IBM deepens focus on governance, risk management

IBM Corp. has become the latest IT vendor to talk up its strategy around IT governance and risk management software and services, a key area that’s grown in importance for users struggling to comply with a rising tide of mandated regulations and rapidly changing business environments.

IBM unveiled several new and enhanced products on Tuesday, some incorporating technologies the company has bought, notably the Netcool software from its purchase of network management specialist Micromuse in February 2006. Other acquisitions have also helped IBM beef up its governance and risk management (GRM) offerings such as the purchases of Internet Security Systems, compliance and auditing technology vendor Consul and enterprise content management company FileNet.

Over the past year, companies such as SAP AG and Oracle Corp. have been establishing their own governance, risk and compliance (GRC) business units basing their efforts on the acquisitions of Virsa Systems and Stellent, respectively. With many customers citing improvement of their current GRC software as a key IT challenge, vendors are rushing to provide the necessary technology.

“Business is moving at warp speed and customers need help in dealing with the rate of change in their industry, to take advantage of it and to respond to new competition,” said Kris Lovejoy, director, GRM strategy at IBM. Chief information officers (CIOs) need better control of their IT systems and to ensure those systems are aligned to their business needs, she added.

In discussions with hundreds of CIOs, IBM identified the triggers the executives had to deal with in their companies, for example, the ability to respond quickly to a request for legal discovery, Lovejoy said. Then, the vendor worked to come up with software and services to meet those needs, either developing them in-house or acquiring them.

Later this year, IBM will highlight other pieces of its GRM portfolio, including the InSight dashboard it acquired through the purchase of Consul, she added.

The Philadelphia Stock Exchange (PHLX) started looking at how to automate the review of systems logs for potential authorized changes, as well as for access, about eight years ago, according to Bernie Donnelly, vice president of quality assurance and control at the exchange. Four years later, PHLX also began work to become a public company and started voluntarily complying with the Sarbanes-Oxley rules governing U.S. public companies.

The exchange has been an IBM customer for 30 years and has been using Consul’s risk management software for 20 years. Donnelly described IBM’s acquisition of Consul as “a great marriage” in an e-mail response to questions. “The new tools from IBM will allow us to monitor and track compliance over a multiplicity of systems and provide a dashboard for senior management to get a sense of the state of compliance,” he added.

Among the new or recently announced IBM products are several dashboards including a suite of asset-based services dubbed The Business of IT Dashboard. Based on IBM’s Tivoli Netcool technology, the software enables customers to assess, monitor and manage their current GRM tools.

Being able to better manage risk is a key criteria for PHLX.

“The exchange is a Self Regulatory Organization and the Securities and Exchange Commission has regulatory oversight for equity and derivative products, and the Commodity Futures Trade Commission has regulatory oversight for Futures products,” Donnelly wrote. “As a result we are constantly reviewing for process improvements, compliance, and risk management.”