OpenPages on Jan. 30 announced the availability of OpenPages ORM, its new risk management technology that allows companies to prevent unexpected outcomes by identifying, monitoring and measuring controllable factors through tracking and analysis techniques.
Combining quantitative and qualitative methodology into an integrated software offering, OpenPages ORM pushes better understanding and increased visibility of risk across an enterprise through document and process management procedures. Component areas of the new tool include risk/control self-assessment, loss event tracking, key risk indicators, and risk analysis/reporting, according to Pat OBrien, director of product management for OpenPages.
In terms of product development, OpenPages is building a new tool called OpenPages ITG that focuses on IT Risk Management. The product will be available around September. In 2007, customers can expect to see a new strategic risk management offering from OpenPages designed to help companies measure their performance versus their business plans.
Organizations can have difficulty getting their arms around operational risk factors such as escalating business costs, regulatory requirements and changing workflow parameters. Typically, many ORM (operational risk management) functions are spread across a company within different business units featuring disparate systems, spreadsheet models, or homegrown database and applications.
Kathleen Wilhide, research director for Framingham, Mass.-based IDC, said large numbers of customers are getting serious about ORM as an extension of large amounts of man hours poured into data and records housekeeping efforts attached to compliance mandates, such as the Sarbanes Oxley Act of 2002, and discovering operations arent going as expected.
“If youre going to monitor [internal] controls, it should be monitored in a bigger scope,” said Wilhide. “A lot of times companies put performance indicators in place, and theyre really not assigning any type of risk for performance indicators. [OpenPages ORM] is just one more way of screening out whats important.”
By allowing an organization to monitor risk, the OpenPages ORM software enables organizations to asses their “appetite” for risk and determine when to take action, as opposed to carrying out a historical view of managing risk, she said.
“Organizations are drowning in information right now and in obvious ways software can help them see through that information and bring to the surface whats really relevant. Enterprise risk is just an important part of focused performance management,” Wilhide said.
The risk/control self-assessment aspect of OpenPages ORM pertains to document internal control systems. It can involve key business processes such as Human Resources, IT, and Sales, or break down parameters by individual product lines to determine what risks and controls are in place and how to measure areas where potential exposure to risk lies.
Loss event tracking determines why specific losses or near misses occurred, and links that back to the associated risk that materialized. The component also points out why a control failed, where the weak link is in the process, how it can be rectified, and more.
Key risk indicators are early warnings that highlight that a risk may occur and outline steps to take before an indicator moves over a desired threshold. For instance, the software could track employee absenteeism rates and associate that with whether manufacturing output or product quality could suffer as a result, OBrien said.
Risk analysis/reporting shows loss by business unit or type and provides analytics for calculating risk exposure. Heat maps to identify key risk areas and trend analysis reports are enabled to lock down any potential holes in an ORM plan.