Today's enterprises face the daunting task of complying with an increasing number of intricate and constantly evolving laws and regulations. While some individual regulations such as Basel II or the USA Patriot Act necessitate the use of risk-based approaches to achieve compliance, the heightened cost and risk of compliance activities have resulted in a general tendency of enterprises to integrate compliance management and risk management into a comprehensive enterprise risk management function. Enterprises are thus proactively addressing all sorts of risk, including operational risk and the risk of non-compliance.
In this paper, we present IBM Research's Enterprise Risk Management Framework that addresses risk and compliance management in a strategic, integrated and comprehensive manner. In accordance herewith, we demonstrate how enterprises evolve along an Enterprise Risk Maturity Continuum from a state of mere penalty avoidance on to a state of improvement until they finally reach a state of continuous, risk-based transformation.
We then delineate our big picture model of the enterprise and its environment and give a detailed description of the central issues, systems, models, and technologies involved.
We conclude our discussion by describing the necessary tactical steps in order to successfully launch enterprise risk management in accordance with our framework.
By: C. Abrams; J. von Känel; Samuel Mueller; Birgit Pfitzmann; S. Ruschka-Taylor
Published in: IBM Systems Journal, volume 46, (no 2), pages 219 in 2007
Please obtain a copy of this paper from your local library. IBM cannot distribute this paper externally.
Questions about this service can be mailed to reports@us.ibm.com .