Respected EHS Analyst Predicts GRC Solutions Market to Reach $52 Billion

If you’re still deciding whether to attend EXPO.08, let me refer you to Michael Rasmussen’s new research, in which he says GRC is gathering momentum among organizations as a philosophy of business. In fact, he predicts a $52 billion market for GRC solutions in 2008.

As a business philosophy, GRC is collaborative, requiring contributions from throughout the enterprise. The philosophy is composed of sustainability, consistency, transparency, and especially efficiency — which happen when organizations leverage information and processes across the enterprise.

ESS EXPO.08, which starts Sunday, will feature several industry experts who will share perspectives on their corporate governance issues or initiatives, and how their organizations are using information technology to address those concerns.

Rasmussen points out, “good governance is built upon diligent risk and compliance management processes. In today’s business environment, ignoring a federated view of GRC results in business processes, partners, employees and systems that behave like leaves blowing in the wind.”
In the past few years, ESS, like Rasmussen, has found that there are several common drivers of GRC in the enterprise:

• Growth of Corporate Social Responsibility.
• Increasing governance demands.
• Rating agencies focused on enterprise risk management.
• Increasing risk profile in a distributed world.
• Connecting performance management to risk management.
• Increasing regulatory compliance profile.
• Impact of the extended enterprise.
• Inefficient, manual and siloed risk and compliance initiatives are ineffective.

Quite a while ago, we realized that silos of information increase, rather than mitigate risk, and we moved to architect our solution as an integrated platform. For that, I have to thank our product development teams and their depth of industry experience. You can almost say they “felt” the wave coming, and like good surfers, they were in position to ride it properly.

Other analysts are noticing how ESS has positioned itself to address market trends. At the recent Gartner GRC conference in Chicago, lead analyst Dan Miklovic provided an EHS industry overview, where he reported, “ESS is one of the few providers to offer a suite of EH&S solutions that closely align with Gartner’s market definition and to offer both hosted and licensed delivery models.” I highly recommend it if you are a Gartner subscriber.

With their leadership, our development teams have brought to market a solution that allows managers to see the big picture, use their resources effectively, reduce unnecessary complexity, and stay nimble and flexible. We operate in such a dynamic business environment (witness how quickly Bear Stearns ceased to exist – in just one weekend!) that simplicity and transparency of information are needed to ensure that businesses meet their corporate governance objectives.

Add comment April 10th, 2008

Organizations Becoming Wary of EHS Data Security and Legal Exposure from Multi Tenant Shared Environments

Data security has always been a major concern for organizations. Companies spend large sums to make sure that their data cannot be accessed by outside parties. However some organizations are expressing concern that their data may be subject to an unwanted third-party review during legal proceedings – even if that organization is not a target of the lawsuit.

We recently encountered a situation where this came up as a major concern from one of our new clients, a major western electric utility company. During their due diligence evaluation of software systems including ESS, their internal legal counsel was concerned about their data being mixed with other clients in a multi tenant environment and potential risks of exposure. Here’s why:

Software as a Service (SaaS) is a delivery method that is popular among companies that want to purchase an EHS software platform, but prefer to avoid the challenges that come with installation and maintenance. However, some organizations are taking a second look at SaaS environments where data are housed in multi-tenant applications. These are arrangements where customers’ data are stored in a common environment: in other words a SaaS provider stores data in an environment where all client information is located in a single database.

Multi tenant applications are efficient and offer sufficient safeguards against accidental and malicious access, however some organizations have recently been evaluating if multi tenant data storage does expose clients to risks of having their data accessed if another customer that has data in that same environment is targeted in a lawsuit and its data are subpoenaed. In other words if one client’s data goes to court, could all clients’ data goes to court?

While ESS does not make legal interpretations of these kind of questions, we do architect our software to provide maximum data protection and in this particular area, our “zero” security risk influenced their decision to choose an ESS “SaaS” solution over a competitor’s offering.

ESS offers a superior SaaS data storage arrangement that is architected and designed to be more secure than other systems. Our SaaS client data is stored by using “virtual” technologies for one thing, where each customer’s information is stored in a separate and distinct database that is isolated from information that belongs to all other clients. More importantly, in our environment, customers’ data would be completely safe from a subpoena targeting another organization in the situation described by our new utility client in the case above.

