A number of software companies push their software solution as an ultimate answer to an organization’s ERM needs.  Unfortunately, a number of risk management leaders think software is the answer to their ERM launch, only to later discover the software is more of a hinderance than a tool.  A recent thought paper by Allen Cuttle, “ERM Framework or ERM Software?  Avoid this Common Enterprise Risk Management Misstep”, explains that ERM software should be utilized as a key tool to maximize a company’s already existing ERM process.  The thought paper explains how to ensure that an organization purchases the best software to maximize its ERM efforts and identifies key dangers to implementing an ERM software solution before establishing an ERM framework. 

Aligning the ERM Software Solution to your ERM Framework

In order to avoid purchasing the wrong software solution for ERM is to establish an ERM process before the purchase and then tailor the software to the ERM framework. The thought paper suggests that an organization’s ERM process should be executed  manually for at least a year before a software program is purchased and implemented.  In order to establish an effective ERM process, the organization should focus on the following steps:

  • Establishing organizational structure and strategy
  • Identifying and defining risks to the strategy
  • Identifying key risk indicators
  • Establishing a risk assessment scoring system (i.e. heat-maps)
  • Developing ERM reporting procedures.  

Executing ERM processes  manually for at least a year allows time for the ERM leadership to identify weaknesses in the process and make changes accordingly.  Once the process is running effectively, then it may be time to start shopping for the best software solution that fits the organization’s ERM efforts. When looking for a software solution, consider the following:

  • Conduct an in-depth analysis of various solutions on the market
  • Purchase a product that can grow along with your organization
  • Purchase a product that you can tailor to your process
  • Engage everyone involved in the ERM process into the purchasing and tailoring phase to ensure that everyone is on board with the product choice
  • Ensure that the product is user friendly at all levels of the organization


Risks of Not Establishing an ERM Process First

Choosing a software solution before establishing an ERM process is one of the most common mistakes.  Doing so can lead to can lead to any or all of following dangers:

  • Failing to maximize your investment in the software solution.
  • Spending more time and energy to achieve your ERM goals than necessary.
  • Causing stress and frustration to the project owner, which will lead to unnecessary pressure within the organization. 
  • Replacing the software in the future because the software can only be configured so much.


Purchasing an ERM software program is a smart and effective way to maximize an already effective ERM effort.  But while purchasing a software solution, ensure that the software is only as good as the framework and is not the end all be all to the process.  Establishing an effective ERM process and then tailoring a software program to that process will save time, energy and money in the long run, and will maximize your ERM process and your software investment.

Link: FIS Enterprise Governance, Risk and Compliance (EGRC) Solutions

Subscribe to ERM Insights

The latest research, insights and opportunities from the NC State ERM Initiative to help
you and your organization lead with confidence.

ERM Enterprise Risk Management Initiative 2012-03-01