This Means for ERP insiders

GRC as a business differentiator, companies should treat it accordingly. Drata’s report emphasizes that GRC is no longer just a regulatory requirement—it’s a business imperative. As AI integration grows and regulations become more complex, companies that prioritize strong GRC strategies will protect their reputations, maintain compliance, and build long-term trust with customers. However, only 10% of organizations have a fully prepared GRC program to manage AI-related risks.

Automation holds the future of GRC. Though more than 90% of companies acknowledge that AI and automation can be beneficial for their GRC practices, usage remains low. Fewer than 40% of companies are using automation for tools like Integrated Identity and Access Management, automated role provisioning and management, or fraud detection. Still GRC professionals are spending an average of 14 hours per week on manual interventions. This reliance on time-consuming processes indicates a pressing need for automation and AI-driven GRC solutions to enhance efficiency and accuracy.

Avoiding compromise or breaches should be a higher priority.

With roughly 50% of companies struggling to adhere to basic GRC principles, companies need to adopt an organizational attitude that prioritizes risk mitigation and compliance. Businesses must invest in automated GRC tools, AI governance frameworks, and proactive compliance strategies to stay ahead in an evolving landscape, but this can all fall flat without buy-in at every level and from every team within an organization.

The post Drata Unveils new GRC Findings on AI, Regulation, and More appeared first on ERP Today.

As Marc Jeschonneck, global assurance digital leader at EY, puts it, “The rapidly changing ecosystem – from geopolitical risks to transforming business models – is at the heart of what auditors face today”. This influences auditors’ move to adapt to environments shaped by volatile global events and swift business transformations. Identifying and addressing key risks in the field is becoming crucial, as is aligning auditing practices with new business models.

Adding to this complexity are changing expectations from clients and professionals alike. Jeschonneck emphasizes the dual pressures: “Clients expect auditors to not only reduce the burden of routine tasks but also steer them through transformations.” Similarly, younger professionals, particularly Gen Z, demand a modernized approach that leverages advanced tools and aligns with their digital-first mindset.

Technology as a catalyst

The adoption of advanced technologies in auditing is progressively transforming the way auditors operate. As noted by Paul Goodhew, global assurance innovation and emerging technology leader at EY, his organization is currently “undergoing a $1bn transformation in technology for our people and clients”. Technologies like AI, blockchain and advanced data analytics are reshaping the profession, enabling auditors to better understand client risks, optimize processes and provide insights with unprecedented speed and accuracy.

Unsurprisingly, generative AI has emerged as a key priority in the field as Jeschonneck explains, “While many clients are still at the early stages of adopting AI, its potential in forecasting, transaction matching and document intelligence is undeniable”. For auditors, AI presents an opportunity to enhance the accuracy of financial reporting and streamline processes, freeing up professionals to focus on higher-value tasks.

Another technology once seen as a disruptor, blockchain, has now found its niche in auditing digital assets. “We need to understand and audit digital assets as part of our procedures,” says Goodhew, with EY’s blockchain analyzer becoming an example of how auditors are leveraging technology to manage emerging risks and opportunities.

Risks in emerging technologies

While advanced technologies offer various new opportunities, they also bring risks that auditors must stay alert for. From cybersecurity threats to AI-generated errors, the stakes are high. Discussing this, Goodhew highlights the importance of governance frameworks, noting, “AI’s risks – such as explainability, hallucinations and regulatory compliance – must be managed carefully”.

In a bid to address these challenges, EY has developed the Assurance AI Framework, which incorporates principles of responsible AI to guide auditors in identifying and mitigating risks. As Jeschonneck points out, “We spotted the need for auditors to have a pragmatic yet comprehensive framework to address emerging risks”.

Moreover, auditors must keep pace with global regulatory requirements, such as the EU AI Act, which demands robust compliance measures. By integrating technology risk management into their workflows, auditors can proactively address potential vulnerabilities while maintaining trust with clients and stakeholders.

Tools and training for the future

Technology integration in auditing is supported by robust tools and training programs. For example, EY’s Canvas and Helix platforms provide auditors with advanced workflows and data analytics capabilities. Goodhew shares an example: “Canvas AI compares risks across engagements and uses external data to recommend adjustments to audit strategies.” Such tools empower auditors to make data-driven decisions, enhancing efficiency and accuracy.

