Gartner Blog Network


Operational Risk Management Solution Ratings Now Available

by John A. Wheeler  |  February 20, 2016  |  2 Comments

The first Critical Capabilities for Operational Risk Management (ORM) Solutions (restricted to Gartner clients only) published this week along with the roll-out of our new Peer Insights for Risk Management Solutions (RMS) customer software review online survey tool. ORM Solutions have matured beyond industry- and regulatory-specific requirements to offer a wide range of capabilities. They’re now the foundation of integrated GRC strategies, and risk managers can evaluate market leading ORM solution providers using our interactive Critical Capabilities research to assess their options. The five capabilities that are rated within our research are:

Risk and Control Documentation / Assessment

Features within this capability include:

  • Risk-related content, including a risk taxonomy/library, key risk indicator (KRI) catalog, regulatory compliance updates and so on
  • Risk assessment methodology and calculation capabilities (for example, bow tie risk assessment)
  • Documentation authoring, versioning and approval
  • The ability to integrate with purpose-built risk systems, such as business continuity management (BCM) planning, IT risk management (ITRM), IT vendor risk management (VRM), corporate compliance and oversight (CCO), enterprise legal management (ELM), and audit management

Incident Management / Loss Event Capture and Analysis

Features within this capability include:

  • An external risk event repository
  • Incident management workflow (review, escalate, investigate, resolve, dispose) and reporting
  • Root cause analysis

Risk Mitigation Action Planning

When operational risks are assessed to be beyond defined risk tolerance levels, action plans must be developed to ensure that the appropriate mitigation steps are taken to meet the operational risk appetite set by the board of directors or other governance body. OpRisk solutions can provide support to risk professionals and business leaders in managing the associated risk mitigation efforts. Features within this capability include:

  • Project management capabilities to track progress on risk-related initiatives or tasks
  • Risk control testing capabilities, such as continuous control monitoring
  • Control mapping to risks and business processes
  • Control mapping to compliance mandates
  • Business process mapping to IT assets

KRI Monitoring / Reporting

Features within this capability include:

  • Risk scorecard/dashboard capabilities
  • The ability to link KRIs to performance metrics

Risk Quantification and Analytics

Features within this capability include:

  • “What if” risk scenario analysis capabilities
  • Statistical modeling capabilities (for example, Monte Carlo simulation, value at risk, Bayesian statistical inference and so on)
  • Predictive analytics
  • Capital allocation/calculation
  • Fraud detection capabilities

In addition, customers of solution providers can now provide their product reviews via Gartner Peer Insights. I highly encourage solution providers to advocate the use of Gartner Peer Insights with their current customers. Gartner Peer Insights provides a way for your organization to collect candid customer feedback and for technology decision makers to learn about your products and services. Here’s a video explaining the power of Gartner Peer Insights:

 

Category: cyber-risk  cyber-security  digital-risk  grc  information-security  information-technology  risk-management  trends-predictions  

Tags: grc  operational-risk  operational-risk-management  oprisk  risk-management  

John A. Wheeler
Research Director, Integrated Risk Management
6 years at Gartner
28 years IT Industry

John A. Wheeler is a Research Director with responsibility for leading analyst coverage of integrated risk management (IRM) technology solutions and professional services. His areas of specialty include risk management, executive leadership and corporate governance. Follow him on Twitter @JohnAWheeler Read Full Bio


Thoughts on Operational Risk Management Solution Ratings Now Available


  1. […] EMC (RSA) has been positioned in the leader’s quadrant in three Gartner Magic Quadrants: Operational Risk Management, IT Risk Management and IT Vendor Risk […]



Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.