We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Manage Tomorrow's Surprises Today

Steven Minsky

ERM Software - Selecting the Best Solution

Vote 0 Votes


As organizations turn to Enterprise Risk Management (ERM) software to automate and enhance aspects of their ERM Programs, it's time to take a critical look at the ERM and GRC marketplace to determine where gaps exist between the current offerings and the needs of risk managers.

Many GRC tools on the market today offer a separate ERM module at an additional cost. If the goal of enterprise risk management is to take traditionally silo'd information and communicate it with a single framework, does it make sense to offer ERM as a part, or module, of a platform?

Risk Managers must be wary when evaluating ERM software, and there are a few questions they should ask of all vendors.

Does your solution support the best practices outlined by an accepted ERM Framework?

The answer from an enterprise risk perspective should be an unqualified yes. There are considerable resources available to risk managers (i.e. the RIMS Risk Maturity Model) that can provide a framework for an ERM program, and if the ERM solution in question does not explicitly adhere to one or more of these standards, it's likely that you'll find yourself at a roadblock only a year or two down the road. ERM programs forced to operate with tools not designed for true Enterprise Risk Management become quickly frustrated with their results; and worse, their executives and leadership become disenfranchised with the entire concept of ERM, putting their jobs in jeopardy.

Is your solution flexible enough to fit the unique and evolving responsibilities of your ERM program?

Enterprise Risk Managers have been tasked with the enormous responsibility of providing transparency and insight into their organization's risk universe. In order to accomplish that goal, an ERM software must be cross-functional and capable of aggregating silo'd information dynamically. Ask to see information aggregated by strategic goal, geographic location, or by a risk category currently in use by your company.

As your program grows, chances are your responsibilities will grow to compliancepolicy managementbusiness continuity, or other key function. Any solution should flexible enough to tackle these functions within the confines of your ERM framework. Many GRC Software solutions consider these roles to be separate. Look for an integrated tool that doesn't charge extra for the modules you need, and keep in mind that your responsibilities today might not be the same as they are a year down the road. Your ERM solution should grow with your program, not define or limit it.

Does your ERM solution provide the support necessary to ensure success?

Many ERM programs are just beginning to evaluate software. Having worked hard to build your business case, set aside a budget, and evaluate solutions, the worst case scenario would be selecting an ERM Software that could take months, even years, to implement effectively. Risk Managers cannot afford a lengthy implementation timeframe while they work towards the milestones that will justify their solution. In addition, your solution should provide support tailored to your needs. Has your account representative supported the ERM programs of other organizations? Can they pass along best practices and build an implementation schedule around your milestones? And finally, can they do it in less than 90 days.

Evaluating ERM software can be a stressful experience, so we created a Business Requirements Template for download as an example that you can adjust to fit the needs of your evaluation.

Enhanced by Zemanta

Leave a comment

In this blog, risk expert Steven Minsky highlights the differences between traditional risk management and true enterprise risk management, which is about helping things happen rather than preventing them from happening. Manage Tomorrow's Surprises Today is designed to help you think about risk in new ways and learn how to benefit practically from this rapidly evolving field.

Steven Minsky

Steven is the CEO of LogicManager, Inc. the leading provider of ERM software solutions. Steven is the architect of the RIMS Risk Maturity Model for ERM, author of the RIMS State of ERM Report among many other papers, and a RIMS Fellow (RF) instructor on ERM. Steven has conducted ERM and RIMS Risk Maturity Model training for hundreds of organizations around the globe. Steven is a patent author of risk and process management technology and holds MBA and MA degrees from the University of Pennsylvania’s Wharton School of Business and The Joseph H. Lauder Institute of International Management. You can reach Steven at steven.minsky@logicmanager.com.

Recently Commented On

Monthly Archives