To prepare auditors for emerging technologies, EY involves professionals in the development and testing of new tools. “We’ve engaged 10,000 auditors in testing technology,” says Jeschonneck. Programs like digital badges and specialized networks further equip auditors with the skills they need to thrive in a tech-driven environment.

Another standout initiative is EYQ Assurance Knowledge, a generative AI-powered tool that integrates with EY’s knowledge base, which Goodhew explains “enables auditors to quickly access relevant methodology and standards, saving time and ensuring accuracy”.

Balancing opportunities and risks

The integration of advanced technologies into auditing is both a challenge and an opportunity. Cybersecurity, sustainability and cost optimization are key considerations as auditors navigate this new landscape. For this reason, Jeschonneck cautions that “Technology brings opportunities to optimize processes and meet client demands, but it also requires us to deeply understand and address emerging risks”.

For auditors, the future may lie in embracing these advancements while maintaining the principles of governance, risk management and security. By leveraging technology responsibly, auditors can not only meet the evolving needs of their clients but also contribute to a more resilient and transparent financial ecosystem.

Advanced technologies are transforming auditing, offering tools to address complex challenges and unlock new opportunities. With robust frameworks, continuous learning and a commitment to innovation, auditors are well-equipped to navigate the ever-changing landscape and build a sustainable future for the profession.

The post Governance, risk and security: Opportunities of advanced technologies for auditors appeared first on ERP Today.

In Spring 2024, Wolters Kluwer’s Legal & Regulatory division unveiled new AI-enhanced capabilities for its Legisway platform, an all-in-one SaaS legal information and contract management tool for corporate legal departments. The introduction of advanced natural language processing (NLP) allows users to query contracts effortlessly, boosting the speed and accuracy of contract reviews. This functionality is part of a broader effort to streamline corporate legal work, reduce risk, and enhance collaboration, particularly through the newly introduced Legal Services Portal which simplifies the management of legal support requests.

Later in the year, the company introduced the OneSumX Reg Manager, a powerful AI solution designed for U.S. community banks and credit unions. This tool provides a dedicated workflow to help these institutions manage the complex regulatory landscape. By integrating AI with Wolters Kluwer’s expansive compliance expertise, it automates the monitoring of regulatory changes and ensures that community banks and credit unions can stay ahead of evolving requirements, thus reducing the risk of non-compliance.

The Dutch compliance leader then updated CCH Tagetik, its Corporate Performance Management tool designed to seamlessly integrate with a wide array of ERPs, Customer Relationship Management (CRM) systems, Microsoft Office, and various data formats, offering connectors for SAP, Microsoft, and Qlik.

May’s advancements in the CCH Tagetik Intelligent Platform show how cutting-edge technologies are predicted to drive a new era of efficiency, accuracy, and strategic capability within the Office of the CFO. Designed to empower finance professionals, the platform unlocks unparalleled potential by democratizing access to meaningful financial data, accelerating decision-making, and providing powerful tools for managing massive datasets with unprecedented speed.

Central to this transformation is the introduction of generative AI functionality, such as the innovative “Ask AI” feature. By enabling real-time, visual responses to natural language queries—whether via text or voice—finance teams can likely engage with their systems more intuitively than ever before. Wolters Kluwer estimates that these capabilities will significantly enhance productivity, allowing professionals to dedicate more resources to high-value activities such as analytics, strategic decision support, and innovation.

Data governance and accuracy have also seen a marked improvement through AI Automapping, which streamlines data collection and ensures compliance, and AI Anomaly Detection, which safeguards data integrity by flagging unusual or abnormal patterns. Additionally, the platform’s Intelligent Disclosure functionality dynamically links financial, non-financial, and ESG data to ensure that reports, filings, and presentations remain accurate and up to date. These capabilities reflect a broader trend across industries, where automation is replacing manual, error-prone processes with tools that offer greater speed, consistency, and reliability.

AI’s role in financial analysis and reporting is equally transformative. The CCH Tagetik Intelligent Platform integrates sophisticated analytics and visualization tools, enabling self-service reporting and dynamic dashboarding. Features like AI Driver-Based Analysis allow finance teams to quickly identify key business drivers and areas of exponential growth, while Predictive Intelligence and Transaction Matching improve forecasting and decision-making processes. These tools empower organizations to not only react to changes but to anticipate them, fostering a forward-looking approach to risk and compliance.

