Analyst Perspectives

Risk has always been an integral part of business, but our recent Governance, Risk and Compliance (GRC) benchmark research shows that companies deal with risk with varying degrees of effectiveness – especially operational risk. A majority of companies lag in their overall GRC maturity, as I covered in a recent blog post. Operational risk management should be of greater interest to executives today because they can have greater control of it than before. The expansion of IT systems to automate...

Ventana Research recently completed benchmark research on governance, risk and compliance (GRC), three business activities that are naturally linked. Although managing them requires separate and sometimes very different processes, on the whole these activities affect each other: Effective corporate governance ensures compliances with laws, regulations and company policies, and without governance, there’s no way to control risk. Separately or considered together, managing governance, risk and...

I recently spoke with Oversight Systems, an operational intelligence analytics company that uses predictive analytics and optimization to help companies save money, reduce the risk of loss and fraud, and reinforce corporate governance and compliance efforts. Ventana Research views operational intelligence as an emerging technology with the potential for a high return on investment. By continuously monitoring activities in a company’s IT systems, Oversight’s Web-based software continuously,...

I recently attended Vision 2012, IBM’s conference for users of its financial governance, risk management and performance optimization software. I reviewed the finance portion of the program in a previous blog. I’ve been commenting on governance, risk and compliance (GRC) for several years, often with the caveat that GRC is a catch-all term invented by industry analysts initially to cover a broad set of individual software applications. Each of these was designed to address specific requirements...

Risk has always been an integral part of business, but as I’ve noted, companies deal with risk with varying degrees of effectiveness. A complex, ongoing process, operational risk management identifies risks to support successful operations of an organization, estimates the monetary and other measurable impacts if a risk event occurs, establishes methods for mitigating the severity of impacts should they occur, continuously measures the probability of a risk occurring within a relevant period of...

Risk has always been an integral part of business, but dealing effectively with risk is a progression. Indeed, history shows businesses adapting and coping better with risk through innovation. The importance of using information technology to manage risk is growing because today’s systems can automatically measure and analyze a much broader set of risk factors than individuals can, and do so more reliably. But a key challenge companies face in implementing enterprise risk management is...

My colleague Mark Smith and I have frequently commented on the artificiality of the emerging software category governance, risk and compliance (GRC). To be sure, once stand-alone categories of software (IT governance, audit documentation and industry-specific compliance management, to name three examples) have started what I expect to be a long convergence process. Moreover, since just about all controls and risk management efforts require a secure IT environment to be effective, there is a...

Although I continue to believe that governance, risk and compliance (GRC) is not a firm software category, software vendors continue to add depth and breadth to their offerings that support corporate governance, help manage risks systemically in business and IT and provide greater visibility into compliance efforts. For example, with its release of OpenPages 6.0 IBM had made an important enhancement by marrying the document management capabilities of its OpenPages acquisition with Cognos’s...

I have written before about enterprise risk management, which is an essential piece of both performance management and corporate governance. Every aspect of business entails risk. Everyone who makes a business decision is – whether consciously or not – making trade-offs between risk and reward. Assessing risk is tricky in business because it means different things to different people depending on where they work and their specific role in an organization. From a broad view, risk management...