This document discusses the evolving landscape of enterprise compliance solutions. It notes that compliance has become a top priority for companies due to the large number of regulations they must address. While many vendors offer point solutions that focus on specific compliance areas, the document argues that companies need integrated platforms that can manage compliance across the entire enterprise in a consistent manner. It outlines key components that should be included in comprehensive compliance solutions and governance, risk, and compliance programs. Finally, it presents models for how compliance solutions can take a holistic "top-down/bottom-up" approach to better meet enterprises' evolving needs.
PriceWaterhouseCoopers: Information Security 2010 - Trial by Fire (Survey)United Interactive™
1) The economic downturn has become one of the top drivers of information security spending, nearly surpassing business continuity and disaster recovery which usually rank highest.
2) Most executives are considering strategies to reduce security spending such as canceling, deferring, or downsizing initiatives in response to budget pressures.
3) However, far fewer executives are actually cutting security budgets. And of those that are taking action, most are taking relatively minor steps like postponing projects rather than making deep cuts.
The document discusses the challenges that organizations face in managing security as business environments become more complex due to new technologies and increased threats. It notes that managing security has become difficult for organizations internally due to these complexities and costs. The document recommends that organizations outsource security management to providers of managed security services in order to alleviate these challenges by leveraging provider expertise, sophisticated solutions, and lower costs compared to maintaining security internally.
Enterprise Pricing Policies Crucial To Risk Mitigationrkmcgann
Enterprise pricing policies are crucial for risk mitigation. Inconsistent valuation models and data inputs across business units can impact risk exposure and capital requirements. Experts recommend firms establish codified pricing methodologies and committees with risk managers to ensure one view of instruments firmwide and enable backtesting of new products. While progress has been made, some firms still lack fully integrated enterprise pricing policies.
This document analyzes sustainability and corporate responsibility reports from several large European companies. It finds that most reports discuss how sustainability is integrated into business strategy and operations. However, many reports focus more on general "housekeeping" issues rather than complex social and environmental challenges facing their industries. The analysis praises a few companies, like Volkswagen and E.ON, for tackling difficult issues and stakeholder expectations in their reporting. Overall, the document evaluates how well companies explain their approach to material issues and progress on "CR 2.0," or fully embedding sustainability into the core business.
IDC Energy Insights - Enterprise Risk ManagementFindWhitePapers
Operational risk management is a rising priority for companies in asset-intensive industry segments. Disparate and disconnected efforts in safety, environmental compliance, and asset utilization at the individual facility are converging to provide better enterprise-wide control and management accountability. Companies that make substantial efforts today will not only improve risk mitigation but create an enduring competitive advantage.
Optimize Costs & Deliver Value through Enterprise Contract Management SoftwareIcertis
This document discusses the need for contract lifecycle management software to help organizations manage the thousands of contracts they enter into. It describes challenges like information overload, decentralized processes, and inefficient searching that contract management systems can address. The document then defines contract lifecycle management and outlines benefits like avoiding litigation, driving customer delight, and measuring contract performance in real time. It argues that effective contract management requires treating it strategically rather than just tracking documents.
The document discusses how sales, marketing, and customer service functions are converging due to the use of Software as a Service (SaaS) ecosystems and collaboration tools. This convergence is redefining how customer relationship management (CRM) works by allowing for shared customer information across departments and automated workflows. Key collaboration technologies and SaaS platforms are integrating and rationalizing separate CRM functions, while changing the role of professional services supporting these systems.
PriceWaterhouseCoopers: Information Security 2010 - Trial by Fire (Survey)United Interactive™
1) The economic downturn has become one of the top drivers of information security spending, nearly surpassing business continuity and disaster recovery which usually rank highest.
2) Most executives are considering strategies to reduce security spending such as canceling, deferring, or downsizing initiatives in response to budget pressures.
3) However, far fewer executives are actually cutting security budgets. And of those that are taking action, most are taking relatively minor steps like postponing projects rather than making deep cuts.
The document discusses the challenges that organizations face in managing security as business environments become more complex due to new technologies and increased threats. It notes that managing security has become difficult for organizations internally due to these complexities and costs. The document recommends that organizations outsource security management to providers of managed security services in order to alleviate these challenges by leveraging provider expertise, sophisticated solutions, and lower costs compared to maintaining security internally.
Enterprise Pricing Policies Crucial To Risk Mitigationrkmcgann
Enterprise pricing policies are crucial for risk mitigation. Inconsistent valuation models and data inputs across business units can impact risk exposure and capital requirements. Experts recommend firms establish codified pricing methodologies and committees with risk managers to ensure one view of instruments firmwide and enable backtesting of new products. While progress has been made, some firms still lack fully integrated enterprise pricing policies.
This document analyzes sustainability and corporate responsibility reports from several large European companies. It finds that most reports discuss how sustainability is integrated into business strategy and operations. However, many reports focus more on general "housekeeping" issues rather than complex social and environmental challenges facing their industries. The analysis praises a few companies, like Volkswagen and E.ON, for tackling difficult issues and stakeholder expectations in their reporting. Overall, the document evaluates how well companies explain their approach to material issues and progress on "CR 2.0," or fully embedding sustainability into the core business.
IDC Energy Insights - Enterprise Risk ManagementFindWhitePapers
Operational risk management is a rising priority for companies in asset-intensive industry segments. Disparate and disconnected efforts in safety, environmental compliance, and asset utilization at the individual facility are converging to provide better enterprise-wide control and management accountability. Companies that make substantial efforts today will not only improve risk mitigation but create an enduring competitive advantage.
Optimize Costs & Deliver Value through Enterprise Contract Management SoftwareIcertis
This document discusses the need for contract lifecycle management software to help organizations manage the thousands of contracts they enter into. It describes challenges like information overload, decentralized processes, and inefficient searching that contract management systems can address. The document then defines contract lifecycle management and outlines benefits like avoiding litigation, driving customer delight, and measuring contract performance in real time. It argues that effective contract management requires treating it strategically rather than just tracking documents.
The document discusses how sales, marketing, and customer service functions are converging due to the use of Software as a Service (SaaS) ecosystems and collaboration tools. This convergence is redefining how customer relationship management (CRM) works by allowing for shared customer information across departments and automated workflows. Key collaboration technologies and SaaS platforms are integrating and rationalizing separate CRM functions, while changing the role of professional services supporting these systems.
Only 50% of mergers actually increase shareholder value. Why? Often, one of the culprits is product complexity. Companies that manage the complexity of a newly combined product portfolio can capture value, smooth the overall merger process
Greater awareness in recent years of the volatility of the risk environment, together with the regulatory impetus provided by
corporate governance requirements, has placed effective risk management high on the corporate agenda. Changing attitudes
to risk management have also resulted in the emergence of a more holistic and proactive approach to managing exposures.
Allgress Business Risk Intelligence provides consistent, repeatable and defensible metrics to help CISOs align security programs with business objectives. It aggregates massive amounts of risk data and turns it into meaningful intelligence through effortless dashboards and analytics. This helps identify under-exposed risk areas, prioritize security appropriately, and demonstrate how initiatives impact an organization's security posture and business results.
