What do you need from a Risk Management System?

As you may have seen, I’m joining the product advisory board of RiskSmart, a Risk Management software organisation. In my book, I wrote about some of the attributes a CRO needs to consider when acquiring risk management software. I’ve listed an expanded set of requirements below. Question to my network – does this fit with your view of what risk management software should do? Is there anything missing? Where are current solutions falling down?

Functional requirements

–  Linkage to organisational goals and strategies;

– Standardised risk definitions and templates (end users should really try not to customise these – one of the benefits of these systems is the ability to compare yourself to others);

–  Allows for qualitative and quantitative descriptions of risk appetite (not just financial; should include PR / reputation damage, business disruption etc.);

–  Easy to capture templates for risk event details, including root cause analysis;

–  Ability to map to organisation design; to look at risks at varying levels of detail and  disaggregate risks per department, area, region, etc.;

– Library of standardised controls, including frameworks such as ISO and NIST;

–  Ability to capture and integrate business metrics and map to risk metrics (e.g. capturing number of business complaints and mapping to the conduct risk measure);

– Assurance plans and templates;

– External-facing analysis; horizon scanning, losses incurred in other organisations, cross-sectoral risks etc.;

–  Providing predictive analytics to anticipate where risks may occur;

–  Providing access to peer group information and benchmarking;

–  Intuitive reporting features, that express risk in terms business users will recognise and understand.

Non-functional requirements

–  Intuitive user interface (easy for business teams to complete without lots of training);

–  Cloud-based; so it can be easily updated and is accessible everywhere;

–  Device-agnostic; usable on desktops, mobiles etc.;

–  Meets all current security and privacy requirements;

–  Regularly updated to take account of changing regulation.

What else do you look for, and how well is your current software shaping up?

Share

Leave a Reply

Your email address will not be published. Required fields are marked *

Your Bag
Shop cart Your Bag is Empty