IBM Systems Journal

Optimized enterprise risk management

View publication


As the result of the increasing costs of risk and compliance activities, enterprises are beginning to integrate compliance and risk management into a comprehensive enterprise risk management function and thus proactively address all sorts of risk, including operational risk and the risk of noncompliance. We present the IBM Research enterprise risk management framework, designed to address risk and compliance management in a strategic, integrated, and comprehensive manner. We demonstrate how enterprises evolve along an enterprise-risk-management maturity continuum from a state of mere penalty avoidance through a state of improvement until they finally reach a state of continuous, risk-based transformation. We then explain our high-level model of the enterprise and its environment and describe the central issues, systems, models, and technologies involved. We conclude by presenting the tactical steps necessary to successfully launch enterprise risk management in accordance with our framework. © 2007 IBM.