IBM OpenPages GRC Services | GRC Consulting – iTechGRC

Enterprise risk management technology | What is it?

Enterprise risk management technology

What is Enterprise risk management?

Enterprise risk management (ERM) is the process of planning, organizing, directing, and controlling the activities of an organization to minimize the harmful effects of risk on its revenue as well as reputation. Enterprise risk management includes financial risks, strategic risks, operational risks, and risks associated with accidental losses. ERM can help increase awareness of business risks across an entire organization, instill confidence in strategic objectives, improve compliance with regulatory and internal compliance mandates and enhance operational efficiency through more consistent applications of processes and controls.

What is Enterprise risk management technology?

Enterprise risk management technology collects and consolidates different data from across the company. This data includes incident intake data, customer data, vendor risk data, claims data, financial data, and more. Having all risk data in a single place gives the company the ability to see, assess, and analyze risks across all divisions.

ERM technology makes reporting and analysis of risks much more efficient. Standardized reporting templates, coupled with advanced analytics, customizable visualizations, and among other abilities, give risk managers a powerful tool for reporting to stakeholders. The ability to get detailed and real-time data, the company’s top risks, risk scores over time by category, and more offers greater visibility into program performance. This allows stakeholders to make better business decisions and enables risk managers to prove the value of ERM.

Evaluating Enterprise Risk Management Technology

Before choosing an ERM technology solution, risk managers need to make sure the ERM technology has the 4 things listed below.

A usable User Interface (UI)

For ERM technology to work as intended it must be accessible to and usable by all the departments involved with managing risk. The UI should be modern, easy to use, and intuitive. Poor UI’.s will put off users and will result in lower usage. The UI of ERM technology should, to the extent possible, encourage participation and engagement. You can have the greatest tool in the world but if it is too complicated for you to use it might as well be the worst. IBM OpenPages won the best user interface award at this year’s Risk Market Technology Awards.

Opportunity for cross-organization engagement

Beyond the user interface, ERM technology engages users in several ways.

• Configurable workflow can be used to automatically route problems, risk decisions, incidents, risk assessments and day-to-day risk management activities to accountable stakeholders.

• Workflow typically engages stakeholders via instant messaging and email. It is desirable to make certain that ERM technology can engage stakeholders regardless of the organization’s messaging and mail solutions and that it can do so whether stakeholders are fixed at their workstations or are mobile.

• Modern ERM technology utilizes due dates, ticklers and exception flags to escalate matters requiring management attention.

Ability to Integrate

Risk assessment and constant monitoring require data input related to the performance of controls. As a result, it is critical for ERM technology to easily integrate external data. Some integration may be achieved with simple Microsoft Excel or CSV file uploads. Other cases may require online, real-time integrations that require zero human involvement. ERM technology integration should be carefully evaluated in terms of flexibility, long-term goals and the kinds of data to be integrated.

Configurable calculations

Risk assessments, control evaluations, and exception handling all require calculations. In some cases, these may be as simple as arithmetic operations. In other cases, they may call for sophisticated equations. ERM technology should be able to accommodate all kinds of calculations without using complicated, complicated coding.


ERM technology must be able to produce the wide array of reporting required by each stakeholder and that the reporting engine be sufficiently flexible to allow the creation of new reports without utilizing traditional programming. Before choosing any ERM technology, risk managers should find out what kind of risk management reports stakeholders would like to have and compile a list. The compiled list can then be used to assess each ERM technologies’ reporting capability.

How does OpenPages help with ERM

IBM OpenPages with Watson serves as the foundation for a company’s enterprise risk management (ERM) efforts by unifying enterprise-wide risk and compliance initiatives into a single management system. With solutions for Financial Controls Management, Operational Risk Management, IT Governance, Policy Management, and Internal Audit, OpenPages with Watson provides a modular and integrated approach to governance, risk, and compliance.

Each component provides a highly configurable capability that supports your specific methodology, without having to write custom code, whether in loss events, KRI, or any other solution component. The result is that companies can embed risk management into the business and improve outcomes over time.