Wolters Kluwer brings AI to Legal, Lending, and Auditing

In September 2024, Wolters Kluwer launched the VitalLaw AI feature, a considerable enhancement to its legal research platform. This AI-driven functionality enhances legal professionals’ productivity by offering intuitive, safe, and reliable AI-generated answers. The platform offers dynamic document summarization, executive summaries, checklists, and simplified legal terminology, enabling professionals to communicate complex legal matters more effectively. Furthermore, the inclusion of “editor-in-the-loop” technology ensures accuracy and relevance in AI-generated responses with human assistance, promoting continuous improvement based on user feedback.

By December, Wolters Kluwer had further advanced its AI capabilities with updates to its TeamMate+ audit management platform. The introduction of Multi-Year Audit Planning and a Business Rules Engine allows audit teams to automate planning processes and ensure compliance with industry standards. These innovations enable audit professionals to manage audits across multiple periods, ensuring regulatory compliance with greater efficiency, while maintaining data accuracy and integrity.

Most recently, Wolters Kluwer extended its AI applications to the lending sector with the launch of iLien Borrower Analytics. This AI-powered solution simplifies the lien search and due diligence process for lenders by providing actionable intelligence reports. By automating the analysis of Uniform Commercial Code (UCC) filings, the solution helps lenders evaluate collateral assets, making quicker and more informed lending decisions while reducing manual review time.

With AI now embedded in approximately 50% of its digital revenues, Wolters Kluwer’s strategic push for AI in GRC and legal solutions showcases its commitment to reshaping industries. AI and automation are redefining the governance, risk, and compliance space, making processes more intelligent, efficient, and adaptive. Tools now offer the ability to proactively monitor regulations, manage internal controls, and simplify intricate workflows.

Wolters Kluwer aims to stand at the forefront of this transformation, integrating its decades of expertise with cutting-edge AI technology to help organizations navigate the complexities of compliance, reduce risk, and drive innovation in GRC management. Its innovations not only aim to streamline complex processes but also empower legal, compliance, and audit professionals with the tools to drive better outcomes, reduce risk, and remain at the forefront of their respective fields. The company’s deep integration of AI across diverse platforms highlights its role as a leader in the development of intelligent, scalable solutions for professionals worldwide. This evolution signals a broader shift across industries—one where automation and AI are not just tools but essential components of strategic success in an increasingly regulated world.

What this means for ERP Insiders

Revolutionizing Regulatory Monitoring and Risk Mitigation: Recent Wellesley Information Services research in The CIO’s Transformation Report Card showed that automation and standardization of business processes is the top transformation project (52%) for CIOs today. AI and automation are fundamentally changing how organizations approach regulatory compliance by automating the tracking, mapping, and implementation of updates across jurisdictions. This shift reduces reliance on manual processes, allowing for faster and more accurate responses to regulatory changes. Wolters Kluwer’s innovative solutions, such as those with automated regulatory feeds and AI-enabled content libraries, exemplify this transformation. By streamlining how compliance risks are identified and addressed, organizations can adopt a more proactive and efficient approach to managing regulatory complexity. Wolters Kluwer’s CCH Tagetik Intelligent Platform exemplifies this by embedding AI, ensuring more efficient processes, better strategic alignment, and enhanced transparency in both financial and regulatory reporting using data integration from ERP platforms from SAP and Microsoft.

Streamlining Workflows and Driving Efficiency: Across the GRC landscape, AI is enhancing productivity by simplifying traditionally time-intensive processes such as contract management, audits, and compliance reporting. Automated workflows, natural language processing, and advanced collaboration tools are eliminating bottlenecks and enabling teams to work smarter. Wolters Kluwer’s platforms, including VitalLaw AI and Legisway, demonstrate how these technologies are improving efficiency by providing tools that generate summaries, automate audit planning, and enable seamless collaboration. These advancements are reducing operational burdens and allowing organizations to focus on strategic priorities.

Empowering Decision-Making with AI-Enhanced Insights: AI is empowering organizations to make better, faster decisions by delivering actionable insights from complex legal, compliance, and risk data. The ability to summarize documents, analyze borrower data, and generate checklists ensures greater clarity and accuracy. Wolters Kluwer’s AI-driven tools, such as iLien Borrower Analytics, highlight how automation is not just streamlining processes but also enhancing decision-making. With these innovations, organizations can confidently address risks, communicate complex information, and implement strategies aligned with compliance and business goals.