Our 820 years of experience developing software allows us to carefully think about customers’ real world concerns when designing our software. This is an example of applying that experience to address clients’ security concerns.

We are not sure what outcome this will ultimately result in as this predicament becomes more widely discussed, I’m sure that we’ll see some quick market adjustments as organizations react to the need to secure their data from this form of risk exposure. Regardless, clients can rest assured that with ESS solutions their data is secure in the safest, surest environment choice.

Add comment April 4th, 2008

ESS China Expands EHS Software Market

I am in Asia, because this week we are opening ESS China, our Beijing-based office that will offer the industry-leading software platform to organizations in Greater China and throughout the Asia Pacific region. To celebrate our new office, we will host a grand opening event, featuring local executives and civic leaders, Wednesday, March 26 at the Beijing American Club.

ESS has established its first office in Asia in order to grow its marketing and support operations in a region where it already has a strong client base, including global energy giants PetroChina and China National Petroleum Company (CNPC).

Businesses throughout Asia and, in particular, Greater China, are positioning themselves to increase their market share through expanded global presence. Those decision makers understand that their organizations must implement standards that are aligned with international protocols such as ISO 14000, Global Reporting Initiative, OHSAS 18000, REACH and others in order to compete in markets where EHS is recognized as an important benchmark for enterprise sustainability.

ESS China will continue our nearly two-decade long tradition of helping organizations reach their sustainability and operational excellence goals by offering the company’s integrated software platform–enabling organizations to efficiently address urgent business concerns such as greenhouse gas management, Corporate Social Responsibility reporting, worker health and safety, compliance reporting and emergency response.

Organizations throughout China have experienced tremendous growth over the past 10 years, and now they are facing daunting environmental, health, safety and crisis management challenges. ESS is uniquely positioned to help those organizations manage their EHS issues more effectively. ESS’ integrated software platform enables users to efficiently collect and communicate critical EHS and Crisis data at all levels of an organization and across the enterprise.

Our collaboration with PetroChina and its EHS software platform implementation represented a major landmark as the first enterprise-wide compliance and risk management software deployment of its kind in China. Our software platform enabled PetroChina, the world’s largest company by market capitalization, to increase productivity by driving process improvements that generated time and cost savings while also improving management decision making.

CNPC then selected ESS, based on the success of the PetroChina implementation. We’re honored to be involved in such an important initiative in Asia, and that’s why I’ve spent so much time there in the past few years.

1 comment March 24th, 2008

Leading Analysts Advise Organizations to Implement Integrated Solutions

I’ve been beating the drum for integrated sustainability solutions since 2000. Since then we have been building out our solution to encompass all critical environmental health and safety matters, which enables organizations to take a holistic and strategic approach to sustainability. The integrated design reduces complexity, risks and costs by leveraging critical data, information and best practices from a common database for a facility, business unit or across the enterprise.
In the past two weeks, two different industry analysts have been discussing sustainability platforms in the same terms, which tells me that the direction we are taking is the right one.

Michael Rasmussen, a well-respected industry expert and the principal of a consulting service called Corporate Integrity, has long been a proponent of platforms rather than silos. In his most recent blog post, he says that information technology risk management isn’t the be-all and end-all of risk management; it’s only one aspect. He warns that vendors who say they are in the GRC space without an integrated platform may be thrown out of meetings. There can’t be a much stronger warning than that against point solutions rather than integrated solutions.

In addition, at its GRC summit this week, the lead Gartner GRC analyst, Dan Miklovic, presented an overview of the EHS space called “Environmental, Health and Safety: “Your Applications Must be Part of an Overall GRC Process.” Gartner says that EHS information systems must become fully integrated and, when they do, they help organizations by reducing:

• number of applications
• interfaces
• support staff
• IT hardware and
• number of vendors to be managed

That advice aligns with ESS’ approach of reducing complexity to reduce risks and costs.

We are always working with our customers to make sure they get the innovative solutions they need to reach their sustainability, performance and compliance goals. One of the ways we do that is by inviting IT experts and users from some of the world’s leading companies to our user conference, ESS EXPO.08, which is a highly successful event for sharing best practices among our partners and customers. EXPO.08 is coming up April 13-17, and I hope to see you there. This year’s keynote will be AMR analyst Simon Jacobson, who will talk about laying the foundation for sustainability through environmental compliance.

