BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.
To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.
To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.
Tools that automate parts of an organization's enterprise risk management program can improve the program's efficiency and productivity, and new technology tools can help automate risk tracking and monitoring within the ERM processes.
But reliance on technology alone with a platform that is not flexible can scuttle an organization's ERM effort quickly, experts say.
Many risk managers starting an ERM program often use Microsoft Excel spreadsheets to collect and organize information, said New York-based Michael Liebowitz, the director of insurance and risk management for New York University, who uses such spreadsheets for certain tasks.
“But Excel is not going to do the analytics. Excel is not going to provide any sort of relational database to run any sort of report,” he said.
Realizing the deficiencies of spreadsheets when providing accurate data and analytics, Mr. Liebowitz is implementing a global ERM program using a technology platform from Marietta, Ga.-based Riskonnect Inc.
“It allows us to do the analytics, it allows us to store documents when people are developing policies and procedures, it allows us to store meeting minutes, enter our mitigation strategy. And we can run our analytics on risk query and keep the history of how the risks have either gotten better or, based upon the mitigation implemented, have gotten worse,” Mr. Liebowitz said.
Laurie Champion, Atlanta-based managing director and practice leader for ERM at Aon Global Risk Consulting said current ERM tools are much more advanced than those available three to four years ago.
“ERM leaders can use current ERM technology tools to improve their data collection, storage, analysis and reporting capabilities beyond the typical Excel spreadsheet tools that many organizations use when they first begin an ERM framework,” Ms. Champion said.
ERM technology can automate activities such as data capture, analysis and reporting, she said.
“They also support monitoring and tracking of risks over time by supporting analysis of trends and positions against risk tolerance targets,” Ms. Champion said.
A critical mistake for ERM leaders to avoid is the automation of an ERM program that hasn't matured into a true process, Russell McGuire, Dallas-based director of enterprise risk services for Riskonnect, said.
“The worst thing that a risk manager can do is to go out to buy some software,” Mr. McGuire said. “If he does that, I can guarantee that within a year or two he's going to have some really serious problems because he's trying to squeeze a square peg into a round hole, (will) probably spend a lot of money, and would have relatively little to show for it.”
The globally recognized ISO 31000 risk management standard developed by the International Organization for Standardization can set the benchmark for ERM technology programs.
“The individual organization needs to make sure, first of all, that the technology that they use fits the culture of the organization, and that the technology supports the organization's framework and not the other way around,” Mr. McGuire said.
“If you're an ISO 31000 framework organization, ISO 31000 is designed to be flexible to meet the organization's needs,” NYU's Mr. Liebowitz said. “I felt I needed an information system that did the same.”
While following the ISO 31000 standard may help an organization find a compatible ERM technology platform, it's never a perfect solution, said Christopher E. Mandel, executive vice president of professional services for rPM3 Solutions L.L.C. in Nashville.
Most ERM automation takes place through work flow platforms that tend to focus more on first repositories of key information in the ERM process, Mr. Mandel said, noting that a gap remains for good technology tools that can aggregate an organization's risks.
“The needs are so varied and diverse, I don't know that anybody's going to accomplish that goal,” he said. “Just start from the premise that everyone looks at ERM a little bit differently.”
While ERM can seem large and cumbersome, technology tools can speed up the process of identifying, assessing and prioritizing risks, and focusing on key areas to achieve the organization's strategic goals and objectives, said Corey Gooch, Chicago-based senior ERM consultant at Towers Watson & Co.
“That's one way to help get a fresh look at where we are as compared to where we were, and what are some new things that showed up that weren't there before,” Mr. Gooch said. “I've seen those automated through the use of online surveys or other types of techniques used for gathering that information.”
However, ERM automation may lead to a complacency where risk owners may simply “tick the box,” Mr. Gooch said.
“With automation, that does become an issue, where people have gotten so busy — we all are doing more things with less time — that (complacency) is a risk that could occur,” he said.
Face-to-face interactions via workshops that help risk owners validate information collected can help avoid complacency, Mr. Gooch said.
“You can't put an ERM system in and expect it to be automatic,” Mr. Liebowitz said. “There needs to be a human element to this to keep the data on track, and to make sure people don't become complacent (and) just pop in a number for the sake of popping a number in.”
Privacy and data breach risks also are a concern for ERM practitioners who automate certain aspects of their ERM programs.
“It's always a worry with any system that is used, whether it be cloud-based or locally based,” Mr. Liebowitz said.
Generally, organizations using any type of software where information is loaded onto a server or on a cloud typically would apply the proper security and privacy controls, which also would encompass ERM technology, experts say.
“The exception to that rule is through the platform and the platform providers,” Mr. McGuire of Riskonnect said.
When using third-party technology vendors, ERM leaders should vet their vendors, have open communications and request that they have proper security certification, he said.