Looking at the Nexus of GRC, BPM, EAM, ITLM and Whatever Comes Next

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

I hate acronyms in headlines, but I can't avoid it with this post. This week I caught up with Terry Lee, vice president of North American Operations for MEGA, and Dan Hebda, his peer for technology, because I was interested in hearing more about an Oct. 5 announcement about governance, risk and compliance (GRC). But because I had delayed the meeting for more than a month, the world moved on and MEGA had also announced more details on its business process management (BPM)-related agreement with Appian (see my Sept. 25, blog post, "Talking with ... Appian's Matt Calkins About BPM and E-Mail"). And as I talked with Terry and Dan, it became clear how critical MEGA's enterprise architecture management (EAM) software is to IT lifecycle management (ITLM) as well. Some of these interconnections are covered in my Nov. 2008 article, "In EAM, the Keyword Is Enterprise."

Wasn't life easier when you could depend on IBM (or Honeywell or Unisys) to pull all these pieces together for you on their homogenous systems? MEGA wants to play that role for you today for your heterogeneous array of IT resources and has done a good job of thinking through the implications. It's a good thought process no matter what software you use or are considering.


Let's start with compliance, which was my initial interest. Hebda explained how MEGA upgraded its 2006 release of risk definition capabilities to get to a fuller compliance capability. As if this was not already important with Sarbox, Basel, HIPAA, etc. You haven't seen nothing yet with the new highly regulated business climate emerging from the world's capitals. The earlier version of MEGA's GRC functionality could capture and manage regulations within its modeling tool set, but customers wanted more real-time assessments and auditing features. The new features - control testing, multi-compliance support and acknowledgement of policies - and extended campaign-management capabilities address this customer requirement, about which you are all thinking even if you use a competitive GRC product.


But I doubt you are doing GRC in a vacuum, which is what makes MEGA's move to tie into BPM important. MEGA and Appian have finished an integration effort by which Mega can push EA models directly into Appian and can pull metrics and processes from the BPM product. If you have MEGA, you can do these things already (and with other BPM software via BPEL, XPDL and similar standards). If you deal through Appian, the product is OEM'd in and is called Appian Process Architect by MEGA and provides only what is relevant to Appian (e.g., icons, concept labels such as smart services).


Finally, if like me, you think of ITIL as BPM for IT shops, MEGA can help you there as well, but through customization via APIs such as for CMMDB. I suspect you will be asking EAM suppliers for that capability out of the box and in real time as well.


Lee noted that the agreement with Appian is worldwide and that the two companies have been collaborating to train personnel throughout the second half of 2009, even before the announcement, so they will come out of the blocks aggressively in 2010.