Magic Quadrant for Operational Risk Management Software for Financial Services
The use of ORM software by financial services firms requires capabilities beyond generic audit, control and compliance applications. In addition to qualitative self-assessment capabilities, leading institutions are seeking solutions that support quantitative, performance-based models.
WHAT YOU NEED TO KNOWOperational risk is an all-inclusive term that covers front-office (for example, customer and supplier-facing) processes, as well as back-office activities. Exposure to operational risk is inherent in all business processes and IT operations. Operational risk relates to the uncertainty of daily tactical business activities and risk events resulting from inadequate or failed internal processes, people or systems, or from external events. The Basel II Capital Accord (Basel II) created by the Bank of International Settlements requires banks to align their capital adequacy assessments with underlying risk exposures to determine the adequacy of their capital reserves. Basel II is more risk-sensitive and risk-specific than Basel I. It specifically includes operational risk in risk capital calculations and deliberately links the provision of capital to risk measurement and management activities for all aspects of business.
Magic Quadrant for Enterprise Governance, Risk and Compliance Platforms
The market for enterprise governance, risk and compliance platforms is evolving from a focus on regulatory compliance to include risk management, audit management and policy management. It is dominated by best-of-breed vendors.
WHAT YOU NEED TO KNOWThis document was revised on 9 July 2008. For more information, see the Corrections page on www.gartner.com.
The Gartner Magic Quadrant for enterprise governance, risk and compliance (EGRC) platforms presents a global view of Gartner's assessment of the main software vendors that should be considered by organizations seeking a technology solution to support the oversight and operation of enterprisewide risk management and compliance programs. Buyers should evaluate vendors in all four quadrants. Those from the Niche Players and Visionaries quadrants are driving innovation in areas such as business process modeling of controls and risks, business rules for compliance, and knowledge bases for risk management and compliance. Challengers often have expertise in a particular industry, and are developing more-horizontal solutions or advancing their functionality across a range of GRC functions. Leaders have proven GRC functionality in all four primary GRC management (GRCM) functions – audit management, compliance management, risk management and policy management – and they have executed horizontally across several industries.