Ventana Research Analyst Perspectives

People used to use the phrase “the last mile” solely to refer to a condemned prisoner’s path to execution. Then the telecommunications industry picked it up to describe that part of a circuit between a major trunk line and a subscriber. Later still a defunct software company, Movaris (now part of Trintech), used the phrase in an analogy to refer to the set of activities that take place between when a company closes its books and the point where it finishes its external reporting activities,...

One of the most important trends in business over the past 20 years has been the broadening use of information technology to manage and support activities. In the early decades of business computing, companies developed islands of automation for largely numeric functions such as billing, inventory management and accounting. Each ran on a proprietary system and engaged the time of a relative handful of employees. Today, just about everyone works with an IT system for at least some of their...

Risk has always been an integral part of business, but our recent Governance, Risk and Compliance (GRC) benchmark research shows that companies deal with risk with varying degrees of effectiveness – especially operational risk. A majority of companies lag in their overall GRC maturity, as I covered in a recent blog post. Operational risk management should be of greater interest to executives today because they can have greater control of it than before. The expansion of IT systems to automate...

Ventana Research recently completed benchmark research on governance, risk and compliance (GRC), three business activities that are naturally linked. Although managing them requires separate and sometimes very different processes, on the whole these activities affect each other: Effective corporate governance ensures compliances with laws, regulations and company policies, and without governance, there’s no way to control risk. Separately or considered together, managing governance, risk and...

I recently attended Vision 2012, IBM’s conference for users of its financial governance, risk management and performance optimization software. I reviewed the finance portion of the program in a previous blog. I’ve been commenting on governance, risk and compliance (GRC) for several years, often with the caveat that GRC is a catch-all term invented by industry analysts initially to cover a broad set of individual software applications. Each of these was designed to address specific requirements...

The mandate by the U.S. Securities and Exchange Commission (SEC) that requires its filers to apply eXtensible Business Reporting Language (XBRL) tags to their financial statements has been in effect for several years. (XBRL is a core element of our Office of Finance Research Agenda for 2012.) One of the most important ideas behind this “interactive data” requirement was to make it as simple as possible for investors to be able to consume and analyze corporate financial data filed with the SEC....

My colleague Mark Smith and I have frequently commented on the artificiality of the emerging software category governance, risk and compliance (GRC). To be sure, once stand-alone categories of software (IT governance, audit documentation and industry-specific compliance management, to name three examples) have started what I expect to be a long convergence process. Moreover, since just about all controls and risk management efforts require a secure IT environment to be effective, there is a...

IBM’s announced pending acquisition of Algorithmics is an important addition to the company’s portfolio of business applications aimed at financial services companies, and it is thematically consistent with its other acquisitions in risk management and analytics such as IBM’s OpenPages risk management documentation that I have already assessed. It’s also a good fit for IBM’s professional services organization, which has a significant position in the financial services industry.

Although I continue to believe that governance, risk and compliance (GRC) is not a firm software category, software vendors continue to add depth and breadth to their offerings that support corporate governance, help manage risks systemically in business and IT and provide greater visibility into compliance efforts. For example, with its release of OpenPages 6.0 IBM had made an important enhancement by marrying the document management capabilities of its OpenPages acquisition with Cognos’s...

I have written before about enterprise risk management, which is an essential piece of both performance management and corporate governance. Every aspect of business entails risk. Everyone who makes a business decision is – whether consciously or not – making trade-offs between risk and reward. Assessing risk is tricky in business because it means different things to different people depending on where they work and their specific role in an organization. From a broad view, risk management...