Analyst and research firm Gartner has released the latest edition of its Magic Quadrant for ‘Operational Risk Management Solutions’. The list includes the propositions of 13 solution providers, including the offerings from IBM, Protiviti and SAP.
Risk management is increasingly gaining terrain as a strategic factor for organisations globally. Research by the World Economic Forum shows that over the past years executives have seen a rise in the risks their companies face from changes in the political and business landscape, as well as changes that stem from society and consumer behaviour. In addition, the explosive growth of digital and online in recent years has sparked a wave of new, modern-age risks, in particular risks arising from online vulnerabilities (cybersecurity) and weaknesses in the chains connecting online devices (Internet of Things).
In a bid to get more grip on risks, and gain a more holistic view of risk across the enterprise, chief risk officers and chief information security officers have of late been actively pursuing further integration between the fields of governance, risk and compliance (GRC) and enterprise risk management. By converging the two worlds, and stimulating closer collaboration with other domains such as Vendor Risk, IT and Security, Regulatory Compliance, Audit and the business functions, executives aim at getting a more real-time view of company-wide risk, allowing them to earlier on in the value chain trigger mitigations and counter actions.
The role of technology
Similar to other domains, the transition to a more effective GRC and risk management operating model is largely enabled by technology, and at the heart of the spectrum lie operational risk management (ORM*) software solutions. Such solutions allow organisations to aggregate and normalise data from multiple data sources, including operational and financial systems, as well as from external sources such as regulatory alerts and loss event databases, down the line supporting better business performance and capital allocation. Key benefits of ORM systems include providing a more effective means of assessing risk and control effectiveness, identifying operational risk events, managing remediation efforts, and quantifying the associated operational risk exposure across the enterprise. Other advantages commonly cited are helping companies address the increasing pressure from regulators to improve the risk reporting in annual reports, and lifting the management reporting process.
In its latest Magic Quadrant for ‘Operational Risk Management Solutions’, Gartner identifies the solutions which according to its assessment rank as top of the bill**. Six solutions – developed by Nasdaq, Thomson Reuters, EMC (RSA), MetriStream, IBM and SAS – have been earmarked as leaders in the field, while solutions from Protiviti and SAP have been positioned in the ‘Challenger’ quadrant. Solutions from three firms have been labeled ‘Visionary’, while Wolters Kluwer and Riskconnect have been given the status of niche player.
“Because ORM is so broad, there’s no one-size-fits-all solution that addresses all of our clients’ operational risks,” says Scott Wisniewski, managing director Risk Technologies at Protiviti. “We help our clients implement the most appropriate and cost-effective solution, whether based on our ‘Governance Portal’, other third-party platforms, or SharePoint. As a result, our clients launch their ORM initiatives with greater confidence that they will achieve the results they expect and need to meet their operational and regulatory objectives.” Wisniewski adds that over the past decade or so Protiviti’s consultants have worked with thousands of global clients on GRC matters, including the implementation of the firm’s Governance Portal.
Phil Tesler, CEO of Enablon – one of the larger product offerings available on the market today for end-to-end operational risk management – says his firm is “very happy to see one of the leading information technology analyst firms recognise Enablon as a visionary in operational risk management.”
“We are delighted to be recognized as a Leader in 2015 Magic Quadrant for Operational Risk Management Solutions by Gartner. We believe this is a strong endorsement of our capabilities and our continuous investment in Operational Risk,” comments Gaurav Kapoor, Chief Operating Officer at MetricStream.
In their report, the analysts state that the ORM software market has progressed through the first phases of the Gartner Hype Cycle over the past three to five years, and its maturity level is characterised as early mainstream, with a market penetration of 20% to 50%. In two markets, financial services and healthcare, market maturity is across the board higher, because of organisations' growing need to meet compliance and regulatory requirements, and the desire to avoid severe fines from regulators. Looking ahead, the market is not projected to plateau for another two to five years, and, during that time, it will be shaped by a number of priorities.
* Operational risks are defined by Gartner as those risks that relate to the uncertainty of daily tactical business activities, as well as risk events resulting from inadequate or failed internal processes, people or systems, or from external events.
** The assessment is based on two factors: ability to execute and completeness of vision. Regarding ability to execute, Gartner analysts evaluated technology providers on the quality and efficacy of the processes, systems, methods or procedures that enable their performance to be competitive, efficient and effective, and to positively impact revenue, retention and reputation. Ultimately, technology providers were judged on their ability and success in capitalising on their vision. For completeness of vision, the analysts evaluated technology providers on their ability to convincingly articulate logical statements about current and future market direction, innovation, customer needs, and competitive forces.