This document discusses global supply chain mega trends for 2010-2011. It identifies several paradigm shifts that leading firms are making to transform their supply chains, including shifting from customer service to relationship management, forecast-driven to demand-driven supply chains, adopting knowledge-based learning over traditional training, and moving from supply chain design to supply chain analytics. The trends reflect the transition to a more technology-driven society and economy. Effective implementation of these trends will help supply chain partners create efficient and customer-centric solutions.
The document discusses the concept of a "storage hypervisor" which would provide a layer of abstraction between physical storage resources and applications using them, similar to how server hypervisors virtualize servers. It notes that server virtualization has proven very efficient by allowing multiple applications and operating systems to run on one physical server. A storage hypervisor could provide similar benefits by making storage from different vendors and with different protocols able to work together transparently and improve availability, speed, and utilization of storage resources. However, true storage hypervisors that provide all these capabilities in a multi-vendor environment have not been fully realized yet.
IntraLinks provides enterprise collaboration solutions that facilitate the secure exchange of critical information both inside and outside organizations. Their solutions help companies organize, manage, share, and track information to accelerate workflows and optimize business processes. IntraLinks has over 750,000 users across 90,000 organizations, including many Fortune 1000 companies, and provides global 24/7 support.
The document provides an overview and evaluation of 14 governance, risk, and compliance (GRC) platform vendors. It finds that Enablon, Nasdaq BWise, MetricStream, Rsam, SAP, SAI Global, and EMC/RSA lead in the market based on having strong current offerings and strategies addressing future needs. It also finds that LogicManager, Protiviti, Thomson Reuters, Wolters Kluwer Financial Services, IBM, Resolver, and Navex Global are competitive due to their strong offerings, if sometimes more focused on specific solutions. Overall, the GRC platform market has matured but vendors still need to focus more on customer needs, industry expertise, and guidance over just
This document outlines a 9-step process for digital transformation consisting of 3 main stages: design, architecture, and security. The design stage involves developing an end-game business model, performing a gap analysis, and weighing mergers and acquisitions. The architecture stage defines the optimal IT architecture through a technology audit and building a dual-speed architecture. The security stage establishes a data security strategy, maintains security during transformation, and uses transformation as an opportunity to strengthen security culture. The overall message is that while transformation takes time, companies cannot delay and risk being disrupted by competitors, so they must mobilize resources and recruit leadership to start disrupting themselves.
This document outlines a 9-step process for digital transformation comprised of 3 stages: start your own disruption, design, and architecture & security. The start stage involves cataloging existing digital initiatives, using cloud capabilities for experimentation, and learning from digital disruptors. The design stage consists of developing an end-game business model, performing a gap analysis, and weighing mergers & acquisitions. The architecture & security stage defines the optimal IT architecture, audits legacy technologies, builds out a dual-speed architecture, establishes a data security strategy, maintains security during transformation, and leverages transformation as a security opportunity.
This document provides 7 tips for beating the IT compliance budget crunch through streamlining risk and compliance efforts using IT governance, risk, and compliance (GRC) automation software. Such software can help automate manual processes like asset inventory, control testing, and data collection to reduce costs while improving compliance. The document also discusses how focusing on critical issues, eliminating process overlap, and developing a continuous risk management infrastructure can provide ongoing budget relief through more effective resource allocation.
The document discusses the need for media and entertainment companies to implement a digital asset management (DAM) strategy to manage their digital content as the industry shifts to on-demand media. It recommends taking a phased approach to DAM implementation, with careful planning, change management, and selection of technology partners and vendors. Benefits of DAM include cost savings, new revenue streams, and better rights management, but success depends on an organization's ability to manage change.
Opportunity Snapshot - Accelerating Digital Transformation With Technology (F...havoc2003
In February 2017, Microsoft commissioned Forrester Consulting to better understand how enterprises across the globe are pursuing
digital strategies. This study focuses on the outcomes they sought, the challenges they faced, and the improvements they are realizing.
More specifically, this study highlights the role that technology has played in accelerating digital transformation efforts — showcasing
specific benefits received by incorporating key technology pieces into the overall business strategy.
The document outlines the top 10 pitfalls of application management services. It discusses issues like poorly managed transitions from sales to delivery, lack of application portfolio rationalization, unclear definitions of quality and metrics, poor communication, insufficient governance, and lack of innovation in partnerships. The document provides recommendations to avoid these pitfalls like comprehensive planning, establishing governance structures, and focusing on continuous improvement.
The document outlines nine key steps that companies can take as part of a digital transformation journey to disrupt themselves before competitors do. The steps include: 1) designing an end-game disruptive business model, 2) analyzing gaps between the current and future models, 3) determining how to execute the transition, 4) architecting new technology, 5) auditing legacy systems, 6) building out a dual-speed IT architecture, 7) establishing a data security strategy, 8) maintaining security during transformation, and 9) using transformation as an opportunity to escalate security standards across the enterprise. Taking these steps can help traditional firms successfully transition to competing in the new digital landscape.
The document discusses challenges that companies face in scaling digital supply network (DSN) pilots to an enterprise level. It argues that the traditional "fail fast" approach may no longer be appropriate, as some DSN capabilities like predictive maintenance have matured and are proven to provide benefits. Instead, companies can take a more customized approach to piloting and scaling based on the maturity and strategic fit of the use case. Analyzing how other companies have successfully scaled certain DSN capabilities can help inform a targeted path for scaling one's own digital transformation.
The document discusses strategies for managing legacy insurance IT systems. It notes that while many systems were built decades ago, they still handle the majority of in-force policies. It advocates taking a strategic, business-driven approach to transitioning away from legacy systems through incremental changes like staging new products on new systems or wrapping new features around existing systems. This focuses on near-term deliverables rather than expensive, long-term replacement projects. It also discusses how service-oriented architecture and business process management can help with this transition in a measured way.
Innovation connections quick guide managing ict risk for business pdfAbdulbasit Almauly
This document provides guidance on managing ICT risks for small to medium businesses. It discusses:
1) The importance of risk management and identifying risks before undertaking new business activities or decisions. 2) Common risk management methodologies like risk registers and risk matrices to document and evaluate risks. 3) Major types of ICT risks for businesses related to falling behind technology, poor purchasing decisions, lack of organizational commitment, and missed innovation opportunities. 4) Steps to identify and manage risks when assessing and procuring new ICT products and services.
Only 50% of mergers actually increase shareholder value. Why? Often, one of the culprits is product complexity. Companies that manage the complexity of a newly combined product portfolio can capture value, smooth the overall merger process
Greater awareness in recent years of the volatility of the risk environment, together with the regulatory impetus provided by
corporate governance requirements, has placed effective risk management high on the corporate agenda. Changing attitudes
to risk management have also resulted in the emergence of a more holistic and proactive approach to managing exposures.
Allgress Business Risk Intelligence provides consistent, repeatable and defensible metrics to help CISOs align security programs with business objectives. It aggregates massive amounts of risk data and turns it into meaningful intelligence through effortless dashboards and analytics. This helps identify under-exposed risk areas, prioritize security appropriately, and demonstrate how initiatives impact an organization's security posture and business results.
