Customer Study on Operational Risk Using OpenPages
powers-old-account 270000NC1K Visits (4000)
I just ran across a very good video from IBM which explains the "GRC" market segment and introduces the IBM OpenPages product. It seems to be HTML5 based and I can't fugure out how to embed it. But I highly recommend following the link and watching it.
The video doesn't directly address the role that IT contributes to the GRC space. It's largely focused on the financial and ERM aspects of risk management. But It's easy to see how IT contributes to the aggregation of operational risk. Offerings like Tivoli Asset Management for IT and Tivoli Endpoint Manager gather the information necessary to understand "what's on the data center floor" and "what's connected to the network." Then OpenPages plus the Cognos Business Intelligence reporting can map that view of the IT environment to a control framework and roll it's metrics up into the overall aggregated risk picture. It's a data integration challenge, of course.
Every organization is a little different and there's fair amount of planning that has to take place to understand which critical controls need to be in place and how to deploy/discover them in the environment and compare them against baseline policies. But IBM has all the nuts and bolts at each level of the organization to create the it operational risk picture.
Perhaps the best customer story around the use of OpenPages is The Operational Risk Exchange, an association for financial institutions who share operational risk data to aggregate their data for industry wide views of operational risk. This report gives a good overview of how the Operational Risk exchange uses OpenPages and may spark some ideas on how your organization can improve it's view of operational risk.