Christine Ferrusi Ross Michael Rasmussen

transcript

Which Consultants Can Do Enterprise Risk Management Consulting?Christine Ferrusi Ross Michael Rasmussen

Principal Analyst Vice President

Forrester Research

November 4, 2005. Call in at 10:55 a.m. Eastern Time

What is driving enterprise risk management (ERM)?

GovernanceCorporate

disasters

Regulatory

actions

Risk and compliance drivers and trends• Key drivers: Organizations face mounting pressures driving

them toward a structured approach to enterprise risk and compliance management.

» Multiplicity of risk

» Increased accountability

» Fragmentation and duplication of effort

• 2005 trends: These drivers result in the following 2005 trends in risk and compliance management as organizations begin to build their approach to risk and compliance management.

» Adoption of an ERM framework

» Managed and measured compliance

» Tool consolidation and integration

» Integration into enterprise architecture

» Establishment of a chief risk officer

Risk and compliance must respond to numerous pressures

OCEG compliance framework

governance

competitive practices

employment

financial assurance/anti-fraud

information management

international dealings

workplace health/safety

environmental

product quality/safety

government dealings (USA)

intellectual property

Illustrative Example

Employment domain supplements

• Compensation

• Executive Compensation

• Workplace Violence Benefits

• Anti-Harassment

• Anti-Discrimination

• Contingent Workforce

• Hiring/Retention

• Termination/Reduction

• Employment information privacy

• Accommodation/leave

• Labor/collective bargaining

• Global mobility/immigration

• Anti-Retaliation/Whistleblowing

• Employment torts

• Finance/Banking

• Insurance

• Biotechnology

• Automotive

• Chemical

• Telecom/Tech

• Oil/Gas

• Healthcare

• Higher Education

• Pharmaceutical

• Utility

• Others . . .

ERM as defined by COSO

► “Enterprise risk management providesa framework for management to effectively deal with uncertainty and associated risk and opportunity, and thereby enhance its capacity to build value.”

Reactive or managed risk management

Responding to risk

Desired state

Current state

Market

Operations

Credit

Compliance

Risk-ignorant

Managed risk

Risk-aware

How we graded ERM consultants

The Forrester Wave™: Enterprise Risk Management Consultants

Details behind the ERM Consultants Wave

BearingPoint

BearingPoint is best suited for engagements focusing on specific risks

• ERM service offering is strong in specific silos of risk management but is limited in its ability to articulate a broad ERM vision.

• This means that the service is an especially good fit for buyers who:

» Need help with specific risk areas.

» Require integration of risk management into the technology architecture.

Deloitte

Deloitte is best suited for defining ERM strategy and governance

• ERM service offering is strong in ERM strategy and governance consulting but shows limitations in its ability to integrate ERM into the technical infrastructure.

» Require interaction on ERM with executives and the Board.

» Have to develop an overall ERM strategy.

» Need industry-specific ERM guidance.

IBM is best suited for ERM technology integration

• ERM service offering is strong in technology services and future direction/growth plans but requires further growth in its strategy and organizational consulting offering for ERM.

• This means that the service provider is an especially good fit for buyers who:

» Require ERM to get operationalized into the technology infrastructure.

» Want strong client references/satisfaction.

PricewaterhouseCoopers

PricewaterhouseCoopers is best suited for strategy and risk taxonomy

• ERM service offering is strong, particularly in ERM strategy and risk taxonomy/framework, but lacks a significant technology advisory practice around ERM.

» Require thought leadership around ERM.

» Need implementation of an ERM strategy.

Protiviti

Protiviti is best suited for ERM operations development

• ERM service offering is strong, particularly in risk taxonomy, ability to implement ERM operations, and knowledge management. However, Protiviti has relatively limited market presence.

» Are looking for a strong source of ERM thought leadership and shared knowledge.

» Are looking for operational implementation of an ERM program.

Other risk management players

• The market is broader than what we covered:

» Big 4: Ernst & Young, KPMG

» Systems Integrators: Accenture, CSC, HP, EDS

» Mid-tier audit firms: BDO Seidman, Grant Thornton

» Boutique specialists: Jefferson Wells, OpRisk Advisory, Fair Isaacs, Paisley Consulting

Parting thoughts . . .

• Despite how vendors scored, it still gets down to the project team working for your organization.

“Individual client experience will vary depending on the specific team assigned to your engagement.”

Michael Rasmussen

mrasmussen@forrester.com

Christine Ferrusi Ross

cross@forrester.com

www.forrester.com

Thank you

Christine Ferrusi Ross Michael Rasmussen

Business