 |
Helping present a consistent, enterprise-wide view of risks
|
The challenge
The pressure is on. Hurricanes and human error, the proliferation of global commerce with wide variations in laws and a greater focus on accountability are but a few of the risks companies face every day. Add tomes of exacting regulations designed to bring order and uniformity to the environment – Basel II, the Patriot Act, the Healthcare Insurance Portability and Accounting Act (HIPAA), and the Sarbanes-Oxley Act, for example – and it’s easy to see the daunting challenges on every front. In addition, the two issues – risk and compliance – are often addressed inconsistently at different levels of an organization, with frequent duplications of efforts, technologies and reporting.
Business leaders are realizing that it makes sense to manage risk and compliance in a combined, systematic manner. Regulatory agencies are coming to the same conclusion and are beginning to expect companies not merely to comply with their mandates, but to manage overall risk in a single structured approach.
IBM ODIS teams are working to help companies find broad-based, methodical ways to assess, measure and manage operational risk in its various dimensions: people, processes and technology. IBM Research, IBM Global Business Services and Financial Services groups are working to develop a reusable risk-modeling approach to identify risks throughout an enterprise, along with quantification tools for operational risk assessment. Together they are building a framework based on a unifying classification that presents a consistent, enterprise-wide view of risks.
The approach
IBM’s patent-pending solution models begin with visualization, which allows stakeholders to see meaningful and actionable representations of their risk and compliance efforts. It incorporates business insight methods, models and tools that, together with various operational risk classifications, assess and quantify operational risk and identify potential countermeasures (such as purchasing insurance) to better manage risk. The solution also includes a unifying architecture, which lets business processes and systems comply, measure risk, and report and audit in a uniform way.
Classifying and quantifying risk in this way is designed to help companies make the most of their current risk management dollars and reduce future sending. In addition, it can help put the organization in a better position to demonstrate regulatory compliance in the management and control of operational risk throughout the organization, and in associated areas such as business continuity and information risk management.
Next steps
The IBM On Demand Innovation Services (ODIS) team is working with an international bank on a first-of-a-kind project that focuses on operational risks related to business continuity in the financial services sector, with an emphasis on natural disasters like hurricanes and other external risks like terrorism. The project also is expected to recommend a resource allocation/return-on-investment method for risk management based on overall risk quantification. With a second international bank, the team is working on a risk-based optimization task focusing on reducing risk by distributing applications over a set of servers. The IBM approach is applicable to a wide range of public and private organizations, public utilities and government agencies that require the resilience associated with on demand business.
To find out more about IBM’s work in the critical area of risk and compliance, and how it can help classify and quantify risks across an enterprise, contact ODIS today.