Enterprise Risk Mngement Softwre Buyer s Guide 1. Wht is Enterprise Risk Mngement? 2. Gols of n ERM Progrm 3. Why Implement ERM 4. Steps to Implementing Successful ERM Progrm 5. Key Performnce Indictors nd Key Risk Indictors 6. Questions to sk ERM Softwre Vendors 7. Key Feture Comprison Checklist
Enterprise Risk Mngement Softwre Buyer s Guide Wht is Enterprise Risk Mngement? Enterprise risk mngement (ERM) is frmework you cn use to combt threts. ERM provides frmework tht includes the methods nd processes used by orgniztions to mnge risks nd cpitlize on opportunities relted to their orgniztionl objectives. This frmework includes identifying risks relevnt to the orgniztion nd ssessing those risks in terms of likelihood nd mgnitude of impct, determining response strtegy, nd monitoring progress. By identifying nd proctively ddressing these risks orgniztions protect nd crete vlue for stkeholders. Gols of n ERM Progrm Most orgniztions lredy mnge risks nd hve vriety of existing deprtments or functions tht identify nd mnge prticulr risks. However, ech deprtment or function vries in its bility nd cpcity to coordinte with other risk functions. A centrl gol nd chllenge of ERM is to improve ech deprtment s bility to mnge risk nd coordinte with other deprtments to provide unified enterprise level picture of risk for stkeholders. This llows institutions to improve their bility to mnge risks effectively in holistic nd strtegic wy. Why Implement ERM? For business owners, mnging risk must be top priority. Business risks re especilly high now becuse of the uncertin economy; technologicl threts, such s hckers breching your systems to stel customer dt; nd chnging regultory environment. In recent yers, externl fctors hve creted more interest by orgniztions in ERM. Industry nd government regultory bodies, investors, customers, nd other key stkeholders re beginning to exmine mny compnies risk-mngement policies nd procedures. An effective ERM progrm cn help you: Align risk mngement with business strtegy nd plnning Improve mngement nd response to risks cross the enterprise Deepen understnding of risks ffecting orgniztionl opertions nd resources Protect your orgniztionl reputtion nd imge Reduce operting losses nd surprises Enhnce regultory complince Improve cpitl deployment nd resource lloction Eliminte redundnt nd unnecessry ctivities Steps to Implementing Successful Enterprise Risk Mngement Progrm 1. ERM Policy Implement policy tht fits your orgniztion to ensure corporte buy-in. 2. Risk Appetite Sttement Define the mount of risk your orgniztion is willing to tke nd how this lines up with your strtegic objectives. Formlizing this sttement ensures risk behvior throughout the orgniztion is reflected ccurtely nd consistently to ll stkeholders. 3. Key Performnce Indictors - Define set of gols nd tolernces to ssist in ssessing current performnce. 4. Key Risk Indictors - Define wht nd how you will monitor emerging risks tht could impct your business ctivities. 5. Risk Assessment Determine the level of risk for ech business process for your orgniztion. 6. Controls Assessment Document how your orgniztion mitigtes tht potentil for risk. 7. Mitigtion Cpture, define, nd trck your plns to resolve ny necessry corrective ctions. 8. Ongoing Progrm Mngement - Continully improve nd updte your risk profile s your business chnges nd grows.
Enterprise Risk Mngement Softwre Buyer s Guide Key Performnce Indictors nd Key Risk Indictors Key performnce indictors (KPI) nd key risk indictors (KRI) re two criticl ingredients of sound orgniztionl risk mngement. KPIs nd KRIs my be different for every orgniztion nd industry depending upon strtegic orgniztionl gols. A KPI is quntittive metric representing one or more gols or objectives. KPIs llow n orgniztion to monitor its progress in chieving its gols nd objectives. KPIs my include (but not limited to): - Mrket shre growth - Customer/Membership growth - Net interest mrgin/rte - Net worth growth - Return on verge Assets A KRI is quntittive metric tht monitors n orgniztions risk profile nd relevnt emerging risks. KRIs help n orgniztion to better understnd the impct of risk nd likelihood of getting to its overll objective. KRIs cn include (but not limited to): - Chnge in Interest Rte - Customer retention rtes - Mrket Shre - Mrket Size - Profitbility Criticl Questions to sk Enterprise Risk Mngement Softwre Vendors Wht percentge of customers renew your softwre/service? This is n indictor of how hppy vendor s customers re with the softwre solution nd the vlue users see in the softwre. Are there ny hidden fees or costs (e.g. Storge, support, trining, or other required softwre licenses like Orcle or Crystl)? These hidden costs cn significntly increse the price tg nd dding dditionl vendors dds complexity to the progrm. How does dt import/export from the softwre? Mke sure your dt is still usble nd ccessible to your orgniztion outside of the softwre solution. Wht is the formt of the reports tht re generted from the system? Ensure the reports you receive re comptible with other softwre tools you use nd the processes you hve in plce. Cn you provide n exmple ERM Executive Report for us to review? Is the dt of the report pplicble to your orgniztion? Does it comply with industry regultions or stndrds? Does your softwre come with ny pre-loded content? Why strt your risk ssessment from scrtch? Mny vendors chrge extr for this informtion or don t even offer it. How does your softwre integrte with your other softwre modules? Mny vendors clim their modules integrte, however they re often frgmented nd don t shre dt cross the pltform. Is the softwre flexible/customizble? Finding softwre tht will fit your orgniztion cn be difficult nd chnging the orgniztion to fit the softwre overwhelming Softwre tht provides the bility to customize cn significntly reduce the implementtion process.
Enterprise Risk Mngement Softwre Buyer s Guide Key Feture Comprison Checklist Use this comprison checklist to compre importnt feture sets from competing softwre solutions. Flexible pricing bsed on usge nd optionl services Optionl consulting nd mintennce service Free Existing Dt Conversion Free Dt Feed setup Unlimited Support Unlimited Trining Unlimited Users Complete Integrted Enterprise Risk Mngement Solution (Not Modulrized) Integrted Risk Assessment Included Integrted Controls Assessment Included Integrted Alerts/Notifictions Integrted Key Performnce Indictor (KPI) Trcking Integrted Key Risk Indictor (KRI) Trcking Wht-If Anlysis Pre-Loded Content Included Business Process Librry Controls Librry KPI nd KRI Librry Bseline Risk Assessment Customizble User Defined Fields Dshbords User Permissions Reports Integrtion with other Risk Mngement Business Continuity Vendor Mngement IT GRC Regultory Complince Internl Audit No Hidden Cost or Fees No need to purchse other softwre (e.g. Orcle, MS SQL, Crystl Reports, etc.) No dditionl Storge, Support, or Trining Fees Vendor B Vendor C
Enterprise Risk Mngement Softwre Buyer s Guide Quntivte GRC Suite About Quntivte Founded in 2005 nd hedqurtered in Woodinville, WA, Quntivte is leding provider of cloud-bsed Governnce, Risk nd Complince solution. Customers include locl, ntionl, nd interntionl orgniztions in diverse number of industries including: Community nd Commercil Bnking, Credit Unions, Mnufcturing, On-Line Retil, Energy & Utilities, Helthcre, nd Technology. Enterprise Risk Mngement Vendor Mngement Business Continuity IT GRC Internl Audit Regultory Complince Mnger Quntivte, LLC PO Box 1504 Woodinville, WA 98072 www.quntivte.com Sles@quntivte.com 1-800-969-4107