What’s In A Risk Management Information System?

Thomas Frénéhard

Part 5 in the “Controls and Risk Management series

I have been working in the governance, risk management, and compliance software arena for over 15 years now, and even though some consider it a mature market, I would argue that we are still at the beginning.

Yes, it’s true, many companies have adopted functionalities to help them automate parts of the process, but in most cases, integrated control and risk management solutions are still in early-adoption phases, and many still run them in silos … unfortunately, may I add!

To me, this is mostly due to two simple factors:

  1. There is still not a great deal of collaboration between the different departments that are stakeholders in these processes. (Environment, health, and safety has its own solution, compliance as well, so does audit, etc.)
  1. Companies don’t really know what they can expect from such tools and how the tools could support their processes. They select tools for their immediate need but don’t explore other business cases.

To discover more about the potential features and functionalities available, companies usually use three methods: subscribing to IT analyst research, contacting individual software providers, or talking with peers from professional organizations.

I’d like to talk about this third option and introduce the Risk Management Information Systems (RMIS) Panorama. The Panorama is created and made publicly available – free of charge and of registration – to all interested readers by the French Association for Corporate Risks and Insurance Management (AMRAE). Now in its 11th edition, it is published in French and English.

In a previous blog (GRC Tuesdays: The SAP Conference on Internal Controls, Compliance and Risk Management is coming to Copenhagen), I shared that François Beaume from AMRAE will deliver the keynote at this event in March. He will share his latest insights into current and future trends of risk management, audit, internal control, and insurance information systems. Some of the content he’ll discuss will actually come from the RMIS Panorama.

Let me summarize some of the aspects of this publication.

What is the RMIS Panorama?

It’s an analysis on market trends from AMRAE, updated yearly in partnership with EY.

What I find interesting about this survey is that it is based on responses from two populations: software vendors (and yes, SAP does respond to the questionnaire) and risk managers. What’s more, this Panorama “does not make any value judgments on vendors and their solutions, nor does it recommend their purchase. It is intended simply to provide a framework to present the tools and the main functionalities available on the market.” As a result, it’s an objective list of functionalities that risk managers, auditors, control and compliance departments, etc. use daily.

The 2019 edition benefits from collaborations with AGRAQ (Quebec Risk and Insurance Management Association), Club FrancoRisk (Francophonic Risk Management Club), IRM Qatar (Institute of Risk Management in Qatar), FERMA (Federation of European Risk Management Associations), PARIMA (Pan-Asia Risk and Insurance Management Association), and RIMS (Risk Management Society). It includes responses from 570 risk managers from over 36 countries.

What are the main findings?

In addition to the individual responses, the report highlights interesting market trends and observations:

  • Adoption: Just over half of risk managers have already used software (54%), and 68% of them are from large organizations. Clearly, there is still some way to go until market maturity.
  • Satisfaction: 71% of risk managers report being satisfied by using a solution. Even if I feel this is encouraging, it also indicates that nearly a third don’t seem to be reaping the benefits that they expect. From my experience and feedback from customers, this is often due to an approach where information is segregated between departments, and the “one view of risk” for reporting and mitigation is not available. This is despite having technological tools in place that would enable this.
  • Benefits: The study also highlights the top 10 benefits perceived in 2019 (versus their ranking in 2018):
    1. Spend less time consolidating data, more time analyzing it (1)
    2. Facilitate sharing of information (2)
    3. Harmonize practices and reporting (4)
    4. Facilitate cross-department analysis and avoid silos (3)
    5. Optimize the sharing of risk management best practices (6)
    6. Visualize real-time data (5)
    7. Trust data reliability (7)
    8. Secure sensitive information (8)
    9. Be compliant with law/regulations (10)
    10. Optimize transfer to insurance (9)
  • Modules: The top 5 that are requested when selecting a software solution for risk management are:
    1. Risk mapping
    2. Incidents management
    3. Risk management on prevention
    4. Action plan
    5. Audit

Where to find out more

If you would like to learn more, join us at the SAP Conference on Internal Controls, Compliance and Risk Management March 3–4 in Copenhagen and hear firsthand from François Beaume, who leads this study.

In addition, to download the complete study, please go to the following pages: English version or French version.

I hope you find this Panorama as useful as I do. I look forward to reading your thoughts and comments on Twitter @TFrenehard

This article originally appeared on SAP Community and is republished by permission.

Follow SAP Finance online: @SAPFinance (Twitter)LinkedIn | FacebookYouTube

Thomas Frénéhard

About Thomas Frénéhard

Thomas is part of the Global Centre of Excellence for Finance and Risk solutions where he has a focus on Governance, Risk, and Compliance topics. Prior to that, he was a Senior Director in the Governance, Risk, and Compliance Solution Management team. His particular responsibility was with Risk Management but other functional areas of focus were in Internal Control & Compliance Management and Audit Management. He is also a regular contributor on social media and presenter at various SAP and non-SAP conferences on GRC matters.