It’s not an accident that risk and compliance are steadily gaining ground as concerns in the IT industry in light of the financial and regulatory scandals over the past decade. Companies are increasingly turning to enterprise software to help with these problems. But, as Forrester points out in a recent paper, software without planning is just an unnecessary financial burden.

The paper, entitled Navigate the Future of Compliance and Risk Management, argues that even without the financial scandals better compliance was going to be necessary.

Increased regulation saw, for example, the introduction of the Sarbanes-Oxley Act, while the continuous development of malware, like the recent Flame worm, means that security is still a major problem.

An interesting figure emerged recently from a survey by Accenture, which the Forrester report cites, indicating that 45% of executives report that their company has a chief risk officer, up 33% from just two year prior to that.

This was underlined by Forrester’s own research across 1,800 business decision makers, 25% of whom listed a tougher regulatory environment as one of their primary IT issues.

The Role of Risk Professionals

Not the first time we have heard this, you’ll admit, but what does that mean? What exactly do risk professionals do? And more to the point, what are they doing anywhere near IT departments?

Before looking at this, we are not here to promote risk professionals, but simply to point out that many companies now have one.

First thing to say about this is that risk professionals are responsible for the risk and compliance management of a company including their risk and compliance software.

Generally speaking, while this this kind of software is probably good for some companies, the implementation of these kind of solutions could be happening too quickly (we never thought we’d ever say that about any software package here!).

According to Forrester, it takes a high degree of discipline and strong execution to run risk and compliance programs on the broad scale currently asked of them. The conclusion from this is that businesses need to look ahead at how business and expectation of IT risk management are changing.

Navigating Business Change

For risk managers, what does this mean? The problem is that the problem is not always the same; in fact, it changes all the time. Risk managers are supposed to enable businesses to meet their maximum potential without having to worry about the nasty side of software.

To do this, they have to understand how business parameters and goals are changing. According to Forrester, three major business trends will have a serious impact in this respect over the next five years:

  • Individuals and Power
  • Exposed organizations
  • Business Complexity

Individuals and Power

The problem is that, once you get a disgruntled employee into your network, you potentially have a serious problem. The list of rogue traders, for example, is a long one, with a rogue trader at UBS costing the company US$ 2.3 billion in losses.