ERM Software – Selecting the Best Solution


As organizations turn to Enterprise Risk Management (ERM) software to automate and enhance aspects of their ERM Programs, it’s time to take a critical look at the ERM and GRC marketplace to determine where gaps exist between the current offerings and the needs of risk managers.

Many GRC software tools on the market today offer a separate ERM module at an additional cost. If the goal of enterprise risk management is to take traditionally silo’d information and communicate it with a single framework, does it make sense to offer ERM as a part, or module, of a platform?

Risk Managers must be wary when evaluating ERM software, and there are a few questions they should ask of all vendors.

Does your solution support the best practices outlined by an accepted ERM framework?

The answer from an enterprise risk perspective should be an unqualified yes. There are considerable resources available to risk managers (i.e. the RIMS Risk Maturity Model) that can provide a framework for an ERM program, and if the ERM solution in question does not explicitly adhere to one or more of these standards, it’s likely that you’ll find yourself at a roadblock only a year or two down the road. ERM programs forced to operate with tools not designed for true Enterprise Risk Management become quickly frustrated with their results; and worse, their executives and leadership become disenfranchised with the entire concept of ERM, putting their jobs in jeopardy.

Is your solution flexible enough to fit the unique and evolving responsibilities of your ERM program?

Enterprise Risk Managers have been tasked with the enormous responsibility of providing transparency and insight into their organization's risk universe. In order to accomplish that goal, an ERM software must be cross-functional and capable of aggregating silo’d information dynamically. Ask to see information aggregated by strategic goal, geographic location, or by a risk category currently in use by your company.

As your program grows, chances are your responsibilities will grow to regulatory compliance managementpolicy managementbusiness continuity, or other key function. Any solution should flexible enough to tackle these functions within the confines of your ERM framework. Many GRC Software solutions consider these roles to be separate. Look for an integrated tool that doesn’t charge extra for the modules you need, and keep in mind that your responsibilities today might not be the same as they are a year down the road. Your ERM solution should grow with your program, not define or limit it.

Does your ERM solution provide the support necessary to ensure success?

Many ERM programs are just beginning to evaluate software. Having worked hard to build your business case, set aside a budget, and evaluate solutions, the worst case scenario would be selecting an ERM Software that could take months, even years, to implement effectively. Risk Managers cannot afford a lengthy implementation time frame while they work towards the milestones that will justify their solution. In addition, your solution should provide support tailored to your needs. Has your account representative supported the ERM programs of other organizations? Can they pass along best practices and build an implementation schedule around your milestones? And finally, can they do it in less than 90 days.

Evaluating ERM software can be a stressful experience, so we created a Business Requirements Template for download as an example that you can adjust to fit the needs of your evaluation.

Votes: 0
E-mail me when people leave their comments –

Steven Minsky is a recognized thought leader in risk management, CEO and Founder of LogicManager. Steven is well known for his precinct abilities to guide organizations through future risk events. Steven is a frequent speaker in the Energy, Financial Services and Cyber industries. While the first wave of COVID-19 caught many organizations by surprise, Steven predicted the pandemic impacts and published action plans to help organizations prepare.

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!