Watch CBS News
MoneyWatch Tech

Vendors Gear Up For More Risky Business

By Michael Hickins

/ MoneyWatch

Add CBS News on Google

A combination of new federal dollars flowing into the economy and the financial straits in which states find themselves is driving the market for governance, risk and compliance (GRC) software.

The heady days (for GRC vendors) of Sarbanes-Oxley are pretty much over, because most public companies have now settled their compliance processes, but even non-public businesses are now gobbling up compliance tools to comply with regulations that cover companies that do business with the government.

Steve McGraw, CEO of GRC software vendor Compliance 360, explained that the flip side of federal largess is the obligation to show exactly how that money is being spent. This means companies "need to increase their oversight and audit capabilities."

McGraw noted that New York State recovered $215 million in Medicaid overpayments from health care providers that had over-charged the state, many in the private sector. The state plans to recover another $320 million in 2009.

"That kind of behavior is driving our market," McGraw said, if for no other reason than companies "don't want to show up in the New York Times as running a sloppy shop."

Michael Rasmussen, principal analyst at Corporate Integrity, told me that, even though Sarbanes-Oxley compliance is no longer a big market driver, customers are still looking for applications to automate transaction monitoring, monitor supply chain chain risk, and manage operational and enterprise risk.

The market will be driven further in coming years when the U.S. adopts new international financial reporting standards. "Those are a completely different set of rules compared with U.S. GAAP [generally accepted accounting principles]", he told me.

As you might imagine, Compliance 360 has a lot of company in the growing legal and corporate compliance market, which Rasmussen estimates at between $1.5 billion and $2 billion for software alone.Throw in consulting and the market is more like $10 billion.

McGraw told me his company competes with the likes of Oracle, Axentis, Walters Kluwer (which has acquired a number of niche technologies, including TeamMate and Ci3 Sword) and Thomson-Reuters (which recently acquired Paisley).

Other players in the larger enterprise GRC space include Archer Technologies, BWise and OpenPages.

Surprisingly given its size and installed base of enterprise customers, Oracle hasn't devoured the market--at least not yet. The company has stumbled in trying to fit the pieces of its various acquistions together, but Rasmussen told me "I expect a lot out of them in the future."

© 2009 CBS Interactive Inc. All Rights Reserved.

View CBS News In
CBS News App Open
Chrome Safari Continue