Banking giant JP Morgan raised eyebrows in 2012 when it revealed that it had lost a substantial amount of money because of poorly conceived trades it had made for its own account. The losses raised questions about the adequacy of its internal controls, and broader questions about the need for regulations to reduce systemic risk to the banking system. At the heart of the matter were the transactions made by “the London Whale,” the name given to a JP Morgan’s trading operation in the City by its counterparties because of the outsized bets it was making. Until that point, JP Morgan’s Central Investment Office had been profitable and apparently well controlled. In the wake of a discovery of the large losses racked up by “the Whale,” JP Morgan launched an internal investigation into how it happened, and released the findings of the task force established to review the losses and their causes [PDF document].
Topics: GRC, Operational Performance Management (OPM), errors, multidimensional spreadsheet, server, Business Analytics, Business Collaboration, Business Intelligence (BI), Business Performance Management (BPM), Data, Financial Performance Management (FPM), Information Management (IM), risk management, Sales Performance Management (SPM), controls, spreadsheet, trading
I recently spoke with Oversight Systems, an operational intelligence analytics company that uses predictive analytics and optimization to help companies save money, reduce the risk of loss and fraud, and reinforce corporate governance and compliance efforts. Ventana Research views operational intelligence as an emerging technology with the potential for a high return on investment. By continuously monitoring activities in a company’s IT systems, Oversight’s Web-based software continuously, consistently and objectively monitors all business processes to identifies opportunities to save money, cut fraud, minimize risk and provide real-time controls to support governance.
Topics: Big Data, Predictive Analytics, Fraud, Governance, GRC, Operational Performance Management (OPM), audit, Analytics, Business Analytics, Cloud Computing, Governance, Risk & Compliance (GRC), Operational Intelligence, Accounting, Business Performance Management (BPM), Financial Performance Management (FPM), Information Management (IM), Sales Performance Management (SPM), Supply Chain Performance Management (SCPM), controls, Oversight Systems
I recently attended Vision 2012, IBM’s conference for users of its financial governance, risk management and performance optimization software. I reviewed the finance portion of the program in a previous blog. I’ve been commenting on governance, risk and compliance (GRC) for several years, often with the caveat that GRC is a catch-all term invented by industry analysts initially to cover a broad set of individual software applications. Each of these was designed to address specific requirements across a spectrum of users in operations, IT and Finance within a company, often to meet the needs for a specific industry such as financial services or pharmaceuticals. Vision 2012 covered a lot of ground under the GRC heading, confirming the breadth of both this software category and IBM’s offerings in it. I want to focus on two areas: automation of IT governance activities and effective management of GRC-related data.
Topics: Governance, GRC, Operational Performance Management (OPM), Access Controls, identity controls, OpenPages, process controls, Business Collaboration, IBM, Business Performance Management (BPM), compliance, Financial Performance Management (FPM), risk management, controls, IT controls
My colleague Mark Smith and I have frequently commented on the artificiality of the emerging software category governance, risk and compliance (GRC). To be sure, once stand-alone categories of software (IT governance, audit documentation and industry-specific compliance management, to name three examples) have started what I expect to be a long convergence process. Moreover, since just about all controls and risk management efforts require a secure IT environment to be effective, there is a growing interdependence between effective IT governance and everything else connected with enterprise GRC.
Topics: Governance, GRC, Operational Performance Management (OPM), enterprise risk management, ERM, risk metrics, vendor selection, Business Performance Management (BPM), compliance, Financial Performance Management (FPM), Risk, risk management, controls, IT governance