CA Technologies and SAP recently announced a collaborative partnership to help their customers better manage risk and compliance initiatives across both business and IT infrastructure processes. That has the potential of both reducing the risk in risk management, as well as the risk in not being compliant. Before we examine the CA Technologies and SAP partnership specifically, let's consider its broader context. Beyond the "real" physical world our five senses were designed to perceive lies the non-physical world of information and its related processes. Despite being intangible, information is one of the foundations of our society for individuals and organizations. Consider the consequences if your bank account information electronically disappeared.
Both publicly and privately held companies face real-world risks related to information assets that can disrupt business process with unpleasant consequences, such as loss of revenue, loss of market share and unfavorable publicity. So it comes as no surprise that risk management is one of the primary responsibilities of any business, but more and more businesses are including risk management in a broader context called Governance, Risk Management and Compliance (GRC for short). Now, many GRC initiatives begin as planning exercises (and planning is a necessary step), but IT vendors are focusing on how software that manages processes dealing with information can actively enable or complement visibility, control, and decision-making that makes GRC an active concept going beyond passive planning activities.
Of course, that is where the CA and SAP collaboration comes into the story. Note that the companies typically play in very different IT market spaces. CA plays in the IT infrastructure management, and SAP plays in business process applications.
These are two different domains: the business process domain that captures and processes information, such as financial or supply chain data, that is external to IT and the IT infrastructure domain dealing with information, such as security or the health of hardware components, which is internal. The two companies describe the business processes domain as being "above the line" in that the business users are the ones that pay attention to the information, and the IT infrastructure as being "below the line" in the sense that IT administrators are most concerned with it.
Now each domain has information important to it alone. For example, let's take supply chains where disruptions can have significant financial and customer satisfaction consequences. In many or even most organizations, information and processes related to ineffective demand forecasting and scheduling are the exclusive domain of the business user, and information on whether all the supply-chain databases are backed up correctly is the sole province of IT.
