How can your ERM Software serve both Risk Managers and Executives?

One key point I emphasized in my ERM software buyer’s guide is that, in spite of the vast amount of commentary on the challenges of risk appetite and other risk management concepts, no topic is more difficult to grasp and execute than choosing the right risk management software system for meeting the company’s needs.

Before jumping into how software should work and the different options out there, the first step is to establish if you even need to invest in a system in the first place. For example, if your company is taking a more “implicit” or subtle route by asking risk questions during the decision-making process and eschewing the formal assessment of risks, a software system may be unnecessary.

But in many cases, especially if your company has an explicit risk process, a software system will be a necessary tool for cataloging, visualizing, and analyzing risks.

Using manual processes or generic tools like Excel spreadsheets can be cumbersome to say the least, especially if executives and the Board want to see how risks are changing over time or want concrete numbers on how ERM is benefitting the company. Understanding and quantifying how ERM is benefitting an organization is something that’s proved elusive to risk managers and executives.

Assume for a moment that your company falls into this category and needs a software tool. You recognize that risk managers and executives (…or decision makers in general) will have distinct needs that the tool must satisfy for ERM to be effective. Software that doesn’t consider the needs of either one of these types of users will be inefficient at best, and at worst, downright useless for managing the company for success.

Ideally, effective ERM software should offer a blend of features and processes that suit the needs of both risk managers and executives. Below is a quick breakdown of the needs of each of these respective groups.

Risk Managers

When it comes to software, the needs of risk managers ultimately revolve around gathering information efficiently. They will be getting into the nuts and bolts of the software, so usability will be a top concern.

With an ever-mounting number and complexity of risks facing organizations today, risk professionals must be able to gather information without constantly barraging executives and management to ask for their valuable time. While manually cataloging and analyzing risks in a tool like Microsoft Excel can be time-consuming, a poorly designed risk management software tool can make this process even more inefficient.

Therefore, the central focus for risk managers when it comes to software is the ease by which they can gather the information executives need, input it into the system, analyze the results, and report out valuable insights for resource allocation and decision-making. Getting there though will require a little trial and error to develop a process that works for your company. The company should consider different software only after these processes have been ironed out; otherwise, you are letting the software drive the company instead of the process driving the software selection.

Executives

As opposed to risk managers and analysts, executives typically will not be interested in the details about the risk process or the particular features of the software. Their main interest is “big picture,” meaning how risks will impact the achievement of objectives. In this article on making a risk register an essential tool for a CEO, Danny Wong of GOAT Risk Solutions explains:

Senior executives prefer more concise narrative summary of the latest developments on the risk, actions and metrics, especially when reviewing across 10(ish) risk areas.

Many organizations struggle to deliver actionable risk information to their executives whether it’s through software or “manual” tools like Microsoft Excel. According to the annual State of Risk Oversight report from NC State University, over 40% of executive respondents claim they are “not at all” or “minimally” satisfied with the quality of reports they receive.

In the context of software, any reports will need to provide an easy way to visualize the relationship between risks and how they will impact objectives so they can prioritize resources.

Whether it’s root cause analysis, heat maps (which I personally prefer not to use), or modeling results, the primary focus of visual aids should be on whatever the executive needs to make decisions.

A software program must ensure executives receive timely, relevant information for decision-making, and at the same time, it must also be easy for risk managers and other personnel to gather, analyze, and report risk information.

Does your risk management software tool adequately account for the needs of both risk managers and executives?

The distinct needs of different users of risk management software is a topic that doesn’t seem to receive the attention it deserves, so please feel free to share your thoughts by leaving a comment below or joining the conversation on LinkedIn.

And if your company is trying to determine its software needs and don’t know where to begin, please don’t hesitate to drop me a line today!

, , , , ,

Related Posts

2 Comments. Leave new

  • Hi Carol, our company is an SME in relation to ERM implementation, also supporting software we develop.
    Some feedback, you say; “Therefore, the central focus for risk managers when it comes to software is the ease by which they can gather the information executives need, input it into the system, . . [my feedback, the software should enable staff to enter their own information else ERM won’ be embedded]
    Another point [not that I want to be negatively critical, rather take this as constructive criticism], “executives typically will not be interested in the details about the risk process . . .” [my feedback, it’s fundamental for executives to understand and apply the risk process else they can’t drive ERM as well.
    My feedback is based on direct experice and our company is winning the day.
    Just yesterday we met a new startup bank here in Australia, intending to apply for a banking licenses in Q3 of 2021. Before meeting with them they had evaluated a few of the systems available in the marketplace, rejecting them. Bearing in mind these products have captured a lot of market share already.
    Most implementations using risk software fail and one can attribute several reasons. However the fact is that most software fails to provide the requirements needed to have a successful implementation, some of these reasons you’ve pointed out very well.

    Reply
    • Hi Ian – thank you for such an extensive comment and the feedback. Congrats on your software making headway.
      Yes, I can see your point about staff entering risk information, so perhaps I should update the article to include the company’s staff in addition to risk managers.

      On your other point regarding executives, their main interest is achieving objectives. In my experience, I’m not sure they are too interested in the nuts and bolts of any risk process just that it works and is giving them the information they need to make decisions in a timely and effective manner. As I explain in an article from earlier this year, if ERM is considered to be a separate activity, it will not provide any strategic value to the company. In the long run, risk has to be integrated into daily conversations and decisions to be a valuable part of ensuring the company’s success.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu