- Corporate Security Teams
- Risk & Compliance Teams
- Information Security Teams
Governance, Risk and Compliance
By Resolver Modified September 11, 2021
Software selection can be daunting. There are plenty of uncertainties and questions you have when looking to implement Enterprise Risk Management (ERM) software. Maybe you’re not sure what to be concerned about. Maybe you’re not sure how the process works, or the hidden costs. Here are eight questions that you shouldn’t hesitate to ask your current or potential ERM vendor to help you to be more informed in your software selection process.
If the software is hosted, it means that you can access the software in a browser. You will be paying a regular subscription fee because the vendor is providing the software as a service (SaaS). Any updates are managed by the vendor which means you won’t be required to do any manual updates. If the software is installed, there is likely installation, maintenance and update procedures, which means you may need to involve your IT department.
Likely if a vendor has a pre-configured solution, this will save a lot of time. If the solution is not pre-configured, the vendor’s Implementation Services team could take months gathering your requirements. With an out-of-the-box solution, you’ll spend less time on implementation as it’s likely that the vendor’s team will take your risk register and load it right into the application.
We never make a big investment blindly. When buying a car, we can test drive it. When buying a house, we attend an open house. The investment in software should be the same. Many vendors will allow you test their software. During the trial, you start to get a feel for the software, especially the speed and the intuitiveness. Don’t forget to trial the software on mobile devices, too, as most of your executive risk owners will be interacting with the software on their mobile devices. Ensure the experience will not be frustrating for anyone ahead of making the investment.
Is it manual? Can it be bulk imported? Who does it? Talk to a potential vendor about your existing risk register and historical assessments. There may be additional time and costs associated with uploading this data, so it’s important to understand the data import landscape. It’s also wise to ask about what it takes to get your data out. Ask about whether you can easily export all of your data in .CSV, so you can port it if needed.
This is the team that you will be interacting with the most, not the salespeople. Ask your potential vendor for an introduction. A chat with Services will familiarize you with who you will be dealing with on a day-to-day basis during implementation.
The most difficult time is arguably the first 6 months after you’ve implemented new software. This is where you may run into challenges rolling the software out to your end-users. Your vendor can offer support and training to help you with your user adoption internally and help you troubleshoot, but it often comes at an additional cost. Ask the vendor up front if it will be included as part of the annual license fee. You should also keep in mind that many vendors only run regular business hours support so it’s important to ensure that the support team is located in your time zone, or that the vendor is willing to provide 24/7 support.
It is likely that you may have a few changes that you’d like to make to the system after your users begin using it. Ask your vendor upfront how quickly those changes can be made and who can make them. Some systems need specialized programmers to perform these changes, while others have a user-friendly interface that will allow you to perform simple administrative changes yourself.
If you work in an organization where acquisitions and divestitures are common, it’s important to ask your potential vendor how they expect to scale the system as your company grows.