@TechReport{	  abrams.ea:optimized:2006,
  abstract	= {Today's enterprises face the daunting task of complying
		  with an increasing number of intricate and constantly
		  evolving laws and regulations. While some individual
		  regulations such as Basel II or the USA Patriot Act
		  necessitate the use of risk-based approaches to achieve
		  compliance, the heightened cost and risk of compliance
		  activities have resulted in a general tendency of
		  enterprises to integrate compliance management and risk
		  management into a comprehensive enterprise risk management
		  function. Enterprises are thus proactively addressing all
		  sorts of risk, including operational risk and the risk of
		  non-compliance.In this paper, we present IBM Research's
		  Enterprise Risk Management Framework that addresses risk
		  and compliance management in a strategic, integrated and
		  comprehensive manner. In accordance herewith, we
		  demonstrate how enterprises evolve along an Enterprise Risk
		  Maturity Continuum from a state of mere penalty avoidance
		  on to a state of improvement until they finally reach a
		  state of continuous, risk-based transformation. We then
		  delineate our big picture model of the enterprise and its
		  environment and give a detailed description of the central
		  issues, systems, models, and technologies involved. We
		  conclude our discussion by describing the necessary
		  tactical steps in order to successfully launch enterprise
		  risk management in accordance with our framework.},
  author	= {Carl Abrams and J\"urg von K\"anel and Samuel M\"uller and
		  Birgit Pfitzmann and Susanne Ruschka-Taylor},
  institution	= {IBM Research},
  language	= {USenglish},
  month		= {August},
  number	= {RZ 3657},
  title		= {Optimized Enterprise Risk Management},
  year		= 2006,
  user		= {sml}
}