This document discusses global supply chain mega trends for 2010-2011. It identifies several paradigm shifts that leading firms are making to transform their supply chains, including shifting from customer service to relationship management, forecast-driven to demand-driven supply chains, adopting knowledge-based learning over traditional training, and moving from supply chain design to supply chain analytics. The trends reflect the transition to a more technology-driven society and economy. Effective implementation of these trends will help supply chain partners create efficient and customer-centric solutions.
The document discusses the concept of a "storage hypervisor" which would provide a layer of abstraction between physical storage resources and applications using them, similar to how server hypervisors virtualize servers. It notes that server virtualization has proven very efficient by allowing multiple applications and operating systems to run on one physical server. A storage hypervisor could provide similar benefits by making storage from different vendors and with different protocols able to work together transparently and improve availability, speed, and utilization of storage resources. However, true storage hypervisors that provide all these capabilities in a multi-vendor environment have not been fully realized yet.
IntraLinks provides enterprise collaboration solutions that facilitate the secure exchange of critical information both inside and outside organizations. Their solutions help companies organize, manage, share, and track information to accelerate workflows and optimize business processes. IntraLinks has over 750,000 users across 90,000 organizations, including many Fortune 1000 companies, and provides global 24/7 support.
The document provides an overview and evaluation of 14 governance, risk, and compliance (GRC) platform vendors. It finds that Enablon, Nasdaq BWise, MetricStream, Rsam, SAP, SAI Global, and EMC/RSA lead in the market based on having strong current offerings and strategies addressing future needs. It also finds that LogicManager, Protiviti, Thomson Reuters, Wolters Kluwer Financial Services, IBM, Resolver, and Navex Global are competitive due to their strong offerings, if sometimes more focused on specific solutions. Overall, the GRC platform market has matured but vendors still need to focus more on customer needs, industry expertise, and guidance over just
This document outlines a 9-step process for digital transformation consisting of 3 main stages: design, architecture, and security. The design stage involves developing an end-game business model, performing a gap analysis, and weighing mergers and acquisitions. The architecture stage defines the optimal IT architecture through a technology audit and building a dual-speed architecture. The security stage establishes a data security strategy, maintains security during transformation, and uses transformation as an opportunity to strengthen security culture. The overall message is that while transformation takes time, companies cannot delay and risk being disrupted by competitors, so they must mobilize resources and recruit leadership to start disrupting themselves.
This document outlines a 9-step process for digital transformation comprised of 3 stages: start your own disruption, design, and architecture & security. The start stage involves cataloging existing digital initiatives, using cloud capabilities for experimentation, and learning from digital disruptors. The design stage consists of developing an end-game business model, performing a gap analysis, and weighing mergers & acquisitions. The architecture & security stage defines the optimal IT architecture, audits legacy technologies, builds out a dual-speed architecture, establishes a data security strategy, maintains security during transformation, and leverages transformation as a security opportunity.
This document provides 7 tips for beating the IT compliance budget crunch through streamlining risk and compliance efforts using IT governance, risk, and compliance (GRC) automation software. Such software can help automate manual processes like asset inventory, control testing, and data collection to reduce costs while improving compliance. The document also discusses how focusing on critical issues, eliminating process overlap, and developing a continuous risk management infrastructure can provide ongoing budget relief through more effective resource allocation.
The document discusses the need for media and entertainment companies to implement a digital asset management (DAM) strategy to manage their digital content as the industry shifts to on-demand media. It recommends taking a phased approach to DAM implementation, with careful planning, change management, and selection of technology partners and vendors. Benefits of DAM include cost savings, new revenue streams, and better rights management, but success depends on an organization's ability to manage change.
Opportunity Snapshot - Accelerating Digital Transformation With Technology (F...havoc2003
In February 2017, Microsoft commissioned Forrester Consulting to better understand how enterprises across the globe are pursuing
digital strategies. This study focuses on the outcomes they sought, the challenges they faced, and the improvements they are realizing.
More specifically, this study highlights the role that technology has played in accelerating digital transformation efforts — showcasing
specific benefits received by incorporating key technology pieces into the overall business strategy.
The document outlines the top 10 pitfalls of application management services. It discusses issues like poorly managed transitions from sales to delivery, lack of application portfolio rationalization, unclear definitions of quality and metrics, poor communication, insufficient governance, and lack of innovation in partnerships. The document provides recommendations to avoid these pitfalls like comprehensive planning, establishing governance structures, and focusing on continuous improvement.
The document outlines nine key steps that companies can take as part of a digital transformation journey to disrupt themselves before competitors do. The steps include: 1) designing an end-game disruptive business model, 2) analyzing gaps between the current and future models, 3) determining how to execute the transition, 4) architecting new technology, 5) auditing legacy systems, 6) building out a dual-speed IT architecture, 7) establishing a data security strategy, 8) maintaining security during transformation, and 9) using transformation as an opportunity to escalate security standards across the enterprise. Taking these steps can help traditional firms successfully transition to competing in the new digital landscape.
The document discusses challenges that companies face in scaling digital supply network (DSN) pilots to an enterprise level. It argues that the traditional "fail fast" approach may no longer be appropriate, as some DSN capabilities like predictive maintenance have matured and are proven to provide benefits. Instead, companies can take a more customized approach to piloting and scaling based on the maturity and strategic fit of the use case. Analyzing how other companies have successfully scaled certain DSN capabilities can help inform a targeted path for scaling one's own digital transformation.
The document discusses strategies for managing legacy insurance IT systems. It notes that while many systems were built decades ago, they still handle the majority of in-force policies. It advocates taking a strategic, business-driven approach to transitioning away from legacy systems through incremental changes like staging new products on new systems or wrapping new features around existing systems. This focuses on near-term deliverables rather than expensive, long-term replacement projects. It also discusses how service-oriented architecture and business process management can help with this transition in a measured way.
Innovation connections quick guide managing ict risk for business pdfAbdulbasit Almauly
This document provides guidance on managing ICT risks for small to medium businesses. It discusses:
1) The importance of risk management and identifying risks before undertaking new business activities or decisions. 2) Common risk management methodologies like risk registers and risk matrices to document and evaluate risks. 3) Major types of ICT risks for businesses related to falling behind technology, poor purchasing decisions, lack of organizational commitment, and missed innovation opportunities. 4) Steps to identify and manage risks when assessing and procuring new ICT products and services.
MindTree Considers Leading Enterprise Contract Management SoftwareIcertis
MindTree selects Icertis Contract Management solution based on its end-to-end functionality, ease of use, and quick time to deployment. The contract management system has significantly improved MindTree’s complex contract management capabilities.
The document proposes an enterprise social software solution hosted in the cloud and built on Microsoft's products. It projects $15 billion in first year sales from 100 million licenses sold at $150 each. The solution aims to enhance collaboration and optimize communication securely across organizations. Risks include security breaches and an unfavorable reaction to its proprietary nature, but these are assessed as medium to low risk with mitigation strategies. The marketing strategy leverages Microsoft's brand and distribution channels while emphasizing benefits like cost savings, mobility, and environmental friendliness.
