How can your ERM Software serve both Risk Managers and Executives?

One key point I emphasized in my ERM software buyer’s guide is that, in spite of the vast amount of commentary on the challenges of risk appetite and other risk management concepts, no topic is more difficult to grasp and execute than choosing the right risk management software system for meeting the company’s needs.

Before jumping into how software should work and the different options out there, the first step is to establish if you even need to invest in a system in the first place. For example, if your company is taking a more “implicit” or subtle route by asking risk questions during the decision-making process and eschewing the formal assessment of risks, a software system may be unnecessary.

But in many cases, especially if your company has an explicit risk process, a software system will be a necessary tool for cataloging, visualizing, and analyzing risks.

Using manual processes or generic tools like Excel spreadsheets can be cumbersome to say the least, especially if executives and the Board want to see how risks are changing over time or want concrete numbers on how ERM is benefitting the company. Understanding and quantifying how ERM is benefitting an organization is something that’s proved elusive to risk managers and executives.

Assume for a moment that your company falls into this category and needs a software tool. You recognize that risk managers and executives (…or decision makers in general) will have distinct needs that the tool must satisfy for ERM to be effective. Software that doesn’t consider the needs of either one of these types of users will be inefficient at best, and at worst, downright useless for managing the company for success.

Ideally, effective ERM software should offer a blend of features and processes that suit the needs of both risk managers and executives. Below is a quick breakdown of the needs of each of these respective groups.

Risk Managers

When it comes to software, the needs of risk managers ultimately revolve around gathering information efficiently. They will be getting into the nuts and bolts of the software, so usability will be a top concern.

With an ever-mounting number and complexity of risks facing organizations today, risk professionals must be able to gather information without constantly barraging executives and management to ask for their valuable time. While manually cataloging and analyzing risks in a tool like Microsoft Excel can be time-consuming, a poorly designed risk management software tool can make this process even more inefficient.

Therefore, the central focus for risk managers when it comes to software is the ease by which they can gather the information executives need, input it into the system, analyze the results, and report out valuable insights for resource allocation and decision-making. Getting there though will require a little trial and error to develop a process that works for your company. The company should consider different software only after these processes have been ironed out; otherwise, you are letting the software drive the company instead of the process driving the software selection.


As opposed to risk managers and analysts, executives typically will not be interested in the details about the risk process or the particular features of the software. Their main interest is “big picture,” meaning how risks will impact the achievement of objectives. In this article on making a risk register an essential tool for a CEO, Danny Wong of GOAT Risk Solutions explains:

Senior executives prefer more concise narrative summary of the latest developments on the risk, actions and metrics, especially when reviewing across 10(ish) risk areas.

Many organizations struggle to deliver actionable risk information to their executives whether it’s through software or “manual” tools like Microsoft Excel. According to the annual State of Risk Oversight report from NC State University, over 40% of executive respondents claim they are “not at all” or “minimally” satisfied with the quality of reports they receive.

In the context of software, any reports will need to provide an easy way to visualize the relationship between risks and how they will impact objectives so they can prioritize resources.

Whether it’s root cause analysis, heat maps (which I personally prefer not to use), or modeling results, the primary focus of visual aids should be on whatever the executive needs to make decisions.

A software program must ensure executives receive timely, relevant information for decision-making, and at the same time, it must also be easy for risk managers and other personnel to gather, analyze, and report risk information.

Does your risk management software tool adequately account for the needs of both risk managers and executives?

The distinct needs of different users of risk management software is a topic that doesn’t seem to receive the attention it deserves, so please feel free to share your thoughts by leaving a comment below or joining the conversation on LinkedIn.

And if your company is trying to determine its software needs and don’t know where to begin, please don’t hesitate to drop me a line today!

Sign Up For Our Newsletter

Sign Up For Our Newsletter


Meet Carol

Helping companies achieve their vision and strategy, and succeeding in today's turbulent world, is something I'm honored to be a part of. Whether you're an occasional blog visitor or a long-term client, thank you for letting us be a part of your journey.

Most Recent Posts

The 12 Days of ERM Christmas

Without a doubt, one of my family’s favorite holidays is Christmas. Part of the fun, especially for our son, is seeing what “Santa” brought, but most importantly, we treasure the spirit of peace and goodwill the season brings. And after what seemed to be a never-ending warm spell, the weather is expected to be good…

Read More

Don’t Let Goals and Initiatives Be Blindsided by External Events

As the end of the year draws near, I think we’d all agree that while it wasn’t without its challenges, this year also wasn’t quite as turbulent as the previous two. While a lot of people are juggling company parties, shopping for friends and family, and special activities for the kids, most companies are putting…

Read More

Going the Distance: Ensuring Successful Execution of Strategic and Annual Initiatives

Strategic planning is a challenge – of all people, I understand… After all the meetings, risk and data analysis, and brainstorming of the preceding months, it’s tempting to think this is the end of the road and you can relax. Contrary to this common perception though, this is exactly not the time to relax, but…

Read More

Avoid Rookie Mistakes and Protect your Internal Reputation

Be honest – have you ever done something that you soon realized was a real rookie mistake? Me raising my hand… Considering the nature of ERM’s role to ask questions and challenge assumptions (often during conversations with executives), it can be argued that, in at least some cases, the expectations bar for risk professionals is…

Read More

ERM at Thanksgiving – An Illustration of Risk Management in Action

On occasion, I like to take some of the concepts we risk professionals think about in our jobs and apply them to different personal situations…take some of the same concepts we use when working with executives to develop corporate strategy and manage risks or uncertainty around that strategy. It’s Thanksgiving week in the U.S. –…

Read More

Why Quantitative Risk Assessment is Not Just the Best But the Only Option – A Conversation

Periodically, I have the pleasure of speaking one-on-one with Hans Læssøe on a variety of topics around ERM, strategic risk, and other issues and trends. As you know from my previous conversations (here, here) and posts featuring his work, Hans was formerly a practitioner at the iconic LEGO Company, but even more notably, is a…

Read More

The Three Lines Model – 3 Reasons Why I Don’t Like It

Everyone likes a clear-cut template that offers an easy way to create or manage something…I mean what’s not to like about a step-by-step process for accomplishing what you want? Sometimes this can work without any issues, such as the case with the Project Management Book of Knowledge (PMBOK), ISO 9001 standard, or a new cooking…

Read More

5 Avenues for Expanding your ERM Knowledge

One thing I was taught to appreciate from a young age was the value of education and knowledge. It didn’t necessarily matter what the subject was, just that I always maintain a learning or growth mindset regardless of my current status in life. This mindset has served me well over the years, and it’s a…

Read More

Storytelling and Risk Management – Developing Skills that Technology Cannot Replace

It’s amazing how technology has developed and changed our working world over time. Imagine trying to run my risk and strategy consulting firm without tools like Zoom, Box, Slack, and other ERM-specific technology tools. There is no way we would be able to serve our clients the way that we do. Just consider how the…

Read More

3 Phases to Creating and Launching an ERM Program Focused on Organizational Success

If you’ve been handed the task of creating an ERM program for your organization, let me first offer my congratulations quickly followed by my empathy for the task ahead of you. I don’t say that to scare you but to provide a small dose of reality. Building, launching, and refining an ERM program that is…

Read More