One of the key challenges within the risk, performance, compliance and business continuity areas of the corporation is the management of data in spreadsheets and other office files, often referred to as unstructured data. Spreadsheet control issues for accounting processes have also surfaced in response to Sarbanes-Oxley. Not only do spreadsheets lack the authentication, audit trail, and integrity, but they also lack accessibility to roll-up information into an enterprise wide picture. This is a critical barrier to systematically identify dependencies and track change. Information within spreadsheets is largely inaccessible to infrastructure tools like business intelligence, content management and business process management functionality and the cost of maintenance of this data is unreasonable. The presence of spreadsheets is a symptom of manual processes which are also typically both expensive and error prone.

One of the core value propositions of an Enterprise Risk Management (ERM) solution is to effectively solve this problem of collecting and managing unstructured risk and performance data. A robust ERM solution should provide a schema or organizational hierarchy for risk data so that ERM can bring together unstructured and structured data across the enterprise with the goal to improve decision making. This framework for organizing data provides the foundation for increased quality and efficiency for assessments as well as a process for aggregation and analysis of the information for dependencies. You can download a business architecture that illustrates how problems with spreadsheets are solved within an ERM solution. Click here to download.

Posted by stevenminsky in Compliance • Enterprise Risk Management • Software | Permalink | Comments (0) | TrackBacks (0)

In every emerging market the question of build versus buy arises. Enterprise Risk Management (ERM) is no different. Why a purpose-built application in this space? What is the role of enterprise content, workflow and process management technologies? What is the value proposition for a specific purpose-built application in the ERM software space? Should content and process technologies be built into a vendor application or should the vendor application leverage existing Enterprise Content Management (ECM) and Business Process Management (BPM) technologies in the enterprise?

The ERM platform core value is measured by the degree of delivery of best practices content like key risk indicator libraries and the business process practices as outlined in the Australian Risk Management Standard and COSO ERM framework. Enterprise content, workflow and process management technologies are infrastructure technologies that belong to the realm of corporate technology architecture and not a purpose built ERM platform. Best of class purpose built ERM software will leverage industry standards in these areas to ensure their solutions are as compatible and configurable as possible across the various infrastructure tools that mainstream vendors offer in these areas. The job of the corporate IT organization is to design and manage the architecture, IT processes, security and standards of their corporation. As such, the enterprise should select the infrastructure tools that are appropriate for their company’s needs, not the ERM application vendor.

Business and Risk Management should select the ERM application. ERM vendor solutions should leverage the corporate infrastructure and technology standards. For example, ERM platforms should be role based with hooks to be managed easily by Business Process Management technology in the enterprise. ERM software vendors should provide within their solution the option to reference data and documents within the corporation's document management/content management infrastructure. Only if the company’s technology is absent should the ERM vendor solution provide basic content repository or workflow capabilities as options.

Posted by stevenminsky in Enterprise Risk Management • Software | Permalink | Comments (0) | TrackBacks (0)