The document discusses the challenges that financial services firms face in digitally transforming their operations to meet the demands of modern customers. It notes that while significant investments have been made in technology, many firms are still in the early stages of the transformation process. The challenges include building mobile-friendly systems, improving user experiences, automating processes, fostering collaboration, and ensuring security. Cloud-based solutions like SunGard's can provide firms flexibility to scale solutions as needed and help accelerate their digital transformations.
GRC 101 ISACA Bengaluru on 28th Dec 2013FixNix Inc.,
For more than 24 months, FixNix has researched compliance for leading Indian e-commerce brands, participated in security forums, and developed SMB GRC products. Now they are presenting on governance, risk, and compliance. The presentation will discuss prioritizing issues, organizing resources, and mobilizing people to drive lasting change in communities. It will also cover the GRC market landscape and trends such as increasing regulatory demands, enterprise risk management, and integrating risk data from new sources.
Ariba Knowledge Nuggets: Contracts in the CloudSAP Ariba
An increasing number of companies are embracing cloud-based solutions like SaaS to manage critical tasks across various business functions including contract management. However, contract negotiators are often not included early in the process of evaluating new solutions. Effective contract management in the cloud requires alignment between business users and legal teams from the start to ensure contract terms meet both business and legal needs.
The Evolving Business Case for Social Media in HealthcareChris Hoffmann
An assessment of how this unique communication platform is helping healthcare consumers, care providers and other stakeholders support decision making and simplify complex online interactions.
An assessment of where awareness and trust meet the challenges of reimbursement, planning and advocacy within the decision-making processes of care for seniors.
The document discusses the complexities and opportunities presented by public health insurance exchanges established under the Affordable Care Act. It finds that states have underestimated the costs and complexity of creating these exchanges. While new opportunities may emerge around health insurance distribution, significant challenges around technology, funding, and long-term sustainability complicate establishing exchanges that meet their goals.
TripleTree mHealth Research & Survey ReportChris Hoffmann
This document discusses the growing market for mobile health (mHealth) technologies. It notes that wireless and mobile delivery is redefining healthcare by streamlining its delivery and making it faster, more accurate, and cost-effective. The past year saw significant innovation in mHealth and increased interest and adoption driven by government programs and changing patient expectations. While challenges remain, mobile technologies are becoming a critical part of healthcare delivery and many experts believe we have reached a tipping point where meaningful disruption and change will occur.
The document discusses the eDiscovery market and opportunities for emerging eDiscovery vendors. It notes that the market is shifting from a reactive, case-driven model to a more proactive approach focused on enterprise compliance. For emerging vendors to succeed, they need scalable technology and the ability to integrate with broader content management and information governance initiatives. The document also analyzes acquisition trends that see global software firms acquiring specialized eDiscovery vendors to fill gaps and gain expertise in this growing market segment.
TripleTree analyzed the collaboration landscape and found significant fragmentation across internal and external collaboration tools. The report identifies over a dozen categories of collaboration solutions with a range of market sizes. TripleTree advocates integrating collaborative capabilities within enterprise applications to better support business workflows, rather than relying on niche collaboration point solutions. Email is the most widely used internal collaboration tool due to its accessibility, intuitiveness, standardization, and role-based functions, but has limitations and is not optimal for all business functions.
In 2009, the healthcare and technology sectors saw significant mergers and acquisitions as well as initial public offerings. Large companies made major acquisitions to expand into new areas, bringing new players into the industry. Some companies pursuing high growth also had successful IPOs despite the difficult market conditions. Analytics emerged as a hot sector relevant across the healthcare continuum. Remote patient monitoring and population health management showed promise but still had many unanswered questions. Cloud computing, mobile platforms, and data analytics were areas poised to transform healthcare IT and improve outcomes.
This document provides an annual synopsis and outlook from TripleTree, an independent investment bank focused on mergers and acquisitions, capital formation, and strategic advisory for healthcare and technology firms. It discusses the challenging economic environment of 2009 and how some companies emerged as leaders through strategic acquisitions and capital raises. TripleTree also summarizes its research focus areas and recent reports on emerging trends in healthcare, technology, and other industries.
This document discusses drivers of the growth of wireless and mobile health (mHealth) solutions. Rising healthcare costs in the US are a key driver, with spending projected to reach 20% of GDP by 2016. mHealth solutions offer innovations that can optimize patient safety and drive down costs by connecting and informing patients and caregivers. Examples given include using mHealth to mitigate errors, improve chronic disease management, and enhance access to care especially in developing countries. Adoption challenges include technological, financial, regulatory and behavioral barriers that must still be addressed for mHealth's full potential to be realized.
SaaS platforms are evolving to meet the needs of emerging SaaS vendors. Major technology companies are positioning themselves as SaaS platforms and offering development tools, operations support, and marketing capabilities to SaaS vendors. This allows SaaS vendors to focus on their specialized applications while leveraging a platform for additional functions. Deciding whether and how to align with a SaaS platform is an important consideration for SaaS company CEOs.
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...Neil Horowitz
On episode 272 of the Digital and Social Media Sports Podcast, Neil chatted with Brian Fitzsimmons, Director of Licensing and Business Development for Barstool Sports.
What follows is a collection of snippets from the podcast. To hear the full interview and more, check out the podcast on all podcast platforms and at www.dsmsports.net
Discover timeless style with the 2022 Vintage Roman Numerals Men's Ring. Crafted from premium stainless steel, this 6mm wide ring embodies elegance and durability. Perfect as a gift, it seamlessly blends classic Roman numeral detailing with modern sophistication, making it an ideal accessory for any occasion.
https://rb.gy/usj1a2
3 Simple Steps To Buy Verified Payoneer Account In 2024SEOSMMEARTH
Buy Verified Payoneer Account: Quick and Secure Way to Receive Payments
Buy Verified Payoneer Account With 100% secure documents, [ USA, UK, CA ]. Are you looking for a reliable and safe way to receive payments online? Then you need buy verified Payoneer account ! Payoneer is a global payment platform that allows businesses and individuals to send and receive money in over 200 countries.
If You Want To More Information just Contact Now:
Skype: SEOSMMEARTH
Telegram: @seosmmearth
Gmail: seosmmearth@gmail.com
At Techbox Square, in Singapore, we're not just creative web designers and developers, we're the driving force behind your brand identity. Contact us today.
How to Implement a Strategy: Transform Your Strategy with BSC Designer's Comp...Aleksey Savkin
The Strategy Implementation System offers a structured approach to translating stakeholder needs into actionable strategies using high-level and low-level scorecards. It involves stakeholder analysis, strategy decomposition, adoption of strategic frameworks like Balanced Scorecard or OKR, and alignment of goals, initiatives, and KPIs.
Key Components:
- Stakeholder Analysis
- Strategy Decomposition
- Adoption of Business Frameworks
- Goal Setting
- Initiatives and Action Plans
- KPIs and Performance Metrics
- Learning and Adaptation
- Alignment and Cascading of Scorecards
Benefits:
- Systematic strategy formulation and execution.
