Manage Learn to apply best practices and optimize your operations.

It's elementary: IBM's Watson computer could be your next GRC tool

IBM's Watson computer gave an impressive performance in beating two of the best champions on "Jeopardy!" Find out why our expert thinks Watson also has much to offer as a GRC tool.

When IBM's Watson computer answered the final question to handily beat the two best human "Jeopardy!" contestants of all time last month, it earned a place in the annals of computer history alongside the ENIAC, the PDP-8 and Deep Blue.

Adrian Bowles
Adrian Bowles

I had the opportunity to watch the last match on TV with members of the IBM Watson team including David Ferrucci, the program manager. After congratulating him for his part in this notable achievement, I thought about the implications this technology has for serving as a governance, risk and compliance (GRC) tool in my own work -- and I must confess, up front, that I want a Watson of my own.

While IBM's Watson computer is named for IBM's founder, Thomas J. Watson, I think it's more like Dr. Watson in the "Sherlock Holmes" books. In other words, outside the realm of "Jeopardy!", Watson is the perfect assistant to -- rather than a replacement for -- a human. IBM knows this, which is why Watson's next task is serving as a physician's diagnostic assistant.

In this assignment, Watson will be paired with speech-recognition software and domain-specific vocabularies developed by Nuance Communications Inc. The use of natural language processing, along with deep question-answering (QA) technology, make it the perfect tool for decision support where extensive, ongoing research is necessary to ensure that answers or recommendations are based on up-to-the-minute circumstances.

Why's that so important? The "right" answer yesterday may be the wrong one today if conditions have changed. On "Jeopardy!", Watson was not connected to the Internet during the games but, in a business setting, that constraint will be lifted, providing Watson's "colleagues" with timely access to domain-specific information.

With that in mind, I'd like to see a GRC Edition of WaaS -- Watson as a Service. Here's how I would use it as a GRC tool to tackle three common problems that cost organizations millions of dollars and are fraught with risk:

Identify which rules, regulations, guidance documents and court rulings apply to a specific business. The landscape of rules and regulations is complex. Determining which ones apply depends on several factors, including the industry, geographies of the firm and its customers and recent court and legislative decisions. Although we speak of regulated industries, the truth is every business is regulated, making it an area of concern for all businesses. As the number of industries and geographies increases, the problem becomes more complex and expensive. But a general-purpose system like Watson would have little difficulty scaling to handle this complexity.

Identify and factor in the requirements. Once the set of requirements is established, it's important to factor in the requirements and controls that allow common problems to be solved only once. For example, similar security provisions in the Health Insurance Portability and Accountability Act and the Sarbanes Oxley Act can be met with a common Control Objectives for Information and related Technology (COBIT) framework of objectives and controls. Watson can use pattern-matching algorithms to identify these commonalities, which currently require scans of complex documents and updates or purpose-built applications.

Prioritize and assign confidence levels for risk management decisions. While it would be ideal to be in compliance with all of the rules 100% of the time, the reality is that decisions about how and where to allocate resources often involve tradeoffs. Using a context-aware decision-support system with deep QA to provide multiple answers enables GRC executives to do extensive "what-if" scenarios to tune their plans and manage investments.

When Watson answered "Toronto" to a question about U.S. cities, many in the viewing audience might have had concerns about using Watson-type computing for critical applications. But consider this: There are at least seven Torontos in the U.S.; Toronto, Ontario has a baseball team in the American League East; and Watson only had 14% confidence in the answer. In a non-game-show setting, it wouldn't have volunteered that answer to this question due to lack of confidence.

But in the "Final Jeopardy!" round, there is no penalty for a wrong answer versus no answer. Also, Chicago, the correct answer, was displayed by Watson with an 11% confidence score. If Watson were only an assistant in a real-world setting, rather than being solely responsible for the answer, a mutual agreement by man and machine on the correct answer is far more likely.

I like the image of Watson as a compliance assistant, with the ultimate decision resting with humans, at least for now. Having worked on a complex database designed to capture compliance rules, regulations, guidelines and decisions, I can attest that such an assistant would simplify the task for most businesses.

Ultimately, I expect Watson to be available on an Answer as a Service model, or as a continuous service. In the beginning, it may make sense for firms in the same industry to pool their resources to gain access to this type of QA system, as most results are not competitive differentiators. But, eventually, the cost of Watson-like technology will become affordable for even small and medium-size companies.

So, while naysayers denigrate Watson for not thinking like a human, I would suggest that many of us would be more effective in our GRC-related tasks if we learned to think more like Watson.

Adrian Bowles has more than 25 years of experience as an analyst, practitioner and academic in IT with a focus on IT strategy and management. He is the founder of SIG411 LLC, an advisory services firm in Westport, Conn., and director of the Sustainability Leadership Council.

Dig Deeper on Managing governance and compliance

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.