1 comment March 13th, 2008

ESS EXPO.08 to Provide Latest Trends, Innovative Solutions for EHS Software Users

If you haven’t already registered, here’s a personal invitation from me to join us at ESS EXPO.08 from Sunday, April 13 - Tuesday, April 15, at Sheraton Wild Horse Pass Resort outside Phoenix, Arizona.

ESS EXPO.08 is the largest software users’ conference of the year dedicated to Environmental, Health & Safety and Crisis Management. Attendees will see the latest technology innovations from ESS – with up-close looks at new versions of our software (Essential Suite™ version 7.1 and the browser-based version of Compliance Suite™) as well as quick tips and in-depth explanations from the experts who design, develop and support those tools. In addition, our training team will offer training courses that address key regulatory compliance issues and best practices.

Participants will hear the latest news about a variety of Governance, Risk and Compliance issues and information management challenges. Sessions like “Corporate Sustainability: Helping People and Businesses Reach Their Potential” by Microsoft and “REACH – Understanding and Implementing for Compliance” by PTK, Ltd — the firm that co-authored the regulation — provide a brief sample of the topics that will be discussed at this year’s ESS EXPO.

At ESS EXPO, you can meet your peers, exchange best practices and meet keynote speakers Simon Jacobson of AMR Research and racing icon Kyle Petty. Jacobson will provide an overview of enterprise trends, while Petty, of course, plans to talk about NASCAR and business success.

Our business partners will show how they can enable ESS users to achieve even greater success with complementary solutions and services. And finally, ESS software users will benefit from sharing their own ideas and experiences while networking with other top professionals from a wide variety of vertical industries.

ESS EXPO.08 continues the tremendous success of previous EXPO events, which have attracted hundreds of EHS and Crisis Management professionals.

Add comment February 13th, 2008

More Companies Responding to Demands for Transparency of Risk Reporting

Unless you are involved in corporate governance, you probably aren’t aware that there is an organization called The Corporate Library, that provides reports that assess corporate governance reporting on behalf of investors and insurance companies. The Corporate Library is a repository of reports and information such as corporate policies, SEC filings, and executive compensation. This information, available for purchase, provides corporate reporting and evaluates whether a company’s documentation offers sufficient detail to prevent shareholder lawsuits and satisfy investors’ and insurers’ requirements for transparency. In addition to selling information to the financial community, the Library also provides reports to the enterprises themselves to help them benchmark their performance against other companies.

In a recent report, The Corporate Library found that some well-known companies are not reporting enough detail about their CO2 emissions and the costs involved in cleaning up those operations. Toy company Hasbro (HAS); fiber-optic maker Corning (GLW, Fortune 500); railroad company Burlington Northern Santa Fe (BNI, Fortune 500), Royal Caribbean (RCL) cruise line; and lawn and garden company Scotts (SMG) all scored below average in the report. Meanwhile most utilities and other companies that are known for emitting significant amounts of carbon dioxide have long detailed their emissions and potential costs in financial filings. Those organizations scored much better.

Companies that expect to maintain industry leadership in a market environment that demands more transparency need to invest in monitoring and reporting platforms that will help them satisfy these new investor requirements for reporting risk management data. The Corporate Library sells a product called the “Board Analyst,” that analyzes whether a company’s governing board is proactive and effective in demanding transparency from executives. If I were a corporate board member in these times, I’d be asking my company’s executives to invest in integrated monitoring platforms that can efficiently collect and report this data to improve their transparency rating.

Add comment January 14th, 2008

Duke Energy, Alcoa Among Companies Recognized for Sustainability Reporting

Duke Energy and Alcoa, both industry leaders, as well as ESS clients, have been chosen as finalists for the Ceres 2007 North American Sustainability Rewards. According to a news release, “the awards are not intended to endorse or reward corporate sustainability performance, but rather to acknowledge exemplary disclosure that places performance in the broader context of sustainability challenges, risks and opportunities.”

Ceres is a leading network of investors, environmental groups and other public interest organizations that work with companies to address sustainability challenges such as global climate change. Ceres also directs the Investor Network on Climate Risk (INCR), comprised of over 60 institutional investors who collectively manage more than $4 trillion in assets.

