In this major investment bank managing all the flavors of operational risk has become very balkanized. There are separate systems for process management, risk identification, controls, vendor risks, cyber risks, outsourced risks, fraud, internal incidents, external incidents, business continuity, disaster recovery inter-affiliate risk and many more.
To address, we were able to create an elegant ontology that captured all these aspects of risk. We then, one by one were able to extract and conform their existing information into this shared model.
We managed to catch the re-write of a control’s library in mid-stream and get them to persist the key information directly to a triple store. The mappings have been ported into production and we built (in TARQL) the capability to create a unified view of information systems that feed risk evaluation metrics. Additionally, a very sophisticated interactive graphics has been built directly on the triplestore for exceptional visualization across the risk portfolio.