- Framework flexibility and automation.
- Enhanced alignment and strategic focus across the organization.
SATTA MATKA SATTA FAST RESULT KALYAN TOP MATKA RESULT KALYAN SATTA MATKA FAST RESULT MILAN RATAN RAJDHANI MAIN BAZAR MATKA FAST TIPS RESULT MATKA CHART JODI CHART PANEL CHART FREE FIX GAME SATTAMATKA ! MATKA MOBI SATTA 143 spboss.in TOP NO1 RESULT FULL RATE MATKA ONLINE GAME PLAY BY APP SPBOSS
Top mailing list providers in the USA.pptxJeremyPeirce1
Discover the top mailing list providers in the USA, offering targeted lists, segmentation, and analytics to optimize your marketing campaigns and drive engagement.
Navigating the world of forex trading can be challenging, especially for beginners. To help you make an informed decision, we have comprehensively compared the best forex brokers in India for 2024. This article, reviewed by Top Forex Brokers Review, will cover featured award winners, the best forex brokers, featured offers, the best copy trading platforms, the best forex brokers for beginners, the best MetaTrader brokers, and recently updated reviews. We will focus on FP Markets, Black Bull, EightCap, IC Markets, and Octa.
How MJ Global Leads the Packaging Industry.pdfMJ Global
MJ Global's success in staying ahead of the curve in the packaging industry is a testament to its dedication to innovation, sustainability, and customer-centricity. By embracing technological advancements, leading in eco-friendly solutions, collaborating with industry leaders, and adapting to evolving consumer preferences, MJ Global continues to set new standards in the packaging sector.
Best practices for project execution and deliveryCLIVE MINCHIN
A select set of project management best practices to keep your project on-track, on-cost and aligned to scope. Many firms have don't have the necessary skills, diligence, methods and oversight of their projects; this leads to slippage, higher costs and longer timeframes. Often firms have a history of projects that simply failed to move the needle. These best practices will help your firm avoid these pitfalls but they require fortitude to apply.
Part 2 Deep Dive: Navigating the 2024 Slowdownjeffkluth1
Introduction
The global retail industry has weathered numerous storms, with the financial crisis of 2008 serving as a poignant reminder of the sector's resilience and adaptability. However, as we navigate the complex landscape of 2024, retailers face a unique set of challenges that demand innovative strategies and a fundamental shift in mindset. This white paper contrasts the impact of the 2008 recession on the retail sector with the current headwinds retailers are grappling with, while offering a comprehensive roadmap for success in this new paradigm.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.AnnySerafinaLove
This letter, written by Kellen Harkins, Course Director at Full Sail University, commends Anny Love's exemplary performance in the Video Sharing Platforms class. It highlights her dedication, willingness to challenge herself, and exceptional skills in production, editing, and marketing across various video platforms like YouTube, TikTok, and Instagram.
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Tastemy Pandit
Know what your zodiac sign says about your taste in food! Explore how the 12 zodiac signs influence your culinary preferences with insights from MyPandit. Dive into astrology and flavors!
Storytelling is an incredibly valuable tool to share data and information. To get the most impact from stories there are a number of key ingredients. These are based on science and human nature. Using these elements in a story you can deliver information impactfully, ensure action and drive change.
1. NEXT GENERATION
COMPLIANCE
BUILDING A PLATFORM APPROACH TO ENTERPRISE
COMPLIANCE AND RISK MANAGEMENT
A TripleTree Industry Analysis
SPOTLIGHT REPORT
WWW.TRIPLE-TREE.COM 952.253.5300
2. TABLE OF CONTENTS
INTRODUCTION 2
THE COMPLIANCE LANDSCAPE –
DEFINING A SECTOR AMID RAPID GROWTH 4
ASSESSING AND MANAGING ENTERPRISE RISK 5
MATURING PLATFORMS 9
CONCLUSION 11
THE TRIPLETREE TEAM 12
TripleTree, LLC
7601 France Avenue South
Suite 150
Minneapolis, MN 55435
t 952.253.5300
f 952.253.5301
www.triple-tree.com
MINNEAPOLIS 952.253.5300 WWW.TRIPLE-TREE.COM Q1 2008 COMPLIANCE PAGE 1
3. INTRODUCTION
Compliance is undoubtedly one of hottest, but perhaps one of the most
misunderstood sectors within enterprise software. The complexity of corporate
governance and a stricter regulatory environment are driving the market for
solutions that help enterprises manage risk, satisfy compliance mandates, and
meet government initiatives.
Though the scope of the term compliance varies from vendor to vendor, TripleTree
views compliance as the broader set of business practices and technologies that
seek to find solutions in the areas of enterprise risk management, corporate
governance, IT governance, and compliance controls management. The vendor
landscape is rapidly expanding as both emerging vendors and global technology
leaders roll out solutions and product road maps for an expanding market.
These solutions are engineered to address a flood of regulatory requirements in
establishing good governance practices and industry standards which are now at
the forefront in the highest levels within most organizations.
This Executive Digest is the first in a series from TripleTree addressing the
evolution of governance, risk and compliance market. At a high level, it assesses
why compliance and risk management needs are top-of-mind for enterprises and
where vendors are creating automated solutions to serve these evolving set of
needs. It will conclude with a viewpoint of how an enterprise-wide compliance
platform and ecosystem will evolve in what is currently a highly fragmented
market.
Looking ahead to future Executive Digest reports, TripleTree’s compliance
research agenda will cover:
• An expanded view on compliance, risk management, and governance
platforms with perspectives on platform approaches to managing compliance
initiatives;
• A review of the various delivery models and deployment scenarios for
compliance solutions ranging from licensed software to SaaS, and hybrid
models to outsourcing; and
• A viewpoint for emerging company CEOs on compliance solutions that will
assess how this sector may mature including areas for cooperation, likely
vendor consolidation and ideas for value maximization.
PAGE 2 Q1 2008 COMPLIANCE WWW.TRIPLE-TREE.COM MINNEAPOLIS 952.253.5300
4. COMPLIANCE MANAGEMENT
Compliance Management is Top-of-Mind for C-Level Executives
Enterprises of all sizes are scrambling to establish compliance solutions to address
the tens of thousands of federal, state, local, and international regulations
ranging from well known mandates such as Sarbanes-Oxley (SOX), Patriot Act,
HIPAA, and NERC in the U.S., to J/SOX in Japan and Basel II in Europe, plus a
number of lesser known compliance arenas like FISMA, PCI and alpha-numeric
combinations like ISO 15489 and SEC 17a-4.
There are simply too many regulations affecting every aspect of an organization’s
business processes and systems to manage them effectively ad-hoc. With billions
of dollars of potentially business-wrecking fines, it is becoming increasingly
clear that compliance initiatives must be addressed through automation and a
comprehensive, repeatable process rather than as a one-off project. A range of
functionality can be included in a comprehensive compliance solution. Based on
TripleTree’s ranking of compliance vendors, a basic list of tech-enabled functions
must minimally include:
• Business Process Modeling
• Controls Automation (both IT & Business/Financial)
• Dashboards
• Document Management
• Financial Reporting Integration
• Policy Management
• Risk Management
• Audit Support
Given the cross functional application and infrastructure technologies that are
impacted by compliance mandates, today’s compliance solutions must link or
collaborate with enterprise content management, business intelligence, business
performance management, and various reporting and analytical applications.
