Security
Security Services And Solutions—IBM Governance, Risk and Compliance

IBM Governance, Risk and Compliance™ (GRC) solutions enable you to adapt to change and meet risk and regulatory compliance challenges head on with truly innovative technology that is predictive, adaptive, integrated and useful. IBM OpenPages Operational Risk Management™. Identify, manage, monitor, and analyze operational risk across the enterprise. Governance, risk and compliance solutions provide automated tools that enable organizations to evaluate risk posture quickly and easily and analyze key risks. GRC Data Integration and Aggregation—IBM™ comprehensive REST API empowers the IBM GRC™ platform with risk and compliance information from across the business by automatically importing key data points from external operational systems. This enables businesses to extend across unlimited entry points to a fully informed GRC deployment. Analytics and reporting—the IBM OpenPages GRC™ Platform is built on the leading business intelligence platform and provides deep insight and powerful reporting for enterprise-wide risk and compliance initiatives. Faster time to answers about the business context from highly visual, interactive dashboards.

Easier access to game—changing insights with interactive data visualizations. Smarter, risk—aware decisions that drive a better business outcomes and performance. Trusted data for more consistent decisions without data drift or duplication. The key to successful operational risk management is a framework where insurers can define business processes and products and their associated risks, and put in place indicators and controls to manage those risks. IBM OpenPages GRC™ Platform provides the means to implement just such a framework. Furthermore, once established, the platform can offer a foundation for a wider solution to insurers’ increasingly onerous compliance and governance obligations.  The first step in implementing an op risk management framework is gathering the data from diverse sources across the organization. To ease this often fraught and time-consuming process, IBM™ recently introduced an advanced application programming interface (API) for OpenPages that will link with almost any system and facilitate the extraction of information. Once brought into the platform, all information is gathered under a central data model – a key differentiator for IBM’s™ product.

What Makes Compliance Processes Effective

The board of directors and senior management setting a tone at the top and providing compliance and ethics programs with the necessary resources, independence, standing, and authority. Leadership promoting integrity and ethical values in decision—making across the organization and establishing accountability. Incorporating integrity and ethical values into performance management systems and compensation so the right behaviors are encouraged and rewarded, while inappropriate behaviors are firmly addressed. Ensuring effective processes to identify, assess, mitigate and manage compliance and ethics risk across the organization. Establishing, maintaining and updating policies and procedures tailored to the business, risks, regulatory requirements and conflicts of interest. Training tailored to the specific business, risk and regulatory requirements, and which is roles—based so that everyone in the compliance process understands their roles and responsibilities. Monitoring, testing, and surveillance functions that assess the health of the system and report critical issues to management and the board. Ensuring existence of processes where employees can raise concerns confidentially and anonymously, without fear of retaliation, and matters are investigated and resolved with fair and consistent discipline.

Compliance And Governance

Despite the rantings of some so—called experts, the board of directors is not directly responsible for compliance—that’s management’s job. With that said, the board does have an important responsibility to oversee compliance initiatives, and to be comfortable that management has established an effective process. To that end, the board must receive regular reports from the CEO, Chief Compliance Officer and others on the design and functioning of the process, and information reflecting its effectiveness. But we’ve seen compliance programs of some companies designed with the primary objective of developing reports for the board, and frankly they don’t work well. Reporting should be a natural outgrowth of effective compliance management, with the primary focus on ensuring mind-sets and actions that drive effective compliance. The board of directors and senior management setting a tone at the top and providing compliance and ethics programs with the necessary resources, independence, standing, and authority. Compliance functions have long sought to measure the company’s compliance program effectiveness—driven by a self—imposed desire to demonstrate and enhance performance, or by CEOs, boards, regulators or business partners.

Analytics And Reporting

The IBM OpenPages GRC™ Platform is built on the leading business intelligence platform and provides deep insight and powerful reporting for enterprise—wide risk and compliance initiatives. Faster time to answers about the business context from highly visual, interactive dashboards. Easier access to game—changing insights with interactive data visualizations. Smarter, risk—aware decisions that drive a better business outcomes and performance. Trusted data for more consistent decisions without data drift or duplication. Once an organization has implemented its op risk framework on the IBM OpenPages™ platform, it can begin to align it with the myriad of standards and regulations the industry is now subject to. A third step is to bring policy documentation, and its management, onto the platform as well. This is increasingly important in an era where firms often have individual agreements with clients about products and coverage and there is a need to manage multiple risk profiles in terms of exposure and compliance. IBM OpenPages™ has the ability to map the company’s op risk management methodology and complex structures within the platform.