IBM has announced its intention to acquire OpenPages, a privately held, Massachusetts-based software company focused on governance, risk and compliance (GRC). I noted that after the deal finishes, the business will reside within IBM’s analytics group rather than in document management; this arrangement signals IBM’s intention to integrate its collaboration and communications around performance management (and achieve a fusion of text and data) and sharpen the ability of OpenPages to get an audience with finance and IT organizations, which are mainstays of IBM’s business analytics efforts after its acquisitions of Cognos, SPSS and others.
As I’ve noted, the acronym “GRC” was popularized by IT industry analyst firms in the wake of the Sarbanes-Oxley Act to establish a revenue-generating category. Given this self-serving origin, it’s not surprising that it took the market most of the past decade to begin to catch up to the initial hype. But it is catching up. I think that the “risk” aspect will continue to be the biggest driver of the enterprise GRC market because most compliance requirements are addressed by focused point solutions and “governance” is an amorphous concept that is mainly addressed by risk and compliance management applications.
The active side of enterprise risk management involves identifying the important risks that an organization faces and ensuring that people understand what they are and their potential impacts. Organizations must become able to measure when the probability of a risk event passes a certain threshold. They also need to establish plans for preventing undesirable events from occurring or mitigating the impacts if they do. Having the ability to collaboratively create, update and revise documents is a big part of managing risks because too often this sort of knowledge is tacit and not easily shared.
I believe the biggest opportunity in enterprise compliance management is in documentation, especially in the fusion of text and data for the creation of internal and external reports. An important piece of compliance efforts is to create accurate and complete documents that declare that an organization has homologated regulatory requirements and with them an evidence trail that demonstrates sufficient diligence in these efforts. This alone has real value to many large and some midsize companies. It’s useful to the finance department, which must file Sarbanes-Oxley and other regulatory documents. But I think it also has value in creating internal reports that may have a bearing on any future compliance issues (especially if these require the fusion of text and data).
The acquisition of OpenPages has the potential to pay off since IBM has greater sales and marketing muscle, an established banking practice (where OpenPages has an established risk management presence) and the resources to extend the existing product to take advantage of the IBM software portfolio in ways that were unavailable to the stand-alone company. On this last point, once the transaction is completed, I would expect to hear a lot more about specific product-extension and services plans and how a range of IBM’s analytics and other capabilities will help expand the portfolio. This is an important step for IBM to acquire technology it can build upon and use to compete better against Oracle and SAP, which have well-established GRC products.
Robert D. Kugel CFA – SVP Research