The post How Wolters Kluwer leverages AI for transforming GRC Solutions appeared first on ERP Today.

With Oracle ceasing active development and only offering Sustaining Support, organizations must act now to mitigate compliance risks and transition to alternative solutions. The end of Oracle GRC impacts multiple business functions, from finance and audit to IT security and enterprise risk management. If your company hasn’t begun planning for this shift, you may soon find yourself exposed to compliance gaps, operational inefficiencies, and security vulnerabilities.

Who is Affected by the End of Oracle GRC?

The discontinuation of Oracle GRC will have widespread consequences across key business functions, particularly those responsible for governance, risk management, compliance, finance, and IT security. As such, organizations must be prepared for a fundamental shift in how they manage these critical areas.

Governance, Risk, and Compliance (GRC) professionals will be among the most directly affected by Oracle GRC’s sunset. These individuals rely heavily on the platform to enforce regulatory policies, automate risk detection, and manage internal controls. GRC managers and analysts will therefore need to evaluate alternative platforms to ensure continuity in risk monitoring and policy enforcement.

Internal auditors, who depend on Oracle GRC’s automated tracking and reporting capabilities, will also have to reassess their audit workflows and find new tools that allow them to maintain efficiency and transparency in compliance reporting.

Compliance officers will also be impacted, as they will need to redefine their regulatory frameworks, ensuring that their organizations continue to meet industry and legal standards despite the absence of Oracle GRC’s built-in compliance tools.

IT and security teams will face significant challenges as well. Chief Information Security Officers (CISOs) and security analysts must implement new security frameworks and policies to maintain the same level of access control and governance that Oracle GRC provided. Without a clear transition plan, organizations risk introducing security vulnerabilities and compliance gaps. ERP administrators, who oversee security configurations and user access rules, will play a crucial role in ensuring that alternative solutions are seamlessly integrated into existing enterprise systems. These teams must work swiftly to migrate identity and access management policies to a new platform, ensuring that critical security controls remain intact and business operations are not disrupted.

Financial and accounting leadership will also experience major disruptions. Chief Financial Officers (CFOs) and financial controllers have depended on Oracle GRC to oversee financial governance, fraud detection, and compliance with ever-evolving financial regulations. Without it, they must identify and implement new solutions that offer similar capabilities to prevent financial misstatements and ensure compliance. Meanwhile, accounts payable and receivable managers will need to integrate new fraud detection and transaction monitoring solutions to maintain visibility and control over financial transactions. Failing to do so could expose organizations to financial fraud risks and regulatory penalties.

Oracle ERP and technology consultants will be instrumental in guiding businesses through this transition. As companies evaluate their next steps, ERP consultants and solution architects will need to identify the best alternatives to Oracle GRC, ensuring that any new solution integrates seamlessly with existing Oracle ERP systems. In particular, technology advisors should be tasked with assessing third-party risk management platforms, determining which options best align with an organization’s unique compliance needs, and assisting in the technical implementation of new governance tools.

What Are Your Options?

With Oracle GRC being phased out, businesses must explore alternative solutions. While Oracle recommends transitioning to Oracle Risk Management Cloud, this solution does not fully replicate all functionalities of the legacy GRC suite—particularly Oracle Preventive Controls Governor (PCG). As a result, companies must carefully evaluate their options to maintain strong compliance and security frameworks.

1. Transition to Oracle Risk Management Cloud

Oracle’s cloud-based Risk Management Cloud offers some access control and risk monitoring capabilities, particularly in areas such as audit management and transaction monitoring. However, it lacks certain key functionalities that Oracle GRC users may be accustomed to, particularly in preventive control enforcement. Organizations considering this route should conduct a detailed gap analysis to determine whether the Oracle Risk Management Cloud meets all their governance needs or if additional solutions are required.

2. Consider Third-Party GRC Solutions

Many enterprises may find that third-party GRC platforms provide a more comprehensive alternative to Oracle GRC. Several industry-leading solutions offer robust compliance, risk, and security management capabilities, including:

• SAP GRC solutions – A strong alternative for organizations that already operate within the SAP ecosystem. With tools such as SAP Risk Management and SAP Business Integrity, the ERP giant provides comprehensive risk, compliance, and audit management functionalities.
• Microsoft Purview Compliance Manager – An ideal option for organizations heavily invested in the Microsoft ecosystem, offering compliance tracking, data governance, and risk assessment.
• IBM OpenPages – A robust enterprise risk and compliance management platform that integrates AI-driven insights for governance and regulatory reporting.
• ServiceNow GRC solutions – ServiceNow’s platform includes cloud-based risk and compliance management solutions that offer automation, workflow integration, and real-time monitoring to support enterprise-wide governance frameworks.