MINNEAPOLIS 952.253.5300 WWW.TRIPLE-TREE.COM Q1 2008 COMPLIANCE PAGE 3
5. THE COMPLIANCE LANDSCAPE
Defining a Sector Amid Rapid Growth
An entire sector of software vendors have emerged to offer solutions engineered
to automate compliance processes and features as previously listed. TripleTree
tracks over 300 such vendors and has only scratched the surface. A few vendors
have designed a platform approach to broad-based compliance issues within the
enterprise, but the majority are best classified as point solution vendors addressing
only particular compliance control areas. Many others have largely stumbled
into the compliance category from adjacent markets such as security, business
intelligence, or content management.
The rise of the point solution vendors began in the late 1990s as enterprises
began to realize that manually addressing regulations through audits and ad-hoc
home-grown tracking applications was simply not cost effective. Largely, many of
these firms have specialized in one or a few regulatory mandates such as Sarbanes-
Oxley and have worked to broaden their solution into other regulatory and
control areas. In addition to these specialists, ‘compliance’ has become a magic
descriptor finding its way into almost every enterprise software vendor’s solution
vernacular and product road map, making it very difficult for enterprises to sort
out an ever growing landscape of providers.
Though no clear consensus exists on the current size of the compliance market,
some analysts peg the sector as a greater than $50 billion opportunity and others see
it as much smaller. The wide range in sizing is indicative of how varied the market
definitions of the space are. Based on scores of TripleTree vendor briefings and end-
user feedback, what is clear is that the definitions of compliance are shifting to
meet economic and legislative demands. As such, the more innovative providers
of compliance solutions are being forced to pivot and hone their market awareness,
strategy, messaging and product development.
• Definitions: Common definitions for compliance areas are absent in our
risk-aware business culture. Compliance is a broad reaching concept that
touches a number of business processes and functional domains within an
organization. Vendor solutions need simplification for interest and adoption
to grow.
• Fragmentation: Many organizations are using numerous compliance solutions
particular to the needs of the CFO, general counsel, chief compliance officer,
CIO, and marketing. With these distinct buyers come misconceptions about
how compliance policies should be mandated and managed.
• Incomplete Solutions: A majority of software vendors claim to have a
complete compliance solution but only address a narrow set of requirements
around specific control points or a handful of regulations.
• Emerging Vendor Leadership: Enterprise platform players and a select group of
innovative ISVs are driving solution definition in the compliance sector. During
the next few quarters, awareness, acceptance and a resulting consolidation in the
sector will occur as global firms fill gaps in their solutions.
PAGE 4 Q1 2008 COMPLIANCE WWW.TRIPLE-TREE.COM MINNEAPOLIS 952.253.5300
6. ASSESSING AND MANAGING ENTERPRISE RISK
Approaching compliance management with consistency across an organization is
challenging. In most organizations, compliance control is not a holistic process
and most issues are addressed at the business unit or product level. The following
is a simplified view of a typical enterprise:
• Human capital management teams must adhere to labor laws
• Finance departments manage various regulations and disclosures as
well as provide means for transparency and independent verification
• Manufacturing teams address product safety and quality requirements
• Legal dictates internal policies while collaborating with external
counsel on litigation issues, discovery, and IP protection
• IT departments focus on security and data privacy
• Marketing departments are managing key customer and billing
information with sales teams, channel partners and customer service.
As a by-product of this fragmentation, information and process silos have
emerged across these departments and the resulting compliance investments will
remain ad-hoc for the foreseeable future. However, compliance solutions that
remain narrowly focused around discreet issues will struggle to become a relevant
compliance platform.
Regulatory Compliance
Regulatory compliance remains a critically important function and a component
of most broad risk management and governance platforms. To properly understand
and manage risk, meet regulatory and corporate requirements, and execute on
governance initiatives, enterprises need a robust and comprehensive application
suite and these suites are beginning to materialize as Governance, Risk and
Compliance (GRC) solutions.
For many compliance vendors, GRC and their component terms (governance,
risk and compliance) are often used interchangeably. However, TripleTree
believes clear distinctions should and must be drawn between the scope and
functionality for solutions that address compliance risk management and
governance automation.
GRC
Compliance management is the label used to describe a holistic compliance
framework which can span an enterprise through transparent and efficient processes.
We narrowly classify GRC as a subsegment of technology solutions within the
broader compliance management framework. Though this naming convention
may seem counterintuitive given that ‘C’ in GRC stands for ‘compliance’, this
nomenclature is used by a majority of leading vendors and industry analyst groups.
While several GRC solutions exist, TripleTree defines a complete GRC program as
one which takes a federated approach integrating compliance control points into
broader, collaborative enterprise-wide schemas. End-users can be easily confused
as vendors use GRC as an umbrella term to describe point based solutions that
treat individual compliance and risk initiatives as compartmentalized silos within
an organization, as opposed to taking a more top-down approach.
MINNEAPOLIS 952.253.5300 WWW.TRIPLE-TREE.COM Q1 2008 COMPLIANCE PAGE 5
7. IT Governance
Through our proprietary research, TripleTree has discovered patterns where IT
Governance (ITG) is transcending pre-defined boundaries into a broader IT
governance, risk and compliance management (IT-GRC) definition. Broadly
speaking, traditional ITG is a framework by which organizations leverage internal
.
IT assets to support and manage governance, risk and compliance initiatives
Understanding the across the enterprise. Inherent in these ITG strategies are how the procedures
Components of GRC and responsibilities which govern risk and compliance integrate with work flows.
While GRC vendors cater to the CEO and CFO, IT Governance solutions have
been deployed as controls designed to resolve pain points of the CIO such as
Governance is the framework data management, portfolio management, performance management and disaster
that defines how corporations are recovery. Vendors are finding that the most effective ITG platforms integrate
managed to achieve corporate technologies which extract value from the IT infrastructure by integrating
previously isolated IT control points into a top-down decision making process.
goals.
Early IT Governance solutions were limited to best-of-breed applications that
helped facilitate Project Portfolio Management (PPM) initiatives and decision
Risk Management is the process making processes surrounding IT investments. By providing tools that helped
of identifying and assessing analyze, prioritize, and make decisions, these solutions created a framework and
enterprise risk within a developed process by which organizational IT goals could be measured and initiatives for
framework to address those risks. value creation discovered.
Though risk management is a
discipline practiced throughout Corporate leaders are now taking a top-down approach for compliance control
across the enterprise and are looking to IT as a critical support for GRC and all
enterprise, it has historically been
enterprise compliance initiatives.
implemented on an ad-hoc basis
to address isolated risk silos.
