The Why, What, and How of ERM Software: An Essential Buyer’s Guide


Before learning the different types of ERM software and what organizations need to consider when comparing different options, it’s vitally important to understand why software can benefit an organization.

When an organization embarks on the ERM journey, they often have big plans for how their program will look and what they want to get out of it. Risk managers quickly discover the limitations (and frustrations) of manually cataloging and analyzing risks. For example, managing trends and changes using Excel can get very cumbersome when evaluating the relationship between risks and their impact on the company.

Although Douglas Hubbard is referring to a program’s governance structure and not software directly, the following quote from his book The Failure of Risk Management illustrates this point well:

The organization may have a strong desire to identify risk(s), understand their impact, and integrate this information into decision-making. There may even be extensive documentation on how the company wants to do this, but without some sort of ERM software system, it will just be a nice façade over a disjointed process that ends up being more trouble than it is worth.

Good ERM software systems should provide a variety of tools that helps companies have more than a nice façade. The following general features or functionality play an important role in generating actionable reports that help the company fully understand the impact of risks and thus make better informed decisions.

Visualization tool – this isn’t about making a better heat map, but providing visual representation of risks, whether within ERM software or through another tool that helps executives and business unit managers better grasp risk management’s perspective or the outcome of a conversation. After all, most people lean towards visuals, not words.

It’s likely that risk-focused software is not the only tool you will use; circumstances such as the characteristics of the risk, audience preferences, and speed at which a decision must be made will also dictate that type of visual that is needed.

When developing visuals though, one key thing to remember is they must link back to strategy or whatever foundational issue you are trying to address.

Dashboards – although a dashboard is a “visualization” tool of sorts, it deserves its own section since it is not a visual representation of a risk (…like a map or flowchart), but rather a way for risk managers, executives, and others to quickly view key information about a collection of information (including risk). This information can include current status, [inter]dependencies, impacts, risk owner, key risk indicators and more.

A robust risk dashboard is helpful for keeping executives and business unit(s) organized and facilitates the proactive management of risks, which is a key difference between traditional risk management and ERM.

While it is possible to create a dashboard manually in Excel or a similar program, it can be time-consuming and only provides a static view of the risk.

Analysis and Quantification – more common with performance-based systems, these tools help the company better understand and analyze data in different ways, link risks to other risks, risks to objectives, performance and other metrics to risk, metrics to objectives, mitigations to risks, and more.

Robust ERM software systems also help companies better utilize key risk indicators (KRIs) and trending data, which as we’ve explored before, are advanced tools for getting in front of risks. Utilizing tools like this are difficult if not impossible without software specially designed for performance-focused ERM.

These features (…and others) undoubtedly can benefit companies by saving time on data collection and analysis, risk reporting, and creating dashboards and other visuals, but most importantly, to see how risks are impacting objectives.

Danny Wong of GOAT Software explains that a software system needs to ideally be:

…designed for senior leaders and other non-risk experts to better manage their business, priorities, projects, and risks.

Now that we have covered why ERM software is important and how it can be valuable to your company, it’s time to explore the different types of systems out there. As you will see, there is a lot of variety when it comes to how the software works and its primary uses, among other differences.

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

Receive Our Weekly Blog Updates

Meet Carol Williams, SDS Founder & Lead Strategist

To our readers:

This blog was launched to provide strategy and risk practitioners with a go-to resource to better guide their efforts within their companies. Thank you for bringing me and my team along to be part of your journey towards better risk management, strategic planning and execution, and overall decision-making. Happy reading!

Find more SDS Insights