Award nominees were evaluated based on criteria that address completeness, credibility and quality of communication. The panel of 13 judges includes North American leaders and experts representing a broad spectrum of backgrounds.

The Association of Chartered Certified Accountants (ACCA) has been giving these awards for fifteen years to promote transparency in reporting sustainable business practices. This year, 87 companies entered reports, and 21 finalists were chosen. Since 1999, ACCA has teamed up with Ceres to present the awards for sustainability. This year’s entrants included a wide variety of industries from mining to automotive manufacturing to apparel.

Duke Energy, Alcoa and the other award nominees are leading a powerful new trend in which companies are leveraging EHS information management systems to communicate their sustainability performance to external stakeholders. As a result, their efforts are being recognized by organizations like Ceres.

Add comment January 10th, 2008

Introducing ESS’ Greatest Asset: Our People

As we wind down to the end of a very productive year at ESS, I’ve begun to reflect on our many successes. A growing number of corporate executives now recognize that integrated technology platforms offer the most effective way to measure and mitigate risks associated with environmental, health, safety, crisis and performance management. We have been at the forefront of that trend, and we’re grateful that a significant number of those corporate executives have chosen ESS software to support those initiatives.

People think that at a company like ours, technology is our most important asset. It’s not. At ESS, our people are our greatest asset.

Long ago, we made a commitment to build a team with the industry’s best domain experience and duration of service. As a result, we have the strongest and deepest experience in the industry, with a combined 820 years EHS domain experience and 970 years developing software for EHS. We’re a veteran team and we’ve been together for many years, getting better and better at what we do. And at a time in which other companies are experiencing significant brain drain, ESS has a depth of experience that’s unmatched.

ESS has been at the forefront of strategy and innovation in the industry since our inception. We have leveraged our industry expertise and domain experience to develop a comprehensive set of best-of-breed solutions. Over the years, ESS experts have pioneered the development of landmark technology solutions to address challenges for refrigerants, air and fugitive emissions, crisis management, chemical inventory reporting and hazardous materials tracking.

Our strength and industry experience ensure that ESS information management solutions are properly aligned to address real industry needs. Our depth of experience ensures that ESS technology helps organizations to drive increased productivity and supports initiatives to reduce risks associated with EHS and Crisis Management performance.

Now we’re going to let you meet some of our difference-makers – the people on our team who are, in large part, responsible for our success. You’ll hear many interesting stories from people who are at the nexus of big changes in EHS software business.

We’re proud of our team, and it will be my pleasure to share short clips of our team members during the next few weeks, so you can see why we believe that our people make the difference at ESS.

Add comment December 12th, 2007

Savvy Businesses Taking Integrated Organizational Approach to GHG

Al Gore has received his Nobel Prize and is on his way to Bali to monitor the talks on climate change, which appear to be going well. No nation would like to be seen as the sole impediment to averting a planetary catastrophe. News of the environment is all over the media. All the focus on climate change has led to a rush of businesses to monitor greenhouse gases and lower their carbon footprint. While this is a good thing to do, in some cases organizations are taking a reactive approach that takes a narrow view of one issue while ignoring the interrelationships of GHG emissions to all other environmental issues. This has the risk of becoming a knee-jerk reaction that obscures the view of an integrated enterprise wide strategy that deals effectively with the complexity and impact of all environmental risk to the organization. GHG management is a problem that can and should be incorporated within the holistic and strategic framework of risk management that aligns the organization with their overall environmental stewardship and sustainability goals. Forward thinking businesses understand that managing these issues effectively is an integral component of their ability to achieve and maintain leadership in their given industry now and in the future.

Best of class organizations are taking an integrated organizational approach rather than taking a singular and tactical approach to GHG. An integrated systems approach will allow businesses to more effectively organize their people, processes and technology in a manner that will allow them to compete now and into the future.

We see this reflected in our own business. Our customers are not only interested in their carbon footprint, they’re interested in everything else that might impact the sustainability of their organization. Long before that set of buzzwords became popular, they have had the capability to monitor, predict and avert catastrophes that are perhaps equally as important as the emission of greenhouse gases: chemicals, hazardous wastes, fugitive emissions, waste water, industrial hygiene and regulatory compliance. These risks are more than compliance risks. They are operational risks inherent in business and they all must be monitored and managed.

