CRO POV: Is CRO the Next CRM?

For those of you who were awake and employed in the 1990s, you’ll remember that Customer Relationship Management, CRM, was the hottest date at the corporate computing dance. Siebel Systems, Salesforce.com, and more than 100 other applications and services grew up to answer the multi-billion-dollar demand to manage customer and prospective customer information. As a result of the availability of these powerful applications, “customer relationship management” became a bona fide profession. Enterprise computing leaders SAP and Oracle went hard into the segment, and SAP for one developed a very large line of business around CRM.

Fast forward to January, 2007. In SAP’s Silicon Valley headquarters, a new vision has been formed—this time, it involves managing another CR, Corporate Responsibility. The vision evolved something like this.

SAP recently acquired Versa, a company focused on global trade services, environmental controls and risk management. A crack team, led by software veterans Doug Merritt and Amit Chatterjee, deployed to study governance, risk and compliance (“GRC”—computing-speak for Corporate Responsibility) to see how to build a big business there for the German technology giant. Based on their assessment, SAP’s Americas CEO Bill McDermott declared that GRC is potentially the new CRM—a big new business worth a number followed by 9 zeros.

Imagine that. In 2007, an era where techno-skeptics have declared that Russell 1000 enterprise computing is dead, another big enterprise computing segment is being born. Sprouting from the massive installed base of SAP clients in North America, GRC—the Corporate Responsibility Officer’s own computing platform—will be the next must-have function for big companies.

Doug Merritt explains that the GRC platform comprises the 3 essential roles that CROs are being asked to play: defense, risk analysis and offense. Compliance—the big C—is the defensive function, protecting the empire from running afoul of regulatory nightmares. Risk management is all about seeing risks that might otherwise not be apparent, such as disruption of global trade supply chains and environmental issues. And in SAP’s paradigm, governance is an offensive function—helping the company’s good reputation help sell products and services, raise capital and recruit and retain talent.

Will GRC be bigger than CRM—the 1990s’ $75 billion corporate performance improvement bonanza? For those of us who are immersed in the fast-growing CRO market, it seems that SAP’s vision may even underestimate the size of the potential market. But if the proliferation of applications such as SAP’s CRG does nothing more than professionalize Corporate Responsibility in the same way CRM professionalized customer relationship management, companies will be much the better for it.

In my next column: CROs move from offense to defense.