The headline “Microsoft Buys Enterprise Risk Management Software Vendor” caught my eye, immediately bringing thoughts of how we may be on the verge of enabling participation of the average employee in enterprise risk management. Here comes ERM solutions to the desktop, mobile ERM, or maybe risk analytics built into every Microsoft application. No. Turns out it is just another overly broad use of the term "enterprise risk management."
With its acquisition of Prodiance, Microsoft is initially carrying over the company’s marketing value statement positioning itself as an enterprise risk management solution. It was a fair use of the term for a startup company seeking to stake a claim in a broader market trend for investors, but Microsoft will have to qualify this positioning with more specific marketing language and risk management vocabulary.
The Prodiance Enterprise Risk Manager System provides risk tools to audit and manage the lifecycle of “mission critical” spreadsheets and Access databases. Mission critical spreadsheets are defined as those used in financial reporting, management reporting, book closings, account reconciliations, revenue recognition, consolidation, tax cycle, risk and uncertainty analysis, cash flow analysis, actuarial processes, underwriting, trading operations, and other business analysis. The software enables internal controls to mitigate errors, improve compliance and transparency, increase audit efficiency, prevent fraud, and otherwise help meet regulatory requirements for data management.
Broad enterprise management platform providers like SAP and Oracle, and the more pure-play enterprise risk management software vendors like MetricStream, IBM OpenPages, and Risk Shield will take exception to Prodiance’s claims to be an ERM solutions provider, but we can offer some latitude in their use of the term as they offer an enterprise-wide solution.
The upside of the broader use of "ERM" in value statements is marketing managers are validating the significance of enterprise risk management solutions among corporate decision makers. Risk management is increasingly associated with efficiency and value enhancement beyond merely setting governance structures or meeting regulatory requirements.
On the downside, overly broad use of the terms “risk management” and “enterprise risk management” does not help the educational efforts of risk managers challenged with building effective communication about enterprise risks. A precise definition of enterprise risk management solutions can be useful for obtaining the financial resources to advance their efforts.
Risk management principles should spread across all business functions and business processes, including the management of information risks which Microsoft's newly acquired Prodiance addresses. At the same time, the term "enterprise risk management" should be reserved for the risk software solutions that address a broader set of corporate risks.
Risk management companies offering services and software can improve market clarity by qualifying their offerings using the following market segment parameters:
- The risk source categories addressed.
- The risk management processes supported.
- The business functions served within the enterprise.
- The industries served by their product or service.
Prodiance's offering in Intelligent Management Trends’ risk market taxonomy is categorized as an information risk management and regulatory risk management software product that identifies, monitors, and reports on information risks across enterprises in any industry.
For further details on how more specific risk taxonomy and marketing terminology can bring greater efficiency to the risk management marketplace and competitive landscape analysis, access IMT's complimentary Perspective "Defining an Enterprise Risk Management Solutions Vendor."