Each of these solutions offers different features and capabilities, so organizations should conduct thorough evaluations to determine which best fits their needs.

3. Evaluate Custom & Hybrid Approaches

Some organizations may opt for a custom or hybrid approach to governance and compliance management. This might involve integrating multiple tools to achieve the same functionality that Oracle GRC provided or developing in-house risk management frameworks tailored to specific business needs. While this approach offers greater flexibility, it also requires a strong commitment to ongoing maintenance and development.

Steps to Prepare for the Transition

To ensure a seamless transition away from Oracle GRC, organizations should take a structured approach:

• Conduct an Impact Assessment – Identify the specific GRC modules in use and assess the risks associated with their discontinuation.
• Evaluate Alternative Solutions – Compare Oracle Risk Management Cloud with third-party platforms and determine the best fit for your business needs.
• Develop a Transition Roadmap – Establish clear timelines, allocate resources, and define key milestones for migrating to a new GRC solution.
• Engage ERP & Compliance Experts – Work with consultants, compliance specialists, and ERP advisors to facilitate a smooth transition.
• Communicate with Stakeholders – Keep all affected teams informed about the changes, and provide training to ensure smooth adoption of new tools and processes.

The Time to Act is Now

The retirement of Oracle GRC is more than just an IT concern — it is a business-critical issue that impacts compliance, security, and financial oversight. Organizations that fail to prepare adequately risk exposing themselves to regulatory violations, fraud, and operational inefficiencies. The window to make a proactive transition is closing quickly, and delaying action could lead to costly disruptions.

Businesses must take immediate steps to assess their options, implement alternative solutions, and ensure they remain compliant in a post-Oracle GRC landscape. Whether adopting Oracle Risk Management Cloud, migrating to third-party platforms, or implementing custom solutions, success will depend on proactive planning and a well-executed transition strategy.

Is your organization ready for the end of Oracle GRC? If not, the time to prepare is now.

What this means for ERP Insiders

• Act Now to Ensure Continuity: The discontinuation of Oracle GRC will have far-reaching effects across governance, risk management, IT security, and finance functions. Organizations must act quickly to identify alternative solutions that ensure ongoing compliance, security, and efficient operational processes. The risk of falling behind in adapting to new systems could lead to vulnerabilities, regulatory gaps, and inefficiencies, all of which could expose businesses to significant risks. The time to prepare for this transition is now to safeguard critical business functions.
• Assess and Implement New Solutions: Organizations must thoroughly evaluate both Oracle Risk Management Cloud and third-party GRC platforms to identify the best alternative that meets their specific needs. It’s crucial to conduct a detailed gap analysis to ensure the selected platform covers all necessary functions such as risk monitoring, audit automation, and compliance enforcement. Whether transitioning to an Oracle-based solution or adopting a third-party tool, the chosen platform must integrate seamlessly with existing enterprise systems to prevent disruptions in governance and security practices.
• Plan and Execute a Transition Strategy: A successful transition from Oracle GRC requires careful planning and execution. Businesses should develop a comprehensive roadmap that outlines clear timelines, resource allocation, and key milestones. Engaging ERP consultants, compliance experts, and other relevant stakeholders will be crucial in ensuring the transition is executed smoothly. Communication is key throughout this process—teams across the organization must be informed about the changes, receive appropriate training, and be supported in adapting to new tools and processes to maintain business continuity.

The post The End of Oracle GRC: Are You Ready? appeared first on ERP Today.

Developed on the Oracle NetSuite SuiteCloud platform, the SuiteApp integrates with the Diligent One Platform to provide organizations with secure access to financial metrics and insights across risk, compliance audit and ESG domains. It also offers board education and best practice resources to enhance governance practices.

Brian Stafford, president and CEO of Diligent, explained that Diligent Boards for NetSuite combines NetSuite’s comprehensive ERP capabilities with the Diligent One platform to “improve how boards and executives access and digest financial data for effective oversight”. 

