ERM software
assistance arrives

Implementation of ERM has been eased by
software products that mesh with the COSO framework

By Michael J. Moody, MBA, ARM

After several years of lounging about without a corporate champion, it now appears that ERM is finally getting on the boardroom agenda, and it’s the board itself that is making this happen. And while some of the current expression of interest can be attributed to enactment of the Sarbanes-Oxley Act of 2002, companies are beginning to see that ERM can also be a key driver in gaining a competitive edge in a global economy. Early adopters have found that ERM not only provides a framework for managing all types of risks but can also assist a company in accomplishing its strategic business objectives.

Despite the lack of a corporate champion, ERM has had some vocal supporters during 2004. One of the strongest supporters of the ERM concept last year was The Federal Reserve Board. During 2004, Fed Governor Susan Schmidt Bies made at least five public presentations in support of ERM. In her July 16th remarks at the Risk Management Association and Consumer Bankers Association Retail Risk Conference, Governor Bies noted:

“Enterprise-wide risk management looks within and across business lines and activities of the organization as a whole to consider how one area of the firm may affect the risks of other business lines and the enterprise as a whole. This approach is in marked contrast with the silo approach to risk management, which considers the risks of activities or business lines in isolation, without considering how those risks interrelate and affect other business lines. While individual business lines or activities should continue to enhance their own risk management practices, as organizations gain in complexity it is important to provide the critical oversight that can come only from an enterprise-wide risk management approach.”

Governor Bies concluded by saying, “In today’s environment, I urge all organizations to consider embracing this discipline.”

The Securities and Exchange Commission has also made a number of public references to the importance of ERM during the past year. Both of these governmental entities have become vociferous backers of the holistic view of risk management that is associated with ERM.

Background

Despite this rosy picture for ERM’s future, difficulties in implementation have been well documented by several consulting organizations. Typically, two of the major stumbling blocks have been processes and technology to support the ERM approach. Late in 2004, the process issue was significantly reduced via the finalization of the COSO Enterprise Risk Management—Integrated Framework (the Framework). For the first time, a consistent vision of ERM had emerged and the Framework, along with its companion document, Application Techniques, can provide a considerable amount of guidance for any corporation that wishes to begin to develop a state-of-the-art ERM program. The common language and established format of the Framework can easily provide the assistance that corporations have been searching for.

Subsequent to the finalization of the ERM Framework, a number of software companies have been quick to fill the technology gap that has existed with regards to ERM. Previously, some corporations have had to retain the services of outside consultants in order to advance their ERM agenda. Frequently the consulting projects would result in mid-six figure consulting bills and would foster a “one-time event” approach as opposed to a continual process that is essential to fully reap the benefits of ERM. But now forward-looking software developers have incorporated the COSO suggestions into their products and that may allow a corporation to utilize software products to assist in implementation rather than retain an outside consultant.

Assessment assistance

Today’s risk assessment software had its genesis in the risk manage-ment information system software of the 1980s; however, the claims-only focus has been greatly expanded to include a wide variety of risks. Methodware’s Enterprise Risk Assessor software is typical of the user-friendly decision support software applications that are currently available. The software is designed to offer a broad array of assessment and modeling tools with the power and sophistication to consolidate and measure complex enterprise-wide risks. The software is coordinated with the COSO ERM Framework and can be aligned with overall company objectives and the risk appetite as established by the board.

One of the key features of the Methodware software is the development of modeling capabilities and the graphic display of the results via risk maps necessary to successfully assess an organization’s historical data. It provides a clear picture of risks at any level in a corporation. Included is an array of graphical information available to a user such as heat maps that show comparative risk data and corporate-wide risk maps. Among the extensive list of available output the software can provide are evidence of risk and control processes as well as reports to raise risk awareness throughout the organization. Results from these activities can easily be consolidated and displayed for individual business units or across the entire enterprise. In fact, Methodware indicates that there are over 350 generic reports available, all of which can be customized to suit the user’s needs.

Methodware, Inc., is an international company that is headquartered in New Zealand. Its products and services are available in the United States via solution partners such as the Kingston Group in Baltimore, Maryland, and Boston-based Global Atlantic Partners.

Project management

The second software package is specifically designed to provide a project management approach to ERM implementation. This offering is provided by Obian, Inc. (www.obian.com) and it’s called “E-Riskware.” According to John Logan, Obian’s president, “E-Riskware delivers a comprehensive management system that provides a turnkey approach with a starting point from which to collaboratively work on ERM initiatives.” The software not only provides a foundation for ERM implementation, it also ensures compliance with Sarbanes-Oxley Act Section 404 requirements. According to Logan, “The software controls the enterprise-wide risk management information process in accordance with critical principles and components that are outlined in the COSO ERM Frame-work.” E-Riskware includes all eight COSO components and allows manage-ment and staff to have a collaborative platform with which to maintain an ERM implementation schedule.

One issue that many would-be ERM implementers have found troublesome is that the process is very “meeting” oriented. As a result, gaps in completion occur between meetings. E-Riskware is designed to solve this by allowing executive managers and staff to collaborate, and complete tasks with a minimum of counterproductive “meeting” time. The key to the software’s success, notes Logan, is that “it is built on three integrated technologies that provide document and workflow management, process management, and collaboration management. “The COSO compliant software retains all working documents and comments, sets priorities and enforces due dates.” He says that this helps mitigate missed deadlines, stalled projects and other issues related to “management by meeting.” The entire software product offers appropriate levels of security throughout, thus providing access to only those users required to view and modify the data.

Conclusion

There is no question that ERM has taken a little longer “to arrive” than was originally envisioned. While there are many reasons for this “late arrival,” for many organizations it just involves too many roadblocks to tackle. However, the finalization of the COSO Framework has now provided a blueprint for ERM program development. This, coupled with the current crop of ERM software applications, can expedite the implementation phase of any ERM program. Using software applications for ERM development also provides a company with an opportunity to make the process more efficient, sustainable, and transparent.

As a result, today, many of the barriers to the development of a successful ERM program have been either eliminated or mitigated. Now there should be little holding entities back from aggressively developing and implementing a holistic approach to risk management. *