« Identify Theft Risk- Are you tracking the root cause? | Main | Looking for Risks in all the wrong places? »

The article by Evan Busman Handling Twin Takes of ERM is a great overview of evaluating technology for Enterprise Risk Management, especially in highlighting the pitfalls of compliance software not addressing the more strategic business risk and performance management objectives of the firm. Risk Management has traditionally been associated with risk elimination, insurance and compliance. Most software vendors have predictably added some risk features onto their existing compliance packages because it is easier from them to sell. You can put lipstick on a pig, but it's still very much a pig.

The true Enterprise Risk Management approach is best described by Dan Borge in his The Book of Risk, as "Risk Management means taking deliberate action to shift the odds in your favor - increasing the odds of good outcomes and reducing the odds of bad outcomes". Enterprise Risk Management is about building business value in support of better decision making rather than only providing oversight of major compliance issues or satisfying the requirements imposed by external auditors. New software built from the ground-up to meet the very different needs of true Enterprise Risk Management is required.

Enterprise Risk Management software must manage the complexity for an ERM program. Based on my research, I have identified the following key characteristics:

1) Root Cause: A framework that gets to the cause of issues makes follow-up straight forward and logical.

2) Motivation: Performance Management functionality that makes it easy to help line managers achieve process improvements to reduce costs, bottlenecks, and unnecessary risk translates into their embracing risk management.

3) Process Driven: Selecting the most relevant 30 to 50 key risk indicators for each core business process from thousands of possibilities.

4) Cross Functional Risk: Features to deliver a portfolio view with interactive dashboards to drill down or cut across silos to identify dependencies between risks.

5) Operational Controls: Go beyond financial controls to also quantify the effect of controls on business goal achievement while maintaining accountability throughout the process.

6) Risk Tolerance: Embedding risk management processes within the existing corporate culture from enterprise-wide board room strategy to tactical planning and analysis.

7) Maturity Model: Enable the risk management department itself to accelerate adoption of best practices, to set program objectives and measures and to manage ERM program activities.

With this criteria you can evaluate new software coming to the market from true ERM vendors and use risk tolerance to achieve the strategy and performance targets for your organization. There is more on the evaluation criteria for selection of Enterprise Risk Management technology in my ebizQ column, The Dos and Don’ts of Enterprise Risk Management

Posted by stevenminsky in Compliance • Enterprise Risk Management • Software |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/303

Posted by: Evan Busman at May 30, 2006 06:26 PM