Part 2 of guest posts by Erwin Boeren
Last year IBM acquired OpenPages as a strategic move into the area of Governance, Risk and Compliance. The latest announcement to acquire Algorithmics (quantative risk management) shows the serious commitment of IBM in the GRC market. GRC software will integrate into the IBM Business Analytics brand – the area where other critical acquisitions like Cognos, SPSS and Clarity reside.
GRC AND PERFORMANCE MANAGEMENT
Risk Management is getting more and more attention these days. Volatility and uncertainty is simply too high for organizations to ignore this area. Along with the increased focus on this discipline I have also seen more organizations moving towards an enterprise approach to risk management. And this is where I see the need for a convergence of risk management and performance management.
Over my career I have seen many risk management implementations where a major portion of the time and budget was spent on essential things like risk reporting and dashboarding. In the past, companies struggled to collect the basic data and to create these reports and dashboards manually. Today, we experience an increased desire for self service reporting: Users not only want to create their own risk reports but they want to create them when they really need them. The enormous volatility in the markets does not allow risk managers to wait for several days or weeks to review the data in a suited format. No, they need the information almost in real-time. Any kind of delay can result in missed opportunities and sometimes even disaster.
Apart from these reporting and dashboarding capabilities proper enterprise risk management also requires capabilities to align risks & controls to the strategic initiatives of an organization. Questions need to be asked: “What will prevent me from reaching my business goals?”, “How will we know that something is happening?”, “How can we prevent this?”, “What are effective controls?”. To obtain answers to these questions, one could resort to complex spreadsheets. But these are not suited for complex topics at the enterprise level. Instead, leading companies rely on solid models developed in planning software like IBM Cognos TM1. These models can then integrate into other plans such as strategic plans, annual budgets and forecasts. And that opens up a whole new opportunity: Now you can start looking at complex risk scenarios.
Over the past decade, companies have collected a lot of data. Hidden in this data is a lot of information. More and more companies rely on predictive algorithms to crawl through this data to automatically detect patterns and relationships. IBM SPSS provides such capabilities, for example. Using these powerful tools, we can start looking at predicting certain events. Most importantly, the insights will enable us to gain a much better understanding of the critical risks and our control design.
Effective GRC requires a lot more than just thinking and registering risks. No, we need to be able to analyze data, plan actions, run scenarios and leverage predictive capabilities. And that’s why I see a convergence of Risk Management and Performance Management. And let’s simply call this Business Analytics.
Erwin Boeren is Governance, Risk and Compliance Leader at IBM Southwest Europe. Erwin has over 15 years experience in the software industry, in various roles in business intelligence, performance management and Governance, Risk & Compliance. Together with his family, Erwin resides in the Netherlands.
Twitter : @erwinboeren
Contact : firstname.lastname@example.org