GRC Tuesdays: What’s in a Risk Management Information System?
I have been working in the Governance, Risk Management, and Compliance software arena for over 15 years now, and, even though some consider it a mature market, I would argue that we are still only at the beginning.
Yes, it’s true, many companies have adopted functionalities to help them automate parts of the process, but in most cases integrated controls and risks solutions are still in early adoption phases and many still run them in silos… Unfortunately, may I add!
To me, this is mostly due to 2 simple factors:
- There is still not a great deal of collaboration between the different departments that are stakeholders in process (EH&S has its own solution, Compliance as well, so does Audit, etc.)
- Companies don’t really know what they could expect from such tools and how it could support their processes. They select tools for their immediate need but then don’t explore other business cases
To discover more about the potential features and functionalities available, companies usually go via 3 means: subscribing to IT analyst researches, contacting individual software providers, or discussing this with peers from professional organizations.
In today’s blog, I’d like to talk about this 3rd option and introduce you to the Risk Management Information Systems (RMIS) Panorama that is created and made publicly available – free of charge and of registration – to all interested readers by the French Association for Corporate Risks and Insurance Management (AMRAE).
This yearly Panorama is now in its 11th edition and is published both in French and English.
As you may have read in one of my previous blogs (GRC Tuesdays: The SAP Conference on Internal Controls, Compliance and Risk Management is coming to Copenhagen), François Beaume from AMRAE will deliver the keynote at this event in March and will share his latest insights into current and future trends of Risk Management, Audit, Internal Control and Insurance information systems.
Some of the content he’ll be leveraging will actually come from the RMIS Panorama mentioned above.
Nevertheless, in case you won’t be able to make it, I thought I would summarize some of the aspects of this publication.
What is the RMIS Panorama?
It’s an analysis on market trends from AMRAE, updated yearly in partnership with EY.
What I find interesting about this survey is that it is based on responses from 2 populations: software vendors (and yes, SAP does respond to the questionnaire), but also Risk Managers themselves. What’s more, this Panorama “does not make any value judgments on vendors and their solutions, nor does it recommend their purchase. It is intended simply to provide a framework to present the tools and the main functionalities available on the market”. As a result, it’s an objective list of functionalities that Risk Managers but also Auditors, Control and Compliance departments, etc. use daily.
The 2019 edition benefited from the collaboration with AGRAQ (Quebec Risk and Insurance Management Association), Club FrancoRisk (Francophonic Risk Management Club), IRM Qatar (Institute of Risk Management in Qatar), FERMA (Federation of European Risk Management Associations), PARIMA (Pan-Asia Risk and Insurance Management Association) and RIMS (Risk Management Society) so as to now include responses from 570 Risk Managers from over 36 countries.
What are the main findings?
In addition to the individual responses, the report highlights interesting market trends and observations:
* Adoption: just over 1 out of 2 Risk Managers have already used a software (54%) and out of these, 68% are from large organizations. Clearly, there is still some way to go until market maturity!
* Satisfaction: 71% of Risk Managers reports being satisfied by using a solution. Even if I feel this is encouraging, it also indicates that nearly a third don’t seem to be reaping the benefits that they expected. From my experience and the feedback I hear from customers, this is often due to siloed approach where information is segregated between departments and the “one view of risk” for both reporting but also for mitigation is not available. Despite having technological tools in place that would enable this…
* Benefits: the study also highlights the top 10 benefits perceived in 2019 are (vs ranking in 2018):
- Spend less time consolidating data, more time analyzing it (1)
- Facilitate sharing of information (2)
- Harmonize practices and reporting (4)
- Facilitate cross departments analysis and avoid silos (3)
- Optimize the sharing of risk management best practices (6)
- Visualize real-time data (5)
- Data reliability (7)
- Secure sensitive information (8)
- Be compliant with law/regulations (10)
- Optimize transfer to insurance (9)
* Top 5 modules that are requested when selecting a software solution for risk management are:
- Risk mapping
- Incidents management
- Risk management on prevention
- Action plan
Where to find out more?
In case you would like to learn more about this, I would of course suggest that you join us at the SAP Conference on Internal Controls, Compliance and Risk Management on March 3rd to 4th in Copenhagen and hear fist hand from François Beaume who leads this study.
In addition, to download the complete study, simply go to the following pages:
I hope you find this Panorama as useful as I do. I look forward to reading your thoughts and comments either on this blog or on Twitter @TFrenehard