An Enterprise-Wide View on Compliance Management
Though many vendors currently offer tools that address many compliance control
Compliance Management points, a platform has not yet evolved to adequately address all key elements of
defines how corporations conform enterprise compliance management.
to guideline laws set forth by
governmental agencies or industry An enterprise-wide compliance solution must address both the management
needs that span business and IT. Information management, analytics, financial
standards. It also defines internal
controls, internal audits, eLearning, labor laws and traditional IT governance
policies and best practices.
areas like asset management, security, and content management are inclusive
Compliance technologies have of these needs. A holistic enterprise compliance platform must address both
traditionally been control point the “top-down” business-facing processes and systems and the “bottom-up” IT
solutions which help users conform controls of the organization.
to a set of parameters for a specific
risk or regulation (i.e. Sarbanes- Only by creating an enterprise-wide ecosystem that unifies the decision making
Oxley). These technologies process between GRC, ITG, ERP, BI, and CPM systems can an organization fully
typically implement transparency realize the value of its compliance programs.
measures to assure outsiders that
an organization is compliant.
PAGE 6 Q1 2008 COMPLIANCE WWW.TRIPLE-TREE.COM MINNEAPOLIS 952.253.5300
8. Figure 1: TripleTree’s Compliance Market Map Q-Diagram
Business Risk and Compliance E nvironmental Indus try Specific F inancial
Health & S afety R egulations C ontrols Internal Audit
E thics P rograms
F raud As s es s ment/AMC Strategic
Storage C orporate F ilings
Consulting
Marketing C ompliance Framework
Operational R is k
C ontract Management S hared S ervices
• Auditing / R eporting / Dashboards
R is k Analytics
Archival & IP /Knowledge
Records • Analytics Enterprise
Management
Management • P olicy / P roces s Management
IT Risk
Apps
• W orkflow
Human R es ources
• B est P ractices IT Compliance
t • Legislative / Regulatory
Training C ertification C apacity P lanning
- S ox, B as el II, HIP AA, C OB IT
ERP • Document Management P erformance Management Content
eDis covery • Incident Management
Security Management
• C onsulting / Services
IT S tandards / S OA Us er Activity Monitoring
Data Management/ IL M ID Management &
Database S egregation of Duty
Partners
Dis as ter R ecovery/ C ontinuity S ervic e Management
P roject P ortfolio
P roject P ortfolio R es ource C hange & C onfiguration
As s et R es ource
Management Management
Management Management IT Risk and Compliance
Source: TripleTree
TripleTree has outlined a list of 30 representative control points within an
enterprise risk and compliance management platform.
Control points on the top half of the diagram are functions typically
associated with business risk and compliance management. The bottom
half of the diagram shows IT risk and compliance management control
points.
The Shared Services box in the center tie together compliance within the
business units and the IT elements throughout an organization. These
services help to better integrate governance, risk and compliance decision
processes with other business goals.
MINNEAPOLIS 952.253.5300 WWW.TRIPLE-TREE.COM Q1 2008 COMPLIANCE PAGE 7
9. Figure 2: A “Top-Down/Bottom-Up” Approach to Compliance
Business Risk and Compliance
Foundation Common
Based Engine
Analytics
Frameworks Extensible
(SOA)
IT Risk and Compliance
Source: TripleTree
This “top-down/bottom-up” model is considered a goal for many of today’s
compliance providers as organizations ultimately will want a comprehensive
solution from a trusted vendor. Engineered solutions designed to help an
organization understand and manage its broad compliance initiatives efficiently
will include automated control points for both the business units and IT.
Because enterprise compliance suites are early in their evolution, organizations
must work toward adopting a federated framework by integrating several point
based controls into a unified system. Organizations that apply this federated
approach should seek a pre-integrated multi-vendor solution based on a common
data repository. This will help to maintain a holistic view of business risk and
compliance initiatives that are in line with business processes. Moreover, the
unified data repository will allow organizations to leverage common shared
services and enable executives to make decisions based on a single, consistent
data source as opposed to deciphering multiple disconnected data streams.
PAGE 8 Q1 2008 COMPLIANCE WWW.TRIPLE-TREE.COM MINNEAPOLIS 952.253.5300
10. MATURING PLATFORMS
As stated, the fragmented market for compliance solutions has been comprised of
a narrow set of control points, a limited set of regulations and some foundations
in IT governance. Recent sector consolidation point toward a maturation of
thinking by leading vendors. We predict the evolution of compliance solutions
will be driven by leading enterprise software vendors and specialized compliance
management vendors racing to fulfill enterprise compliance needs as represented
in both halves of our Q-Diagram on page 7. Today’s compliance specialists are
represented by a list of vendors offering both licensed software and SaaS-based
solutions.
• CA • Oracle • Resolver
• Compliance 360 • OpenPages • SAP
• HP • Paisley • Others
• IBM • Protiviti
Vendor comparisons are difficult since sector definitions and actual capabilities
within the compliance stack do not match up. From the list above, each firm
represents some functionality for financial controls, audit automation or regulatory
control. Solution maturity is varied.
Risk Management capabilities also vary widely among vendors. For instance,
one vendor may have strong dashboard and reporting capabilities alerting users
to compliance deficiencies, while another may take a more process-centric
approach focused on deficiency remediation. Yet another vendor may have
engineered strong ties into a business intelligence-centric, corporate performance
management suite for complex analytics.
A few vendors are messaging and delivering around a “top-down/bottom-up”
approach by touching on several areas of business risk and compliance as well
as IT risk and compliance. However, no single vendor (or ecosystem of ISVs)
provides the comprehensive enterprise-wide compliance solution like the one
outlined in our Q-Diagram.
Consolidation - Further Defining the Sector
Not surprisingly, global technology platform vendors like Oracle and SAP are
beginning to push their GRC/compliance message and assemble their respective
platforms. In terms of capability, market reach, and ability to execute, we consider
the global vendors as the group most capable of assembling the functionally for a
holistic enterprise compliance platform.
Oracle’s strategy includes leading with its financial applications, middleware,
content management (Stellent), and recently acquired compliance assets such
as LogicalApps. Ecosystem partners (ISVs and service providers) will become
increasingly important to Oracle as it broadens its compliance definition within
its GRC strategy.
SAP’s GRC strategy is based on the strength of its financial application platform,
MINNEAPOLIS 952.253.5300 WWW.TRIPLE-TREE.COM Q1 2008 COMPLIANCE PAGE 9
11. HCM, and supply chain assets. Newly acquired capabilities from the likes of Versa
also play a significant role. SAP’s pending Business Objects acquisition foretells
of an increasing focus on analytics and intelligence as a broader risk management
strategy.
Figure 3: Representative Compliance Market Activity Consolidation
D ate B uyer Target D escription
Business Risk and Compliance
O ct-07 Wolters Kluwer PwC (TeamMate Software) Audit management & risk assessment
O ct-07 O racle LogicalApps ERP compliance & monitoring software
Sep-07 X erox Advectis Document management & collaboration SaaS
Jun-07 Iron Mountain Accutrac Software Records management & compliance software
Nov-06 Oracle Stellent Content management software
Apr-06 SAP Virsa Systems, Inc. Segregation of duties; SOX compliance
Feb-06 Fujitsu Consulting GIM Risk Management SOX compliance sysetms integration
IT Risk and Compliance
Sep-07 O racle Bridgestream Identity and access management
Dec-06 IBM Consul Risk Management IT & compliance management software
Jul-06 HP Mercury Business Technology Optimization (BTO) software
Jun-05 CA Niku IT management and governance software
As we foreshadow a consolidation trend, a range of potential consolidators come
to mind. In addition to the obvious global enterprise software vendors, firms
in the integrated information management, publishing, and document services
sectors make interesting acquirers. Certain industry-focused vendors and offshore
BPO vendors are also of consideration.
