PART 1: INTRODUCTION
What do you think is the most difficult part of enterprise risk management for risk managers and executives to make sense of? Is it risk appetite and tolerance or developing an actionable report leadership can use to guide decisions?
Those would be good guesses, but in spite of all of the commentary on the difficulty of each of these concepts, neither one comes close.
No, after many conversations in my time as an ERM consultant and recollecting my own experience as an industry-practitioner, perhaps no topic is more shrouded in mystery and confusion than ERM software.
Processes like risk identification, risk assessment, and even risk appetite can be refined as you go; if something doesn’t work out, it’s okay, especially if you are “piloting” the processes with only one or two business units. Through trial and error and persistence, you can eventually develop tailor-made ERM processes that helps give your company a competitive advantage.
But ERM software systems can be a veritable black hole.
With so many options and ways to use risk management software, it can be overwhelming, especially if you are unsure of what your organization’s needs are. Many tools can be overly bureaucratic and cumbersome, or simply regurgitate what everyone already knows, but this time in a pretty chart and dashboard.
This of course leads to systems being abandoned and wasted resources (time and lots of money), which fuels the perception that ERM is simply a cost-center that doesn’t provide any strategic value to the company. Unfortunately, this perception is all too common according to different surveys.
In a comment to an article on LinkedIn, consultant and former ERM Director for Capital One, Soumya Chakraverty, illustrates this point when he says…
Companies are licking their wounds somewhat from investing millions of dollars in expensive GRC software that has failed to deliver value. This is primarily because the technology companies have tried to implement solutions by themselves, without the help of professional risk specialists, to help design the strategy, roadmap, target operating model, and value proposition, which are critical components to add value.”
The goal of this guide is to take a balanced approach in helping companies avoid this problem and ensure whatever solution they ultimately choose delivers value to the organization at a reasonable cost.
The following sections explore why adopting the right ERM software benefits a company, what different types of systems are out there, and how risk managers and directors should go about finding the right solution for their needs.