Although I continue to believe that governance, risk and compliance (GRC) is not a firm software category, software vendors continue to add depth and breadth to their offerings that support corporate governance, help manage risks systemically in business and IT and provide greater visibility into compliance efforts. For example, with its release of OpenPages 6.0 IBM had made an important enhancement by marrying the document management capabilities of its OpenPages acquisition with Cognos’s Analysis Studio. Although automating documentation of regulatory compliance and risk management functions has value (in the sense of lowering the cost and increasing the probability of full compliance), incorporating analytics and the ability to perform contingency planning in concert with document-driven processes potentially multiplies the business value of such automation.
By integrating data with text, OpenPages 6.0 gives users substantially greater power and flexibility in managing risk and establishing governance. It also enables those involved in any capacity with risk management and compliance to perform query and analysis and present this information along with text that documents or comments on this data. Having a built-in ability to create charts, graphs and other graphics facilitates more effective communication of, for instance, risk positions, conformance with compliance requirements or contingencies and the impact of potential risk scenarios.
One of OpenPages’ objectives in making it easier to collect and present both text and numerical data is to make this information more accessible outside of the traditional risk management and compliance organizations so that business users (notably executives, managers and analysts) can better understand existing conditions, communicate more effectively and plan more comprehensively. The software enables analysts to produce reports that present a combination of text, charts and graphs as well as the underlying data sets. Business users who have enhanced dashboards can access information interactively, drilling down and around to see underlying relationships and identify causes. Executives and others who want only to access the information can do so using mobile applications or through “boardroom” presentations using Microsoft Office applications.
With respect to risk management efforts, the data, query, analysis, reporting and communication elements are especially useful for organizations that seek to quantify, plan and review their risks. This is especially true for financial services companies that must monitor and forecast their risk exposure because their risk metrics (such as capital adequacy or maximum loss exposure) are well established and readily collected. But risk is much less extensively measured in most other industries. I think this is not so much because it cannot be quantified but because historically it wasn’t possible or practical to collect this data. Over the past couple of decades, however, enterprise systems of all kinds (such supply chain or maintenance, repair and overhaul) have collected substantially broader sets of information that can be used to assess risks (such as deferred maintenance, accident incidents or indicators that local managers are refusing to pay employees overtime).
In terms of compliance management, combining data and documents enables organizations that measure certain outcomes (for example, effluents, operating tolerances, occupational safety incidents and the conditions surrounding them) to combine data with concurrent commentary or attestations. This may be done for legal or regulatory compliance or to establish affirmative approaches to meeting safety and compliance requirements.
For companies that need to do a better job of working with risk and compliance data and documentation, especially those in financial services or that have established rigorous methods for quantifying risk and compliance, I recommend looking at OpenPages 6.0 to determine how it can enhance the efficiency and effectiveness of risk and compliance management efforts. Stay tuned as I will be researching more directly into the segments of GRC in 2011 to see what the larger demand for OpenPages approach and technologies that can help finance, operations and IT across governance, risk and compliance processes.
Robert Kugel – SVP Research