Taking a holistic systems approach also requires implementing an IT technology strategy that aligns with the organizations enterprise wide strategies. As far back as 1999, we decided that enabling an organization to execute on their corporate initiatives for environmental stewardship, compliance, health & safety and sustainability is best accomplished through an integrated technology platform. The reason we believe in the integrated technology platform rather than a fragmented single application for each environmental issue is the concept of the interrelationship and common data elements between all of these issues. Every business I have talked to over the past 20 years wants to have an effective system in place to minimize all of their environmental risks. The reality is that it is very difficult to take an enterprise wide holistic approach to managing environmental risk when you have to rely on a multitude of single disparate applications that don’t talk to each other. If you do integrate them and try to roll up the information for management purposes and stakeholder reporting, it is costly to build and maintain the integration points between applications and the integrity of the data at a corporate level has and additional layer of risk. Each of these stand alone disparate applications actually becomes part of the risk. Why manage risk with a risky technology strategy and platform?

As a result, over the years we have chosen the integrated modular path over the “individual application” path. Our modular solutions are all excellent, but as a whole they are more than the sum of their parts. They enable the management and leaders of the organization to view their entire business from a sustainability perspective and to look at sustainability itself in the most complete possible way.

As I read in a recent AMR report, businesses need to take a hard look at three dimensions (business strategy, organizational processes and enterprise architecture) when assessing the right technology. They need to be intertwined so that businesses don’t just change their business strategy; they also change the technology and organization to match for maximum value. Called the Performance-Driven Business Network (PBN), this new business model is about synchronizing business strategy, organizational principles and enterprise architecture not just within a company, but up and down the greater business network with suppliers, customers and other partners to better compete—no, to compete at all—in the new global economy. They need to stop being project driven and become performance driven, in which change is a constant, and people, technology and business processes are changed in concert for the betterment of the business.

The result: Faster, predictable response to business shifts, a performance-driven collaborative culture, risk and compliance management embedded into operations, extended influence beyond traditional ecosystems and much better use of assets, including information and knowledge, technology, internal and external human capital, facilities and returns on invested capital.

In Bali, governmental representatives and NGOs are meeting. Again, this is good. But I guarantee that what will come out of those meetings has already been factored into a sustainability initiative by any enterprise that wishes to compete and survive. I see it every day because for almost two decades we have been on the front lines.

Add comment December 10th, 2007

ESS Crisis™ Enables Teams to Streamline Response at Major Terrorism Exercise

Several months before OPERATION TOPOFF 4, an incredibly complex terrorism preparedness exercise, the Tempe, Arizona Fire Department selected the on-demand version of ESS Crisis™ to manage its daily planning and emergency event mitigation at the city’s emergency operations center. Tempe Fire Department was an important customer win for us, not only because our own headquarters is located in Tempe, but because it gave us a chance to try out our SaaS product in a very important context.

TOPOFF 4, which took place October 15-24 at several venues in Arizona and Oregon, was designed to strengthen the nation’s capacity to prevent, protect against, respond to and recover from terrorist attacks involving weapons of mass destruction (WMD). The exercise provided an opportunity for local, state and federal agencies to coordinate emergency preparedness efforts among 10,000 participants, including officials from Arizona and Oregon; overseas support from the United Kingdom, Canada, Australia and Guam; and with the full-scale tests of collective preparedness and interoperability.

During last month’s exercise, imaginary radiological incidents occurred in Tempe/Phoenix, Portland and Guam. Local officials were tasked with coordinating and executing proper responses to the incidents using effective communication and coordination among various levels of government agencies and private responders. Federal, state and municipal agencies had to work together in this test. Once the exercise was complete, the Department of Homeland Security evaluated the Tempe responder team’s performance and gave them a report card in an effort to improve the City’s preparedness and incident management.

A growing number of local first responders like those in Tempe and Gilbert, another Phoenix-area suburb, have automated their pre-event preparedness and onsite coordination. Exercises like TOPOFF 4 are a powerful reminder that interagency coordination and system interoperability will be key factors to ensure that future terrorism response efforts are to be successful. Departments both large and small will need automated tools like Crisis to ensure they will be ready when a major incident occurs. In a real crisis, it could turn out to be a lifesaver.

Add comment November 15th, 2007