“As organizations prepare for IPOs or navigate regulated markets, it’s essential to have reliable, real-time financial data, which NetSuite provides. This integration adds to NetSuite financial metrics in board report templates to help streamline reporting and design work. Diligent’s visual reports can be customized with commentary highlighting key takeaways to bring clarity and consistency to board and leadership reporting,” he added.

Targeted at small to mid-market companies, pre-IPO businesses and publicly traded organizations, Diligent Boards for NetSuite aims to integrate financial management with governance protocols. The SuiteApp facilitates the creation of reports using templates crafted by industry experts and delivers these directly to leadership and board directors through the Diligent Boards platform.

“Delivering clear and digestible data-informed insights to leadership is essential for sound decision-making and business success,” said Guido Haarmans, group vice president of SuiteCloud developer network and partner programs at Oracle NetSuite. “This new SuiteApp extends our robust solution for financial reporting and can help NetSuite customers improve board communications and governance oversight.”

The ‘Built for NetSuite’ certification ensures SuiteApps meet Oracle NetSuite’s standards and best practices. This program is part of the SuiteCloud Developer Network (SDN) and is designed to give customers confidence in the quality and reliability of third-party integrations like Diligent Boards for NetSuite.

What it means for ERP Insiders

Diligent Boards for NetSuite expanding users’ capabilities: Diligent Boards for NetSuite represents a significant step forward for key stakeholders like financial controllers, governance professionals and board administrators. This integration can redefine how these roles interact with data, enabling more efficient, streamlined board reporting and governance oversight. By connecting NetSuite’s real-time financial insights with Diligent’s expertise in governance, risk and compliance (GRC), users are to expect reduced manual effort, improved data visualization and actionable insights tailored to leadership needs. 

Growing in tune with the GRC software market: This launch aligns with broader trends in the governance and financial technology space, where demand for integrated, scalable solutions continues to rise. According to industry reports, the GRC software market is expected to grow at a compound annual growth rate of over 12 percent, reaching $75bn by 2030. Competitors like SAP, Workiva and Tableau are also innovating to capture this growing market, emphasizing features like enhanced data analytics and ESG compliance. 

Choosing the Right GRC Solution to integrate into ERP systems: When evaluating technology providers in this category, end-users should prioritize key criteria such as ease of integration with existing ERP systems, the robustness of data security protocols and scalability to meet evolving business needs. Solutions that offer customizable reporting, industry-standard certifications and a strong support ecosystem stand out in a crowded market. Beyond functionality, organizations should also consider a vendor’s track record in delivering GRC solutions and their commitment to staying ahead of regulatory and technological trends, ensuring long-term value and operational resilience.

The post Diligent’s SuiteApp for GRC receives NetSuite recognition appeared first on ERP Today.

Effective GRC solutions can keep SAP-enhanced software secure while helping unify an organization’s approach to risk management, regulatory compliance and governance. Fastpath’s Access Control can help firms reduce access risk across critical business applications and, in doing so, reduce the overall risks an organization can face.

Any solution targeting governance needs to help define the principles that users work by, while also providing the right support needed to achieve specific business objectives. Access Control can help users manage Segregation of Duties (SoD) conflicts across critical business applications, including SAP. Through this SoD conflict analysis, the early detection of any potential issues can be achieved and mitigating controls can be applied – potentially preventing data breaches and reducing the chance of fraud.

Effective risk management will identify threats and introduce methods or changes in practice to best protect against whatever risks an organization may face. Access Control can provide Fastpath users with a detailed view of exactly which users have access to each app across an entire organization. Access Control’s User Access Reviews are simple to create, quick to modify and can allow firms to periodically undergo granular analysis into whether users have appropriate access to certain critical apps – making it easier to achieve audit compliance and spot where risks can be mitigated regarding user access.

By providing organizations with the ability to automate the analysis of large swathes of user access data across critical business applications, down to the lowest securable object, Fastpath’s Access Control provides peace of mind regarding risk mitigation while also making it easier to remain compliant with data regulations.

The post Simplifying governance, risk and compliance for SAP systems with Fastpath’s Access Control appeared first on ERP Today.

This implementation is one of the world’s largest IGA projects and is designed to strengthen NTT Group’s cybersecurity while ensuring governance of identity and rights management for its approximately 250,000 employees in Japan.