Key Drivers:
• Compliance is a top-of-mind category;
• Global technology leaders in applications and infrastructure are
racing to be seen as having the most extensive compliance
management platform and by extension want to shape the category
and its components;
• While no single vendor can organically build a holistic platform today,
(the “top-down/bottom-up approach”) compliance ecosystems
(e.g. SAP’s recent linkage with Cisco Systems) will begin to emerge and
consolidate in order to address multiple compliance requirements;
• Disruptive delivery models like SaaS and hybrid solutions (SaaS-
enabled BPO) will become more prevalent, just as they have in other
software categories;
• Since no clear sector leader exists, time-to-market is critical. Most
of the global players know that a “buy” strategy is a more definitive
path to market than “build/partner”; and
• Non-traditional players view compliance as a necessary competence
for up-sell and cross-sell revenue growth. 2008 will be a pivotal year
for M&A in the sector.
PAGE 10 Q1 2008 COMPLIANCE WWW.TRIPLE-TREE.COM MINNEAPOLIS 952.253.5300
12. CONCLUSION
The compliance automation category includes many components, such as
compliance control point automation, GRC, IT Governance/IT-GRC, risk
management, and risk analytics. Today, this category is one of the top areas of
enterprise spend.
Though the market is still somewhat undefined, the leading enterprise software
vendors, pure-play ISVs, and several non-traditional players are working to
redefine the category and establish a leadership position.
This leadership position will be defined on a range of capabilities and compliance
solution CEOs must therefore remain constantly aware of the criterion with
which they are being evaluated in the market. Because of its importance to the
C-Suite and the significant addressable market, TripleTree predicts that a host of
players will aggressively pursue a leadership position through internal investment
and acquisition. For these CEOs considering liquidity options, below are a few
key points:
• Market definitions are solidifying now, and over the next six
quarters consolidation will conclude.
• Depending on a number of factors, valuation guidelines for
licensed software or services-centric compliance businesses will be
in the 1-3x revenue range (TTM) with opportunities for premium
value creation.
• For pure-play SaaS businesses, recurring revenue growth will be
a key metric for garnering a premium well in excess of licensed
software businesses.
• Once the initial wave of consolidation has concluded and
enterprise vendors establish their platform strategies, additional
tuck-under deals will occur, but likely at lower valuations.
As an investment bank and strategic advisor, TripleTree is committed to helping
emerging companies understand how to take advantage of trends like those
outlined in this report. Over the next few quarters, our compliance research
agenda and webcasts will further assess the evolving market, where disruption is
likely, and review vendors delivering on their vision. We welcome the opportunity
to learn more about your business and how we can help your team climb to the
next plateau of market leadership.
MINNEAPOLIS 952.253.5300 WWW.TRIPLE-TREE.COM Q1 2008 COMPLIANCE PAGE 11
13. THE TEAM
Kevin Green, Managing Partner
• Co-founded TripleTree, LLC
• 25+ years building and advising IT companies
• Senior executive roles in public and private IT companies; two as CEO
• Active with numerous industry associations, and Board of
Directors, including SIIA and Connextions
• BA and MBA, University of San Diego
David Henderson, Managing Partner
• Co-founded TripleTree, LLC
• 22+ years in venture capital, business development and as a
senior operating executive
• Seven years of public accounting experience at Arthur Andersen
• CEO of a $400 million asset bank holding company
• Active Board of Director on several public and private companies
• BA, Moorhead State University; Certified Public Accountant
Scott Tudor, Managing Partner
• Joined TripleTree in 1998
• Specializes in IT Outsourcing & Managed Services and Healthcare IT
• Worked on more than 30 transactions with leading global companies
such as UnitedHealth Group and Hewlett Packard
• Served as TripleTree’s research chairman
• BA and JD, University of Illinois; MBA, Carlson School
of Management, University of Minnesota
Chris Hoffmann, Senior Principal/Research Director, Technology
• Joined TripleTree in 2005
• 19+ years of experience an operating executive, consultant, and analyst in
the technology industry
• Transaction activity focus in the areas of software and technology
• Former President of Tier1 Research; executive positions at Gartner,
GE Capital Consulting and IBM Global Services
• BA, University of Minnesota-Duluth; advanced studies through
the University of Minnesota and Michigan State University
Brian Klemenhagen, Senior Principal
• Joined TripleTree in 1999 with over ten years of combined investment
banking and Wall Street equity research experience
• Primary engagement manager across technology, software and
outsourcing sectors
• Principal contributor to TripleTree’s SaaS research
• Prior to joining TripleTree was with RBC Dain Rauscher
• BA, Gustavus Adolphus College; MBA, Carlson School of Management,
University of Minnesota
PAGE 12 Q1 2008 COMPLIANCE WWW.TRIPLE-TREE.COM MINNEAPOLIS 952.253.5300
14. THE TEAM
Scott Donahue, Principal
• 15+ years financial strategy analysis and business development consultation
including marketing, operations support, and technical product development
• Expertise in IT operations and services delivery approaches
• Wall Street experience
• Served in management roles at leading IT firms
• BA, University of California - Santa Barbara; MBA, University of Michigan
Scott Prentice, Associate
• Focus on M&A and private placement activity in the technology sector
• Previously worked on M&A activity at Ingenix, a division of
UnitedHealth Group
• Prior experience included technology capital investment at Target
Corporation and as an IT consultant with Computer Science Corporation
• BA, Bethel College; MBA, Carlson School of Management, University
of Minnesota
Michael Boardman, Senior Analyst
• Specializes in research and analysis of industry trends and investment
opportunities within Software and IT Services
• Prior experience includes an internship with Merrill Lynch
• Held a Cisco Certified Networking Associate Degree (CCNA)
• BA, University of Minnesota; BSB, Carlson School of Management,
University of Minnesota
Matthew Flores, Senior Analyst
• Dedicated to research and analysis within Enterprise Software, Telco,
and Wireless
• Research and transaction experience with TripleTree’s Healthcare and
Mobile Wireless Teams
• BA, Bates College
Jeff Kaplan, Senior Advisor
• Advises TripleTree’s technology team
• Founder and Managing Director of THINKstrategies
• Founder of the Software as a Service (SaaS) Showplace® and Managed
Service Showplace®
• Founding member of the SIIA SaaS Executive Council
• Frequent speaker at industry events and contributing columnist for
BusinessWeek, Mass High Tech Journal, Financial Times of London, and
Network World, among many other industry leading publications
MINNEAPOLIS 952.253.5300 WWW.TRIPLE-TREE.COM Q! 2008 COMPLIANCE PAGE 13