One key point I emphasized in my ERM software buyer’s guide is that, in spite of the vast amount of commentary on the challenges of risk appetite and other risk management concepts, no topic is more difficult to grasp and execute than choosing the right risk management software system for meeting the company’s needs.
Before jumping into how software should work and the different options out there, the first step is to establish if you even need to invest in a system in the first place. For example, if your company is taking a more “implicit” or subtle route by asking risk questions during the decision-making process and eschewing the formal assessment of risks, a software system may be unnecessary.
But in many cases, especially if your company has an explicit risk process, a software system will be a necessary tool for cataloging, visualizing, and analyzing risks.
Using manual processes or generic tools like Excel spreadsheets can be cumbersome to say the least, especially if executives and the Board want to see how risks are changing over time or want concrete numbers on how ERM is benefitting the company. Understanding and quantifying how ERM is benefitting an organization is something that’s proved elusive to risk managers and executives.
Assume for a moment that your company falls into this category and needs a software tool. You recognize that risk managers and executives (…or decision makers in general) will have distinct needs that the tool must satisfy for ERM to be effective. Software that doesn’t consider the needs of either one of these types of users will be inefficient at best, and at worst, downright useless for managing the company for success.
Ideally, effective ERM software should offer a blend of features and processes that suit the needs of both risk managers and executives. Below is a quick breakdown of the needs of each of these respective groups.
Risk Managers
When it comes to software, the needs of risk managers ultimately revolve around gathering information efficiently. They will be getting into the nuts and bolts of the software, so usability will be a top concern.
With an ever-mounting number and complexity of risks facing organizations today, risk professionals must be able to gather information without constantly barraging executives and management to ask for their valuable time. While manually cataloging and analyzing risks in a tool like Microsoft Excel can be time-consuming, a poorly designed risk management software tool can make this process even more inefficient.
Therefore, the central focus for risk managers when it comes to software is the ease by which they can gather the information executives need, input it into the system, analyze the results, and report out valuable insights for resource allocation and decision-making. Getting there though will require a little trial and error to develop a process that works for your company. The company should consider different software only after these processes have been ironed out; otherwise, you are letting the software drive the company instead of the process driving the software selection.
Executives
As opposed to risk managers and analysts, executives typically will not be interested in the details about the risk process or the particular features of the software. Their main interest is “big picture,” meaning how risks will impact the achievement of objectives. In this article on making a risk register an essential tool for a CEO, Danny Wong of GOAT Risk Solutions explains:
Senior executives prefer more concise narrative summary of the latest developments on the risk, actions and metrics, especially when reviewing across 10(ish) risk areas.
Many organizations struggle to deliver actionable risk information to their executives whether it’s through software or “manual” tools like Microsoft Excel. According to the annual State of Risk Oversight report from NC State University, over 40% of executive respondents claim they are “not at all” or “minimally” satisfied with the quality of reports they receive.
In the context of software, any reports will need to provide an easy way to visualize the relationship between risks and how they will impact objectives so they can prioritize resources.
Whether it’s root cause analysis, heat maps (which I personally prefer not to use), or modeling results, the primary focus of visual aids should be on whatever the executive needs to make decisions.
A software program must ensure executives receive timely, relevant information for decision-making, and at the same time, it must also be easy for risk managers and other personnel to gather, analyze, and report risk information.
Does your risk management software tool adequately account for the needs of both risk managers and executives?
The distinct needs of different users of risk management software is a topic that doesn’t seem to receive the attention it deserves, so please feel free to share your thoughts by leaving a comment below or joining the conversation on LinkedIn.
And if your company is trying to determine its software needs and don’t know where to begin, please don’t hesitate to drop me a line today!
