Christine Ferrusi Ross Michael Rasmussen
Transcript of Christine Ferrusi Ross Michael Rasmussen
Which Consultants Can Do Enterprise Risk Management Consulting?Christine Ferrusi Ross Michael Rasmussen
Principal Analyst Vice President
Forrester Research
November 4, 2005. Call in at 10:55 a.m. Eastern Time
2Entire contents © 2005 Forrester Research, Inc. All rights reserved.
What is driving enterprise risk management (ERM)?
GovernanceCorporate
disasters
Regulatory
actions
3Entire contents © 2005 Forrester Research, Inc. All rights reserved.
Risk and compliance drivers and trends• Key drivers: Organizations face mounting pressures driving
them toward a structured approach to enterprise risk and compliance management.
» Multiplicity of risk
» Increased accountability
» Fragmentation and duplication of effort
• 2005 trends: These drivers result in the following 2005 trends in risk and compliance management as organizations begin to build their approach to risk and compliance management.
» Adoption of an ERM framework
» Managed and measured compliance
» Tool consolidation and integration
» Integration into enterprise architecture
» Establishment of a chief risk officer
4Entire contents © 2005 Forrester Research, Inc. All rights reserved.
Risk and compliance must respond to numerous pressures
Org
5Entire contents © 2005 Forrester Research, Inc. All rights reserved.
OCEG compliance framework
governance
competitive practices
employment
financial assurance/anti-fraud
information management
international dealings
workplace health/safety
environmental
product quality/safety
government dealings (USA)
intellectual property
Illustrative Example
Employment domain supplements
• Compensation
• Executive Compensation
• Workplace Violence Benefits
• Anti-Harassment
• Anti-Discrimination
• Contingent Workforce
• Hiring/Retention
• Termination/Reduction
• Employment information privacy
• Accommodation/leave
• Labor/collective bargaining
• Global mobility/immigration
• Anti-Retaliation/Whistleblowing
• Employment torts
• Finance/Banking
• Insurance
• Biotechnology
• Automotive
• Chemical
• Telecom/Tech
• Oil/Gas
• Healthcare
• Higher Education
• Pharmaceutical
• Utility
• Others . . .
6Entire contents © 2005 Forrester Research, Inc. All rights reserved.
ERM as defined by COSO
► “Enterprise risk management providesa framework for management to effectively deal with uncertainty and associated risk and opportunity, and thereby enhance its capacity to build value.”
7Entire contents © 2005 Forrester Research, Inc. All rights reserved.
Reactive or managed risk management
Responding to risk
Desired state
Current state
Market
Operations
Credit
Compliance
Risk-ignorant
Managed risk
Risk-aware
Gaps
8Entire contents © 2005 Forrester Research, Inc. All rights reserved.
How we graded ERM consultants
9Entire contents © 2005 Forrester Research, Inc. All rights reserved.
The Forrester Wave™: Enterprise Risk Management Consultants
10Entire contents © 2005 Forrester Research, Inc. All rights reserved.
Details behind the ERM Consultants Wave
11Entire contents © 2005 Forrester Research, Inc. All rights reserved.
BearingPoint
12Entire contents © 2005 Forrester Research, Inc. All rights reserved.
BearingPoint is best suited for engagements focusing on specific risks
• ERM service offering is strong in specific silos of risk management but is limited in its ability to articulate a broad ERM vision.
• This means that the service is an especially good fit for buyers who:
» Need help with specific risk areas.
» Require integration of risk management into the technology architecture.
13Entire contents © 2005 Forrester Research, Inc. All rights reserved.
Deloitte
14Entire contents © 2005 Forrester Research, Inc. All rights reserved.
Deloitte is best suited for defining ERM strategy and governance
• ERM service offering is strong in ERM strategy and governance consulting but shows limitations in its ability to integrate ERM into the technical infrastructure.
• This means that the service is an especially good fit for buyers who:
» Require interaction on ERM with executives and the Board.
» Have to develop an overall ERM strategy.
» Need industry-specific ERM guidance.
15Entire contents © 2005 Forrester Research, Inc. All rights reserved.
IBM
16Entire contents © 2005 Forrester Research, Inc. All rights reserved.
IBM is best suited for ERM technology integration
• ERM service offering is strong in technology services and future direction/growth plans but requires further growth in its strategy and organizational consulting offering for ERM.
• This means that the service provider is an especially good fit for buyers who:
» Require ERM to get operationalized into the technology infrastructure.
» Want strong client references/satisfaction.
17Entire contents © 2005 Forrester Research, Inc. All rights reserved.
PricewaterhouseCoopers
18Entire contents © 2005 Forrester Research, Inc. All rights reserved.
PricewaterhouseCoopers is best suited for strategy and risk taxonomy
• ERM service offering is strong, particularly in ERM strategy and risk taxonomy/framework, but lacks a significant technology advisory practice around ERM.
• This means that the service is an especially good fit for buyers who:
» Require thought leadership around ERM.
» Need implementation of an ERM strategy.
19Entire contents © 2005 Forrester Research, Inc. All rights reserved.
Protiviti
20Entire contents © 2005 Forrester Research, Inc. All rights reserved.
Protiviti is best suited for ERM operations development
• ERM service offering is strong, particularly in risk taxonomy, ability to implement ERM operations, and knowledge management. However, Protiviti has relatively limited market presence.
• This means that the service is an especially good fit for buyers who:
» Are looking for a strong source of ERM thought leadership and shared knowledge.
» Are looking for operational implementation of an ERM program.
21Entire contents © 2005 Forrester Research, Inc. All rights reserved.
Other risk management players
• The market is broader than what we covered:
» Big 4: Ernst & Young, KPMG
» Systems Integrators: Accenture, CSC, HP, EDS
» Mid-tier audit firms: BDO Seidman, Grant Thornton
» Boutique specialists: Jefferson Wells, OpRisk Advisory, Fair Isaacs, Paisley Consulting
22Entire contents © 2005 Forrester Research, Inc. All rights reserved.
Parting thoughts . . .
• Despite how vendors scored, it still gets down to the project team working for your organization.
“Individual client experience will vary depending on the specific team assigned to your engagement.”
23Entire contents © 2005 Forrester Research, Inc. All rights reserved.
Michael Rasmussen
Christine Ferrusi Ross
www.forrester.com
Thank you