Presentation från IBM Smarter Business 2011. Spår: Hantera risk och säkerhet.
I dagens turbulenta värld är det av största vikt att identifiera och hantera risker. OpenPages är den världsledande lösningen för integrerad riskhantering (Governance, Risk and Compliance, GRC). Vad säger experterna om hur riskhantering ska implementeras, och hur har organisationer runt om i världen gjort i praktiken?
Talare: Johan Söderberg - OpenPages Ansvarig – IBM.
Mer information på www.smarterbusiness.se
Regression analysis: Simple Linear Regression Multiple Linear Regression
Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011
1. Risk Management - Theory & Pratice Johan Söderberg OpenPages Sales Lead Nordics
2. Operational Risk is whenever a process delivers an unwanted result, refered to as a loss event. In this case, a golf ball loss event. Loss Event (slice) Loss Event (hook) Variation
3.
4. What is Operational Risk in reality? Fraud, breaches of employment law, loss or lack of key personnel, inadequate training, inadequate supervision Payment or settlement failures, documentation which is not for purpose, errors in valuation/pricing models and processes, project management failures, internal/external reporting, miss-selling Failures during the development and systems implementation process, as well as failures of the system itself, inadequate resources External crime, outsourcing (and in sourcing) risk, natural and other disasters, regulatory risk, political risk, utilities'’ failures, competition Contributing Factor Possible failures People Process System External Events
6. Companies Struggling with Risk Information Fragmentation CEO/CRO/CFO IT Risk Compliance Finance Market Operational Risk Credit
7. Integrated Risk Management Solves These Challenges CEO/CRO/CFO Market Risk Credit Risk Finance Risk Operational Risk IT Risk Compliance
8. Financial Services Insurance Energy and Power Manufacturing Retail/Consumer Telecommunications Health Services / Pharmaceuticals Proven by the World’s Leading Companies
9. Recognized Enterprise GRC Platform Market Leader The Forrester Wave: EGRC Platforms July 2009 Magic Quadrant for EGRC Platforms October 2010
10. Overlap of GRC activities can cause redundancy Risk Compliance IT Finance Audit FUNCTIONS Assess-ment Control Testing Reporting Issue Mgmt Policy Mgmt ACTIVITIES
11. Using GRC information to make better business decisions Business Manager Risk Audit Compliance Finance RCSA, loss, issues Audit findings Mandatory to mitigate Control effectiveness GRC data by process, e.g. new product launch Business process owner can leverage GRC information to make better decisions
12.
13. Key Capabilities for Integrated Risk Management RCSA (Risk and Control Self Assessments) Policy Management Key Risk Indicators Loss Event Management Issues Management Scenario Planning Reporting Workflow
And beyond congressional action, we’ve seen lots of evidence of current regulators cracking down under their existing mandates. In other words, the regulators are not waiting for congressional action. The OCC, for instance, has been very aggressive about proscribing changes to current risk management practices. And this is true outside of banking as well. The CMS has become increasingly proscriptive as well.
The primary challenge that most organizations face today with regard to their risk management information architecture is that it is fragmented across both systems and processes. Most companies have multiple datamarts, Sharepoint servers, custom point solutions that support disparate yet parallel activities. Aggregating risk information for the risk committee is an ad hoc task. Supporting business managers with timely information on risk exposure is a custom activity.
Two points An integrated approach to risk management enables risk committees, executives and business managers to understand true risk exposure across the business. And to understand the interrelationships between risks Risk managers and line managers have at their fingertips the right information to make the right decisions to improve business
We have a large, diverse, global customer base. These companies are making a strategic commitment with OpenPages, And many are buying multiple modules for enterprise wide deployment. Every one of these customers has a different way of managing risk and has been able to deploy a configured solutions that supports their specific methodology. Our solution is so highly configurable that we don’t have to write custom code to meet the diverse requirements of our customer base. Every one of these customers is on a common code base. This is important because it allows you to take advantage of OpenPages innovation and lowers your overall cost of ownership and support. Another important aspect of our business is that we are able to support customers in a variety of industries: banking, insurance, energy, utilities, healthcare, manufacturing, telecom, and services. That we have such a broad array of customers in different industries speaks to our unique ability to meet the needs of different kinds of customers. Later in the presentation we will review a couple of OpenPages’ Customer Case Studies.
Named “leader” in both the Gartner MQ and Forrester Wave Moved further up and to the right in both Gartner: positioned highest in “ability to execute” which measures a company’s ability and success in making their vision a reality (including product/service, overall viability, customer experience and more). Gartner also cited OpenPages’ “Viability” as a strength with a stable executive team and loyal customer base Forrester Wave: very thorough process, months of product interrogation, demos, and research. OpenPages ranked “highest in current offering” based on our product scores Summary: Positioned as GRC Platform leader by the 2 tier one analyst firms.
Another benefit of an integrated approach is to reduce the number of disparate activities in a GRC program. Applications, Databases, spreadsheets, and point solutions supporting each one of these activites— So, the result is lots of redundancy in terms of the activities each of the functions is performing. From the business perspective, the result is what we can assessment fatigue when you get the same or largely similar questions from different oversights functions. This redundancy is a big waste of time and the data quality is great. Further, you can imagine the infrastructure costs for supporting this kind of information archecture. An many of you today may be trying to support this kind of infrastructure. Let’s see: How many of you work at companies that are subject to Sarbanes Oxley or some sort of SOX-like rule? Of those that are subject to SOX, how many support SOX programmatically with a software solution? Of those, does the software solution support any other function? Yes, which ones? No—there’s a huge chance for efficiency here.
Extensions are configurations on top of existing, productized modules. Extensions require license for relevant module (e.g. GCM for Privacy) and services to configure solution