• subsection=
    • Wall Street & Technology: Blog
    subscribe August 22, 2006

    Enterprise Risk Management (ERM) and Technology Spending

    By Sandeep Vishnu, BearingPoint

    Technology continues to play an increasing role in risk management as instantiated by the recent entry on the SOX technology burden by Brian Mitchell of JPMorgan. ERM poses a challenge from an expense allocation perspective in that every investment could be directed towards an underlying risk, and it becomes hard to separate out incremental risk-related investments. Some investments are, of course, straightforward. For example, implementing two-factor authentication to reduce unauthorized access is clearly a risk-related investment and should be counted as such.

    However, a platform upgrade to increase capacity to reduce the number of dropped transactions is a business decision that addresses the underlying risk of transaction failure. Should this be viewed as an expense for ERM, the business, a central infrastructure group, or some combination of these or others?

    Risk management and compliance requirements are continuing to increase and overlap, and are creating a growing expense for firms. Regulatory guidance is not always prescriptive and firms have to interpret regulations to translate them into a set of tasks and activities. This becomes harder to do when regulations are planned, but not implemented. The subjectivity of certain regulations (e.g., Basel Pillar II) also makes it harder to define minimum compliance requirements and creates a challenge for prioritization of activities. Nonetheless, the translation of regulatory requirements into tasks and activities creates a portfolio of projects that may, at times, complement, compete or conflict with each other. This is the point at which spending can increase substantially, or it can also be the point at which rationalization begins. Several of these projects have technology components where overlaps and scaling can be addressed.

    A detailed evaluation of the portfolio of projects at the activity block level can yield areas of commonality and allow for the development of a portfolio implementation plan, rather than a project implementation plan. This plan would allow for the sequencing and prioritization of activities, giving preference to those with core business contribution and deferring those, if possible, with pure compliance features. An absence of such prioritization or sequencing will create a perception of "out-of-control" spend and a lack of appreciation of the business value being driven by ERM. This prioritization and sequencing is also needed to allow for current risk personnel to manage the increased scope of activity, while getting some time to acquire appropriate resources (internal or external).

    In summary, budgetary pressures, continuing regulatory uncertainty and subjective interpretations of regulatory requirements increase the need for rationalizing the portfolio of risk projects and for further streamlining corporate resources engaged in risk and compliance activities. The lack of such prioritization will increase the burden on enterprise risk management programs to justify their budgets and contribution.

    Posted by Greg MacSweeney at 09:31 AM



    This is a public forum. CMP Media and its affiliates are not responsible for and do not control what is posted herein. CMP Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.

    Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of CMP Media LLC and may be edited and republished in print or electronic format as outlined in CMP Media's Terms of Service.

    Important Note: This comment area is NOT intended for commercial messages or solicitations of business.


    CHECK THIS OUT

    Novell Real Time Linux Webcast Series
    In order to succeed, companies must be able to respond quickly, deliver superior value and quality of service, and carefully manage their costs. In this series of brief webcasts, you will learn how SUSE Linux Enterprise Real Time from Novell enables organizations to respond quicker by delivering low latencies, deliver increased value with fast response times, and better manage costs.

    Events

    Live Events:
    Bank Systems & Technology's 3rd Annual Executive Summit
    October 19-22, 2008

    Avoiding the Mobile Blind Spot: Enhanced Security for the Wireless Workplace
    October 28, 2008

    Buy-Side Trading Summit 2008
    November 16-18, 2008

    Accelerating Wall Street 2009
    March 18, 2009


    Web Events:
    Good to the Last Watt: Improving Performance and Efficiency in Wall Street’s Data Centers
    October 15, 2008

    Rising to the Challenge of Operational Governance
    October 22, 2008


    Marketplace

    Career Center


    Ready to take that job and shove it?

    Function:
    Information Technology
    Engineering
    State:


    Keyword(s):

    Browse By:
    State | City

    InformationWeek Business Technology Network
    InformationWeekInformationWeek 500InformationWeek 500 ConferenceInformationWeek AnalyticsInformationWeek CIO
    InformationWeek EventsInformationWeek ReportsInformationWeek MagazinebMightyByte and SwitchDark Reading
    Digital LibraryIntelligent EnterpriseInternet EvolutionNetwork ComputingNo Jitter
    space
    Techweb Events Network
    InteropVoiceConWeb 2.0 ExpoWeb 2.0 SummitEnterprise 2.0 ConferenceMobile Business ExpoSoftware ConferenceCSI - Computer Security Institute
    Black HatGTECEnergy CampMashup CampStartup Camp
    space
    Light Reading Communications Network
    Light ReadingLight Reading EuropeUnstrungLight Reading's Cable Digital NewsConstantinopleInternet Evolution
    Heavy ReadingLight Reading Live!Light Reading InsiderEthernet ExpoOptical ExpoTeleco TVTower Technology Summit
    space
    Financial Technology Network
    Advanced TradingBank Systems & TechnologyInsurance & TechnologyWall Street & TechnologyAccelerating Wall StreetBank Systems & Technology Executive SummitBuyside Trading SummitInsurance & Technology Executive Summit
    space
    Microsoft Technology Network
    MSDN MagazineTechNetThe Architecture Journal
    space