.png)
In our previous articles, we reviewed the data and process elements required for superior ERM performance. As we mentioned, the key to success resides not in the features of the systems used or the competence and sincerity of the participants involved. Rather it comes the superior integration of the two and can be achieved only when organizations ensure that all of their ERM processes are designed to be Measurable, Accountable, and Distributed (MAD).
If MAD are the three design principles to build a robust and strategic ERM process within your organization, what are the implications? And more specifically, what are the actual platform or system requirements that you should evaluate (or may need to reprioritize) when considering a new system or determining how to improve your current one? And how do these requirements support the underlying processes you need to create?
Our observations here are necessarily speculative, and may of course depend on your individual circumstance, corporate culture, and business strategy. But the following considerations should always be major decision factors as you think about upgrading your system and process capabilities, both now and as the future landscape continues to evolve.
Here is a quick list of features and an initial assessment of their changing importance in light of our discussion.
Clearly any system has to identify, assess, and mitigate risk even to be considered. But increasingly, collaboration features and the user interface should be very high on your consideration list. As you distribute tasks and accountability across the organization and empower risk owners and participants, they need to give and receive feedback seamlessly, thereby refine their outputs to drive high quality and customized reporting. Tailored data permission and access is highly desired, but as a general rule data should be as freely accessible as possible to all participants. Cloud access is also important for ongoing data security, upgrades, backup, etc. As with any system, ongoing support and upgrades are essential.
Although many platforms emphasize their extensive libraries of APIs and ability to integrate your multiple internal or home-grown systems, you may want to consider very carefully whether the benefit justifies the effort. If the best process is rooted in collaboration of distributed risk owners with highly specific and individualized KRIs, the need to automate the process becomes less compelling. Better to let the expertise and judgement reside with the Risk Owners and have them make the judgement calls and adjustments. Regulatory Compliance is acritical capability that organizations (particularly in regulated industries)require, but more likely falls into the realm of GRCs, not Strategic ERM. Don’t overwhelm your Board and Senior Management team with unnecessary detail that will distract them from focusing on the few critical issues that can threaten the enterprise. Compliance can become an existential issue, of course, but not every reporting period (we hope!).
Finally, some potential features and considerations may need additional time to evolve. As ERM becomes more sophisticated and nuanced in its approach, Scenario Analysis, Monte Carlo simulations, and What-if assessments will become a more important evaluation factor. For now, however, this is not a realistic consideration for all but the largest and most sophisticated companies. But this will likely change when ERM when there is tighter linkage between ERM platforms and processes. A similar theme is currently unfolding with the incorporation of new technologies in the ERM platform space. Many vendors tout their emerging AI capabilities for monitoring and analysis. This may prove to be a significant disruptor of existing business practices and processes, but only time will tell. Blockchain seemed to experience a similar level of enthusiasm previously, but its impact has been minimal in the ERM space. AI may prove to be different, but it’s unclear for now. And most companies have neither the data nor the processes to leverage the technology immediately. Best to stay seated for now, and invest your efforts in building core competencies rather than chasing new technologies.
Don’t settle for the status quo and continue with business as usual. Get MAD!
Book a Free, 45-min. ERM Strategy Session Now!
If you’re a CRO, CEO, CFO or COO, please fill out the form below with your name, title*, email, Company name, and phone number. We'll give you a call some time between 8:30AM - 5 PM ET, Monday thru Friday to schedule the session.
*Appointments limited to Senior Managers with Risk Management Responsibility only.
%20(600%20%C3%97%20350%20px)%20(1).png)
.png)
%20(350%20%C3%97%20400%20px)%20(1000%20%C3%97%20800%20px)%20(2).png)