Ventana Research Analyst Perspectives

The Spreadsheet and the Whale

Posted by Robert Kugel on Jan 29, 2013 9:06:29 AM

Banking giant JP Morgan raised eyebrows in 2012 when it revealed that it had lost a substantial amount of money because of poorly conceived trades it had made for its own account. The losses raised questions about the adequacy of its internal controls, and broader questions about the need for regulations to reduce systemic risk to the banking system. At the heart of the matter were the transactions made by “the London Whale,” the name given to a JP Morgan’s trading operation in the City by its counterparties because of the outsized bets it was making. Until that point, JP Morgan’s Central Investment Office had been profitable and apparently well controlled. In the wake of a discovery of the large losses racked up by “the Whale,” JP Morgan launched an internal investigation into how it happened, and released the findings of the task force established to review the losses and their causes [PDF document].

Read More

Topics: Sales Performance, GRC, errors, multidimensional spreadsheet, server, Operational Performance, Business Analytics, Business Collaboration, Business Intelligence, Business Performance, Financial Performance, Information Management, Data, risk management, controls, spreadsheet, trading

Oversight Systems Focuses on Saving Money and Preventing Fraud

Posted by Robert Kugel on May 31, 2012 11:26:40 AM

I recently spoke with Oversight Systems, an operational intelligence analytics company that uses predictive analytics and optimization to help companies save money, reduce the risk of loss and fraud, and reinforce corporate governance and compliance efforts. Ventana Research views operational intelligence as an emerging technology with the potential for a high return on investment. By continuously monitoring activities in a company’s IT systems, Oversight’s Web-based software continuously, consistently and objectively monitors all business processes to identifies opportunities to save money, cut fraud, minimize risk and provide real-time controls to support governance.

Read More

Topics: Big Data, Predictive Analytics, Sales Performance, Supply Chain Performance, Fraud, Governance, GRC, audit, Operational Performance, Analytics, Business Analytics, Business Performance, Cloud Computing, Financial Performance, Governance, Risk & Compliance (GRC), Information Management, Operational Intelligence, Accounting, controls, Oversight Systems

IBM Displays Software for GRC at Vision 2012

Posted by Robert Kugel on May 22, 2012 12:36:10 PM

I recently attended Vision 2012, IBM’s conference for users of its financial governance, risk management and performance optimization software. I reviewed the finance portion of the program in a previous blog. I’ve been commenting on governance, risk and compliance (GRC) for several years, often with the caveat that GRC is a catch-all term invented by industry analysts initially to cover a broad set of individual software applications. Each of these was designed to address specific requirements across a spectrum of users in operations, IT and Finance within a company, often to meet the needs for a specific industry such as financial services or pharmaceuticals. Vision 2012 covered a lot of ground under the GRC heading, confirming the breadth of both this software category and IBM’s offerings in it. I want to focus on two areas: automation of IT governance activities and effective management of GRC-related data.

Read More

Topics: Governance, GRC, Access Controls, identity controls, OpenPages, process controls, Operational Performance, Business Collaboration, Business Performance, Financial Performance, IBM, compliance, risk management, controls, IT controls

The Value and Limits of the Term “GRC”

Posted by Robert Kugel on Oct 11, 2011 10:39:56 AM

My colleague Mark Smith and I have frequently commented on the artificiality of the emerging software category governance, risk and compliance (GRC). To be sure, once stand-alone categories of software (IT governance, audit documentation and industry-specific compliance management, to name three examples) have started what I expect to be a long convergence process. Moreover, since just about all controls and risk management efforts require a secure IT environment to be effective, there is a growing interdependence between effective IT governance and everything else connected with enterprise GRC.

Read More

Topics: Governance, GRC, enterprise risk management, ERM, risk metrics, vendor selection, Operational Performance, Business Performance, Financial Performance, compliance, Risk, risk management, controls, IT governance