IBM Announces Plans To Acquire OpenPages . . . Top GRC Vendors Are Charting Very Different Courses

Rarely does vendor consolidation reflect such fragmentation of a market.

Picking up on the recent acquisition trend of independent market leaders, IBM today announced plans to acquire long-time GRC heavyweight OpenPages to strengthen its business analytics offerings, including Cognos and SPSS. It's a good fit for both companies and certainly won't surprise anyone who has been following the space... the OpenPages platform leans on Cognos for its reporting capabilities, so they already have a head start on product integration. The two have also proven successful in the past by combining forces on large risk management implementations, so there are already established use cases to reference.

This deal is most interesting, however, when you consider the other acquisitions of top GRC vendors. Less than two years ago, Paisley was acquired by Thomson Reuters to strengthen its tax and accounting business and content delivery, while EMC acquired Archer Technologies earlier this year as a dashboard (at least initially) to pull together IT risk data and processes as part of its RSA security offerings. While OpenPages has historically competed with Paisley in financial controls management and has recently been moving more into Archer's core IT risk and compliance domain, this acquisition will likely turn the company more toward higher-level corporate performance and enterprise risk management. The GRC vendors will still compete regularly, but their unique selling propositions are starting to look more and more unique all the time.

It will be interesting to watch how the remaining top independent GRC vendors (BWise, MetricStream, Qumas, etc.) will respond... and whether other industry powerhouses (SAP, Oracle, Cisco, HP?) will move to pick them up.


  • If you are currently an OpenPages customer or evaluating the platform, I don't expect much change in the near future, either positive or negative. Eventually, further integration with IBM technologies, such as Tivoli and WebSphere, will help extend the reach of the risk and compliance programs (although it will likely be months before we hear about any specific plans, let alone see any new offerings. Integration with IBM's BPM technologies has not been a focus of any messaging about the deal yet.).
  • If you are currently a customer of IBM's analytics technologies, OpenPages will be an attractive addition for handling needs such as workflow, risk analytics, loss management, and compliance reporting. But considering the cost and complexity of the average OpenPages deployment, the platform's footprint may have to be scaled back to make a more reasonable bundled offering.

Congratulations are in order for both companies. OpenPages has worked hard to put together a very solid product and an impressive list of successful customers. They still have a lot more work ahead of them, however, trying to navigate the massive IBM universe and prioritize the investments that will most immediately increase customer value.


Chris, good points. I

Chris, good points. I completely agree that IBM/Cognos/OpenPages is a natural combination and a smart move for IBM. IBM just keeps steamrolling with its acquisition spree. At this pace, it seems like it's only a matter of a few quarters before IBM will own nearly 100% of all enterprise apps components. But, as you correctly mentioned – and it was a bit disappointing – there was no mention of BPM implications for the transaction. In my experience, GRC is much more about workflow, processes and process orchestration, than just reporting and analytics. Just like in one of the Seinfeld episodes - “keeping the reservation is the key part of taking reservations” – well designed and managed processes are infinitely more important and challenging for GRC than reporting and analytics. IBM does indeed have the tools (FileNet, Lombardi, iLog, etc) and the know how (IBM GBS, BAO) to make the integration happen, but they just don’t emphasize BPM for GRC and analytics as much as they should. IBM “talks the talk” of ultimate enterprise optimization that can only happen when BPM, BRE, BI, GRC converge and become seamlessly integrated – but they still don’t “walk the walk”.


HI Chris. This acquisition and others before it are further evidence of the increasing importance of GRC and the need to align risk, performance and technology. We anticipate a period of change and further convergence – giving risk and compliance professionals a series of clear choices and differing approaches.