Abstract>

Optimized Enterprise Risk Management


Carl Abrams and Jürg von Känel and Samuel Müller and Birgit Pfitzmann and 
Susanne Ruschka-Taylor

As the result of the increasing costs of risk and compliance activities, 
enterprises are beginning to integrate compliance and risk management into 
a comprehensiveenterprise risk management function and thus proactively 
address all sorts of risk, including operational risk and the risk of 
noncompliance. We present the IBM Research enterprise risk management 
framework, designed to address risk and compliance management in a strategic, 
 integrated, and comprehensive manner. We demonstrate how enterprises evolve 
along an enterprise-risk-management maturity continuum from a state of mere 
penalty avoidance through a state of improvement until they finally reach a 
state of continuous, risk-based transformation. We then explain our high-level 
 model of the enterprise and its environment and describe the central issues, 
systems, models, and technologies involved. We conclude by presenting the 
tactical steps necessary to successfully launch enterprise risk management in 
accordance with our framework.