As the result of the increasing costs of risk and compliance activities, enterprises are beginning to integrate compliance and risk management into a comprehensive enterprise risk management function and thus proactively address all sorts of risk, including operational risk and the risk of noncompliance. We present the IBM Research enterprise risk management framework, designed to address risk and compliance management in a strategic, integrated, and comprehensive manner. We demonstrate how enterprises evolve along an enterprise-risk-management maturity continuum from a state of mere penalty avoidance through a state of improvement until they finally reach a state of continuous, risk-based transformation. We then explain our high-level model of the enterprise and its environment and describe the central issues, systems, models, and technologies involved. We conclude by presenting the tactical steps necessary to successfully launch enterprise risk management in accordance with our framework.
Note: The Institute of Electrical and Electronics Engineers, Incorporated is distributing this Article with permission of the International Business Machines Corporation (IBM) who is the exclusive owner. The recipient of this Article may not assign, sublicense, lease, rent or otherwise transfer, reproduce, prepare derivative works, publicly display or perform, or distribute the Article.