NTT Comware, a system integration company which mainly serves the NTT Group, had been considering an identity and access management (IAM) infrastructure to be used across all NTT Group companies in Japan. As David Leporini, director of IAM Cybersecurity Products & general manager of Evidian, reveals to ERP Today, the Group includes more than 100 companies, and “before introducing governance with our IGA solution, all entities had their own IT systems and security was siloed, with no possibility to share common business applications like​ procurement and billing.​”

“They could not address new personal data acts enforced by the Japanese government in 2022, such as the Japanese Personal Information Act,” he continues. “NTT Comware also had very tough operational performance requirements that the IGA solution meets – 50,000 users processed in a few hours when they move to new organizations within the NTT Group.”

In 2020 NTT Comware began evaluating Evidian IGA’s identity and rights management model, performance, and scalability. Leporini reveals to ERP Today that here there were “many competitors, mostly major Identity Governance players from the US. NTT Comware ran a Proof of Concept, which demonstrated that Evidian IGA was the best solution to address all their requirements while providing a global view and governance capability.”

According to Leporini, this is as the solution includes advanced user lifecycle, a fine grained security model, high level of customization of workflows, along with several identity reports.

“It enables full traceability of all such access requests and access decisions operations, and the periodic verification of users’ access rights through recertification campaigns.

“NTT is extremely satisfied, and they are now promoting Eviden IAM solutions to their own customers,” he reports.

What ERP Insiders need to know on the NTT Group deal

Evidian’s Leporini explains to ERP Today that NTT Group’s infrastructure provides HR information through its Identity Governance & Administration (IGA) solution with provisioning done in an automatic manner.

“ERP is more generally considered as a target application for our IGA solution enforcing the least privilege principle for all users. Evidian IGA enables all users to start working on the very first day as access rights are activated as they join the company.”

Evidian IGA is an offering from Eviden’s Evidian product line, which is focused on Identity & Access Management. With the Eviden deal, NTT Group can benefit from implemented governance processes, empowering users in charge of approving requests responsible of access rights decisions.

The post The Insider Look into NTT Group x Eviden Identity Management deal appeared first on ERP Today.

A recent report from our sister site SAPinsider gathering the collective expertise and experience of cybersecurity professionals sheds light on exactly what cyber security experts believe needs to be prioritized, and what measures to take to achieve peak protection – for example, empowering, equipping and educating the everyday worker is vital for maintaining robust data protection.

ERP Today sat down with Marty Menard, CIO of West Coast-based, privately-owned construction and manufacturing company, Pacific Coast Companies, and delved into his over two decades of experience and tech expertise to gain some perspective on some of the top cybersecurity issues, challenges and solutions facing tech leaders today.

Data protection is king

SAP software is wide reaching and versatile, with data in SAP systems making up some of the most valuable information for some businesses. Therefore, when considering a shift to a more technologically intensive, potentially cloud-based platform, it’s paramount that crucial SAP data is protected. SAPinsider’s Cybersecurity Priorities report seems to reflect this sentiment: 57 percent of the cybersec professionals surveyed agree that data protection is the most important cybersecurity priority today.

It’s easy to see why. When brand image can make or break a company, it’s integral that customers know their data is completely and utterly inaccessible to nefarious parties while stored in a client firm’s systems. One instance of shoddy security in the form of an easily preventable data breach could be a portent of incoming disaster – mid-scale businesses risk completely unraveling if they don’t have versatile security measures.

“This may be a contrarian view, but I think it’s always been about either money or brand,” says Menard, reflecting on the motivations behind cyber attacks. “Why are people trying to break into your company? They’re trying to take money away from you […] or they’re trying to impact your brand. Your partners and your customers start to lose confidence in you. I think that’s always been a motivator for nefarious and third-world countries trying to break in.”

The dangers of human-engineered cyber attacks

Overall cybersecurity attitudes regarding data protection seem to be the driving motivator behind identifying what aspects of digital security need prioritizing. The focus of data protection has seemingly spread to encompass several other security aspects. For example, after data protection, the next few factors that cybersec experts determined needed to be prioritized were: risk assessment and management in second, followed by identity access management in third, with security awareness training and threat intelligence awareness both taking fourth and fifth spots respectively. All of the above factors can each ultimately be boiled down to needing more robust data security measures, or making workers more aware of simple data protection tips.

