press room

Risk-based Approach, Enterprise-wide View of Risks Critical in Face of New Risk and Regulatory Oversight

Waltham, Mass — June 9, 2009

News Facts

* In response to the New Era of Risk ManagementTM in which global businesses are currently operating, OpenPages, the leading provider of integrated risk management solutions for global companies, today unveiled ten best practices to help companies appropriately prepare for a new era of risk and regulatory oversight.

* Following the release of the bank stress test results, Gordon Burnes, VP of Marketing at OpenPages, commented in a blog post that while the tests served as a good indication that banks are in the rebuilding process, the tests did not assess banks’ abilities to identify and manage risk moving forward. These capabilities will be essential ingredients for success in 2009 and beyond.

* OpenPages customers are building on a platform to take the next step in their risk management efforts. The following steps represent immediate actions OpenPages customers are taking and serve as guidance for others to ensure that their organizations are prepared to face new risk and regulatory demands:
      o Conceptualize and design a company-wide risk management process – Adopt a risk-based approach to enterprise governance, building it into the company’s
        management processes, involving all lines of business and levels of management
      o Make risk management everyone’s responsibility – Ensure all line and staff managers recognize their ownership of risk, with a commitment to effective risk
        identification, analysis and management in their spheres of responsibility
      o Ensure executive management engagement – In addition to executive management driving implementation and functioning of the risk management process, require
        managers throughout the organization to communicate with direct reports in setting risk tolerance levels
      o Instill risk management in business culture – Foster a risk-aware culture, bringing risk-based policies to life through ongoing leadership, education, communication
        and support
      o Provide risk management a seat at the table – Ensure that the risk management function has a direct line to the C-suite, providing monitoring and support
      o Make risk management part of the incentive system – Build risk management performance into human resource processes, included in stated goals and
        incentives, and measured in performance assessments
      o Share risk knowledge – Capture relevant information on risk exposures, and communicate where needed across the organization to address cross-functional
        impacts and support decision-making
      o Gain a portfolio view of risk – Build a perspective of risk at the enterprise level, enabling senior management to focus on the most critical and cumulative risks to
        the organization, measured against the company’s risk appetite
      o Leverage technology solutions – With greatly improved efficiencies and reduced costs of risk-based support systems, gain the benefits of technology as
        foundational support and enabler for an effective enterprise risk management process
      o Engage the board of directors – Provide critical information to the board (or responsible board committee) on the company’s risk management process, significant
        risks and mitigation plans, and portfolio view of risk in relation to the agreed risk appetite

Supporting Quote from Michael J. Duffy, President & CEO, OpenPages

“The New Era of Risk Management is upon us, and companies are adjusting their approach to risk management accordingly. Just as we saw in the aftermath of Sarbanes-Oxley, companies that were ready to face new regulatory demands were in a much more favorable position than those who took a wait-and-see approach. The ten best practices represent activities that OpenPages customers are pursuing and serve as valuable considerations for others that are grappling with how to most effectively prepare for what’s to come.”

Supporting Quote from Michael Rasmussen, President, Corporate Integrity

“To manage risk effectively in an organization requires multiple inputs and methods of modeling and analyzing risks. This requires information gathering – risk intelligence – so that the organization can have a full perspective of risk and make ‘wise’ decisions (something more than just intelligence gathered from information overload delivers). This involves taking external and internal perspectives and modeling risk in relational diagrams, decision trees, heat maps, or even quantitative models involving monte carlo or value/capital at risk simulations. As organizations improve enterprise, operational, or other risk management programs, it is important that they build this 360-degree multi-perspective risk analysis framework that allows an organization to think outside the box and look at risk from a variety of perspectives.’

Supporting Quote from Rick Steinberg, Founder and CEO of Steinberg Governance Advisors

“In today’s environment, in addition to dealing with the immediacies of a troubled economy, senior managements and boards of directors are focusing sharply on how their companies identify and manage risk – risk of all types having the potential to derail critical business initiatives. Many are now looking to strengthen their risk-based processes, expanding their scope and reach throughout the organization and ensuring effective communication to and with the board. Done right, not only are potential dangers dealt with proactively, but opportunities are identified to advance strategic objectives for enhanced growth, return and share value.”

Supporting Quote from George Westerman, Research Scientist, Center for Information Systems Research, MIT Sloan School of Management and author of the book “IT Risk: Turning Business Threats Into Competitive Advantage”

“As businesses rethink their approach to risk management, many are realizing that IT Risk is a fundamental aspect of business risk. One of the three key risk management disciplines IT organizations must adopt is the risk governance process: being able to identify, prioritize and manage IT risks in language that all executives can understand. Solutions like OpenPages provide a risk governance platform that can help IT organizations instill a risk-based approach to managing their business.”

About OpenPages
OpenPages is the leading provider of integrated risk management solutions for global companies. OpenPages’ solutions empower a risk-based approach to identify and manage key business risks across the enterprise. This approach enables companies to focus on what’s important and to avoid unexpected outcomes while improving performance. Founded in 1996, the company is headquartered in Waltham, Massachusetts, with an international office in the United Kingdom, and regional offices throughout North America.