The Why, What, and How of ERM Software: An Essential Buyer’s Guide


I’m pretty confident when I say that finding the right software for your organization’s needs is one the hardest parts of ERM. Processes like risk identification, risk analysis, or assigning the right risk owner is rife with challenges too…

The difference though is these processes can be refined over time. If a certain approach for identifying risk doesn’t work with your “pilot” group, you can easily go back, refine, and try again. But with software, if you do not take the time to be methodical in your decision, you could possibly waste (tens, if not hundreds of) thousands of dollars.

Each of the preceding sections provided the foundation to help you understand the types of ERM software systems out there (what) and why it is needed to ensure risk management delivers additional value to the organization and isn’t just checking a box.

There are several considerations and questions you must work through before you even begin researching software systems or soliciting RFIs or RFPs, with the most important one being:

Step 1: Your practices and organizational culture should drive what software you choose.

To put it a little differently, software should not be a company’s first priority when it comes to ERM. Again, part of Soumya Chakraverty’s comment to an article on LinkedIn is instructive when it says:

Putting technology in front of strategy and roadmap is like putting the cart before the horse.

Being too hasty in procuring and implementing ERM software can lead to a host of consequences. For example, if the software and ERM in general is just an additional process executives and managers must add to their already busy to-do list, they will quickly abandon it.

Therefore, if you are just beginning to establish ERM and integrate risk into decision-making at your organization, hold off on investing in any ERM software until you have at least a rough idea of what your practices will be. At this point in the journey, spreadsheets and other basic analysis tools are sufficient.

When you think your processes and culture are in a good place for ERM software to support the ongoing maturity of them, it is time to move on to:

Step 2: Gain executive buy-in and approval.

One point I repeat often is that there must be someone at the executive-level who champions and promotes ERM to fellow executives and the company at large. Without leadership promoting a healthy risk culture and stressing the importance of integrating risk into decision-making at all levels, ERM will never advance beyond a documentation exercise.

ERM software is no different…

Executives must clearly understand why your company needs software and be fully behind it before you even begin looking at options.

One question they will most certainly ask is how much does a software system cost – the answer is it depends. But you need to be able to clearly articulate the why and the benefits to the executives. Concurrently, you must also:

Step 3: Determine what ERM software means to your organization

As I mentioned before, when you search for ‘ERM software’ on Google, you will get back a dizzying array of results. In the previous section, we discussed how software can be categorized by its focus. Is it built more for compliance or more for enhancing performance?

Clearly defining your use and intent for the software is another vital step in making sure you are not overwhelmed or end up with a system that doesn’t meet your needs.

Is your organization’s need for ERM software being driven more by compliance and documentation for audit purposes, or is driven by enhancing performance through informed risk-taking?

In his book World Class Risk Management, Norman Marks explains that…

…many organizations rely on the assessments by software analysts (such as Forrester Research and Gartner) that judge solutions based on all the functionality the analysts deem vital, rather than the functionality critical to their own needs.

Only once you determine what ERM software means to your organization can you begin to understand costs and set a budget (possibly a range).

If you are only looking for a reporting tool, then you may not even need to invest in a separate software system at all; spreadsheets and PowerPoints can help you generate nice-looking graphs and tables.

But if risk management in your organization is focused more on helping the company make better informed decisions in pursuit of strategic objectives, a software system is going to carry a bigger price tag. However, if done right, the benefit and value of integrating such a system will far outweigh the monetary cost.

Even once you determine what you want out of the software, there are other questions you will need to address, such as:

  • Will your analysis be more qualitative or quantitative?
  • Do you anticipate using modeling and Monte Carlo simulations to guide decisions, or do you plan on using 1-5 scales for probability, impact, and other parameters?
  • Who will be using the software? Will it just be the risk team or will executives and business units use it regularly (actually log into the system) too?

Understanding what ERM software means to your organization, what you want out of it, and who will use it will provide the clarity you need on which vendors to approach and what questions to ask.

And speaking approaching vendors, make sure you…

Ask about the vendors’ future plans for their software and listen carefully to how they discuss it.

At no time has the pace of change been as fast as it is today. The years ahead will only see this pace continue to accelerate.

Technological change dubbed the Fourth Industrial Revolution is poised to impact just about every nook and cranny of our lives, and risk management is no different. Processes and tools we are using today will increasingly be automated through AI, machine learning, and other advancements.

To remain relevant, organizations’ risk management practices will need to adapt, which includes software. Besides, it’s always a good idea to keep improving ERM practices and process anyway.

So when you reach the point that you are evaluating different ERM software vendors, be sure to ask about future plans for their software. Are they always seeking out ways to improve the user experience and the capabilities of the software?

And when you are speaking with a vendor, you should also listen carefully to their approach to the conversation. Do they always seem to be discussing their features or are they more right-side up and focus on how the software will benefit your company? This subtle difference can mean the world in terms of ensuring you end up with the right ERM software for your needs, not to mention give you good clues on the level of ongoing support the company will provide.

In conclusion…

Even the most novice risk professionals quickly see the complexity of ERM software…

Organizations that rush to make a decision and allow the software to drive their processes instead of the other way around often realize they do not have the right tool to meet their needs, which of course can be extremely costly and set ERM back, sometimes permanently.

While it may seem like a demanding task, taking time to understand the different types of ERM software and how your company wants to use technology tools to understand risk and their impact on strategic objectives will pay off tremendously in the long run.

ERM software can either be an albatross or a helpful partner in the ensuring compliance and/or future success of your company.

How does your organization use ERM software to understand risk(s)?

What challenges have you encountered in researching tools for helping your company manage risks and improve decision-making?

ERM software is an important yet vague topic that many struggle to understand. To share your perspective or to ask about any points not mentioned in this article, please don’t hesitate to leave a comment below or join the conversation on LinkedIn.

And if now is the right time to begin looking for an ERM software system but you are not sure how a specific one will fit into your company’s bigger picture, reach out to me today for assistance in finding the right answer for your company.

Featured image courtesy of via Pexels.

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

Receive Our Weekly Blog Updates

Meet Carol Williams, SDS Founder & Lead Strategist

To our readers:

This blog was launched to provide strategy and risk practitioners with a go-to resource to better guide their efforts within their companies. Thank you for bringing me and my team along to be part of your journey towards better risk management, strategic planning and execution, and overall decision-making. Happy reading!

Find more SDS Insights