Security awareness training, in particular, was something Menard focuses on. “They [cyber attacks] are certainly getting more sophisticated. Statistics recently said that 96 percent of all hacks start with an email phishing campaign, connected by an employee who wasn’t paying close attention and naively creating a problem for an enterprise.”

Knowing that the genesis of most data breaches allegedly starts with an employee mistake shines a bright light on the biggest weakness of all digital enterprises: humans. While this kind of statement could be alarming when pulled out of context, it is an unfortunate reality that hackers prey on the naive and easily-fooled. With hackers utilizing human engineered approaches to cyber trickery, it’s even harder than ever to spot a sophisticated phishing attempt. Human-engineered attacks are insidious and specifically designed to trick someone into clicking something they shouldn’t.

Any hacker with enough tech savvy only needs to scan a company’s LinkedIn page and website to gather everything they need to craft a targeted phishing attack. The unfortunate reality with phishing attacks is that everyone is a potential victim; from the admin intern in the basement to the board member on the top floor – everyone is vulnerable if they lack the necessary knowledge.

Demonstrated with an example from Menard, it doesn’t matter where an employee falls in the chain of command; if anything, those in higher positions are more at risk of attack, as being higher profile means more potentially-incriminated data can be found online and leveraged by hackers.

“We had one of our presidents recently, as much training as they’ve got, use the same password for their bank account as they did for [other things],” Menard says. “The bank stopped a payment of around $10,000 that was going to go to a credit card that someone had been able to figure out the passwords for. Luckily, the bank caught it, but that’s a perfect example of a high-ranking employee who should know better and still makes the same mistakes.”

The three pillars of data protection

Knowing that data protection is a major priority for cybersecurity experts, and a juicy target for hackers, it’s integral that firms, especially mid-scale enterprises that can’t afford to weather the media outrage or client drop-off of a data breach, make cybersecurity a part of their operating models.

Thankfully, Marty Menard shared with ERP Today what he believed were three aspects all enterprises need to consider when weighing up their data security measures, starting with:

1. Have a clear connection to the company board/leadership

“I think the ability to have a connection to your parent board, and having a committee, has been super beneficial for me,” explains Menard. As many who have worked in an office environment know, getting sign off or approval on a project can take a frustrating amount of time as the project is put through several different stages of scrutiny until it potentially finds its way to the board.

At Pacific Coast, however, Menard has a point of contact on the parent board for monthly updates to company leadership.

“It provides me with the cover I need,” Menard says. “It eliminates a lot of the conversation about why we’re spending what we’re spending on cyber and other things. It really gets their attention because, at the end of the day, especially if they’re a public company, they’re accountable to the shareholders.”

By having a direct line of communication with company leadership, it’s far easier to express the importance of data protection measures.

2. External auditors can provide a vital outside perspective

Employing the services of external experts and auditors can be an effective way to help spot any security loopholes, while also providing a trustworthy, expert insight that holds weight when findings are presented to leadership.

“The external assessments that we bring in and have somebody come in and dig through our environment, really help us provide an understanding about the progress we’re making and where threats have changed, because threats are changing constantly. Doing those annually is a big part of a necessary and sufficient step that people should do,” says Menard.

For Pacific Coast, Menard formed a cybersecurity committee that consisted of an internal COO, CFO, a family member from the board and three external IT professionals (CIOs or CTOs). The committee reports directly to the board and meets up six times a year to review recent tech and discuss any new developments.

3. Employee knowledge

Hackers will worm their way into enterprise networks wherever they can, but some of their attacks are only effective if a workforce is clueless. Many human-engineered attacks start by masquerading as an existing member of a company and may request something that doesn’t seem too out of the ordinary. Several messages could be exchanged in the attempt to lull a victim into a false sense of security before a dangerous link is finally presented to the victim.

“Make sure you’re on top of your employees, that they understand exactly their role in keeping the company safe, “ says Menard. Regularly testing, providing feedback and reinforcing common cybersec knowledge could be the factor that determines whether a hacker decides to stick around and try their luck or move on to much easier prey.

If enterprises don’t take their data protection seriously, they run the risk of irreparably damaging a brand while also inviting legal issues from incensed former clients. Taking a proactive step towards cybersecurity and data protection can enable companies to save themselves time, resources and money.

Rizal Ahmed is CIO Leader, WIS; Charles Whitmore is Cybersecurity Editor, ERP Today

The post Data protection: The CTO perspective appeared first on ERP Today.