Purchasing a risk management administration system can be a lengthy and arduous task.
This paper will discuss 10 key factors to consider when undertaking the purchase of a risk
management system.
1. System Functionality
Risk management software is designed to be the first line of defense against potential threats
and their impacts on an organization. A dynamic, state of the art, risk management system
should have the ability to address the key tenets of a company's risk management process.
Risk management software should include these functional capabilities:
Portal and Enterprise Deployment: the system should be easy to deploy across the
enterprise with security and roles to support this. Landing pages with portal style
interactions allow non-risk management professionals to easily use the system with
minimal training.
Digital Intake: adoption of the system will be driven by a good intake tool covering all the
notifications, requests, audits and assessments. This should allow interview-style guided
flows in end user-language, with embedded tips and guides, And it should be fully reflexive
so only relevant questions are presented.
Workflows, Approvals, and Alerts: with the wide range of activities and processes, the
system should support creation of workflows to match your organizations requirements
with ability for end-user re-assignment or delegation, approvals (multiple level) and
reminders for all due or over-due tasks.
Dashboards and Monitoring: the system needs a range of query and analytic dashboards
to allow the user to easily visualize progress and identify deviations from targets.
Training and Change Management: access to standard or more essential tailored training
to help the users change from their previous systems and processes is paramount.
Internationalization: finally, if your organization is operating internationally, then the
system needs to support language and localization needs.
Not all organizations require the same requirements. However, the system you choose needs
to be flexible and nimble enough to adjust to your organization's needs. At the very least, the
risk manager needs to undertake a risk assessment of the acquisition of the proposed RMIS –
what capabilities are needed and what are "a nice to have".
MAKING SENSE OF RMIS | 3
