We’re asking the tough questions. What is the best ERM technology stack configuration for risk management? The answer, however, is that it depends. There are a few factors you will want to take into consideration when deciding how to configure your ERM technology stack. Let’s take a look at a few of those factors.
First, you will want to consider what kinds of risks you are trying to manage and quantify. Do you need to calculate financial risks? Operational risks? Compliance risks? Each of these types of risks will require different data inputs and calculations. As a result, the best ERM technology stack configuration for financial risk management may not be the best configuration for compliance risk management.
Second, you will want to consider what kinds of data you have and where it resides. Is your data housed in multiple disparate systems? Is it spreadsheets or other unstructured data sources? The more dispersed and unstructured your data is, the more difficult it will be to get a clear picture of your organization’s risk profile. In this case, you may need to invest in data quality and governance tools as part of your ERM technology stack configuration in order to ensure that the data going into your risk management calculations is clean and accurate.
Third, you will want to think about what kind of reporting and analytics capabilities you need from your ERM solution. Do you need real-time risk dashboards? Ad-hoc analysis capabilities? Pre-configured reports? The answer to this question will also help determine which configurable applications should be part of your ERM technology stack.
Now that we’ve taken a look at a few factors to consider when configuring your ERM technology stack, let’s take a look at a few example configurations.
Example 1: Risk Identification and Governance
One common way to configure an ERM technology stack is to focus on risk identification and governance capabilities. In this type of configuration, you would typically start with a repository or system of record for storing all enterprise risks (e.g., BRMS or RSA Archer). Then, you would add on applications for identifying new risks (e.g.,risk heat maps or social media monitoring), analyzing and prioritizing risks (e.g., Empowered Systems’ Connected Risk), and managing corrective action plans (eCAPs) for addressing high-priority risks (e.g., CA RAM). To round out this type of configuration, you might also include some type of workflow tool for coordinating actions across departments or business units (e.,g OCEAN).
Example 2: Financial Risk Analysis
Another way to configure your ERM technology stack is to focus on financial risk analysis capabilities. In this type of configuration, you might start with an enterprise resource planning (ERP) system like SAP or Oracle that has built-in risk management functionality. (You can also use Empowered’s Connected Risk Enterprise Risk Management module.) Alternatively, you could start with a stand-alone General Ledger (GL) system like Lawson or PeopleSoft Enterprise Financial Management (EFM). Then, add on an application like ALTEZZA for analyzing credit risk or LuminaDecisions for analyzing market risk. To round out this type of configuration, you might also include some type of fraud detection tool like SAS Fraud Framework or Oracle Advanced Analytics Option
No two organizations are alike—and neither are their ERM needs. Depending on the types of risks you are trying to manage and quantify, the state of your organization’s data, and the reporting and analytics requirements from senior management, the best way.