The Risk and Insurance Management Society (RIMS) has released two executive reports, “Why a Mature ERM Effort is Worth the Investment” and “Testing Value Creation through ERM Maturity.” Together, these reports look at recent findings that detail the benefits of investing in enterprise risk management.
Despite evidence that mature ERM programs add significant value, many organizations remain hesitant when it comes to adopting a software and streamlining their ERM processes.
Below, we have outlined the five most common reasons these companies may be wary of implementing ERM software. We have provided a response to each concern, working to illustrate the true value of investing in an improved enterprise risk management program.
1. “There’s no return on investment when purchasing ERM software.”
The RIMS report ‘Why a Mature ERM Effort is Worth the Investment,’ cites an independent study conducted by Queen’s University Management School and University of Edinburgh Business School in an effort to answer the question many executives ask – “is improving our ERM program worth the investment?”
The answer? Yes. Or as they wrote, there is “a highly significant premium of 25% for firms that had been classified as having ‘mature ERM’ according to the RIMS Risk Maturity Model.” This fact – that an organization’s value can increase 25% through improving its ERM program – is one that should catch the attention of executives, board members, and risk professionals alike.
2. “We already have an ERM program.”
This is another very common objection, and one that seems to hold value at first glance. If the organization’s risk management program has spent years storing data in Microsoft Excel and conducting risk assessments in Word, what’s the issue?
An ERM program consisting of spreadsheets and PDFs is not dynamic. For example, the relationship between a certain risk and the board’s strategic goals is difficult to document in Excel, and essentially impossible to monitor as the organization evolves. Relationships exist between risks, controls, metrics, and resources, and it takes a robust ERM software to manage these links and provide insight to risk managers.
As Farrell and Gallagher’s findings indicate, it isn’t just organizations with very young or undeveloped enterprise risk management programs that stand to benefit. All organizations, even those with already Repeatable and Managed programs, see increased firm value as ERM maturity progresses. Rather than settling, a company with a robust and established ERM program has significant reason to pursue the Leadership level of ERM maturity by adopting a software to support their processes.
3. “It would add work to our day-to-day operations, plus we don’t have resources to adopt a new system.”
This is a concern typically voiced by risk managers or CROs. By nature, risk management is a very demanding and time consuming field; many risk professionals think an ERM software would take up the free time they already don’t have.
In truth, ERM software provides a centralized platform for all the activities you’re already doing. It can act as the centralized hub for your entire enterprise risk program. The risk assessments you send out, the mitigation activities you carry out and document, and the reports you’re working to create are all housed in a single platform. ERM software isn’t simply a database where you document processes and store your data; it serves as a vehicle for you to make these processes more efficient and gain insight into the data you’ve been collecting.
4. “Exposing risk forces us to spend time and money on things we don’t have to worry about today.”
This concern – that companies shouldn’t uncover risk that they’re better off not knowing about – is clearly outdated. But it likely still exists in the minds of executives and risk professionals worldwide. There is the idea that “ignorance is bliss” and “what we don’t know can’t hurt us.”
These sayings have no place in risk management, and regulatory agencies would agree. Major regulatory bodies such as the SEC and FINRA have adopted a new approach coming out of the recent recession. Claiming ignorance – or not knowing about a risk – is now equally punishable (and as heavily penalized) as negligence. The investment in ERM software can even mitigate penalties that may result from a negative examination, as evidenced by the regulatory penalties paid by companies over the last several years.
5. “ERM software is a want, not a need.”
The notion that ERM software is more of a luxury than a necessity seems to encompass the previous four reasons. Board members may have the misconception that investing in enterprise risk management doesn’t help a company financially. Executives often believe it would add work, and isn’t absolutely necessary to their program. And CROs may recognize the range of software solutions already utilized by the company, asking “Why add one more?”
As we have outlined, enterprise risk management software serves the exact opposite purpose. It reduces wasted resources by consolidating things like risk management, compliance, and audit onto a single platform. ERM streamlines existing activities and data by adopting a universal, risk based methodology. Finally, ERM software is no longer a luxury item. Heavy fines for negligence continue being handed down to organizations with outdated processes.