Enterprise Risk and Governance: Trends, Vendors, and Market Outlook
Abstract
Celent expects that global IT spending associated with governance, operational risk, and compliance activities will increase at a CAGR of 6.6% overall, from US$1.4 billion in 2008 to $1.7 billion in 2011.
The financial crisis dealt a massive blow to the banking and capital markets sectors, but now presents an opportunity for change. Leading up to the credit crisis, risk managers were able to recognize established risks, but not necessarily emerging risks or risks in tandem, because risk management frameworks evolved either to mitigate each risk separately or to handle risk in business silos. At the same time, although operational risk management in theory connects three dimensions on which businesses run (people, processes and technology), it was too loosely intertwined with transactional, control and other risk management mechanisms to be effective. This resulted in the gross oversight of enterprisewide risk, which failed to take into account the relationship between different risks and risks associated with various lines of businesses.
Firms currently stand at a crossroads: react to put in place short-term risk solutions or look towards sustainable change. More and more, it seems like the former is becoming less of an option. Investors, regulators and customers are ready to reward firms that not only say what they do, but also practice what they preach. At the same time, the penalties for failure become higher and more costly.
As we step into a new phase of industry reforms, governance and operational risk issues should take a seat at the table in terms of senior management scrutiny. Coordinated approaches to GRC, ERM and ORM practices are now mandated to help companies reduce their risk exposure, while the availability of more mature and flexible next generation vendor solutions are now being positioned to enable firms to adopt an 'out of the box' approach to replacing/consolidating in-house tools. At the same time, the high degree of configuration and single ‘risk & compliance’ approaches associated with these solutions help reduce technology customization and control the costs associated with risk reviews, audit and risk management operations.
From an operational risk and governance technology solution perspective, the forces of consolidation are not relenting, and the market will consolidate further.
"There is now a 'get big or get out' theme at play. Firms and vendors need to position themselves accordingly in terms of purchasing or developing solutions," says Cubillas Ding, Celent senior analyst and author of the report. "Significant investments are required in an end-user market which is increasingly sophisticated in its demands. At the same time, requirements are broad and relatively diverse depending on the flavour of regulation, industry standards employed, and the organization's degree of balance between risk and controls."
This report provides up-to-date and detailed research and analysis into operational risk and governance practices, emerging supply and demand dynamics in the solution marketplace, and the implications for vendors and firms. It also highlights IT spending forecasts, solution strategies, key learnings, and recommendations in the areas of governance, operational risk and compliance, especially from a technology and data perspective.