8 Questions to Ask Potential ERM Software Vendors

October 18, 2023 · READ

Whether you’re a multinational corporation or a small startup, the need to identify, assess, and mitigate risks has never been more evident. However, software selection can be daunting. There are plenty of uncertainties and questions you have when looking to implement Enterprise Risk Management (ERM) software. The best ERM software for your organization can make all the difference, empowering your team to make informed decisions and protect your business from unexpected threats.

But with a multitude of ERM software solutions on the market, how do you ensure you select the one that perfectly aligns with your unique needs and objectives? Maybe you’re not sure what to be concerned about. Maybe you’re not sure how the process works, or the hidden costs.

If you’re starting from scratch or considering a switch from your current ERM system, here are eight questions that you should ask your current or potential ERM software vendor to be informed in your software selection process.

1. Is the ERM software hosted or installed?  

If the software is hosted, it means that you can access the software in a browser. This can be from the vendor’s servers, or cloud-based. You’ll pay a regular subscription fee because the vendor is providing the software as a service (SaaS). Hosted ERM offers the advantages of accessibility from anywhere, reduced IT overhead, and automatic updates but may have limitations on customization and data control compared to locally installed ERM solutions.

Installed ERM software is locally installed on a company’s servers or computers, meaning that the company has full control over the software’s deployment, maintenance, and data security. Installed ERM software typically offers greater customization and security but may require more in-house IT resources for setup and management. It allows companies to tailor their risk management processes to specific needs and maintain sensitive data within their own infrastructure, providing a higher level of data control and privacy.

Also read: What Is Enterprise Risk Management? Why It Matters And How To Use It

2. Is there an “out-of-the-box” solution for Risk Management?

Vendors that offer a pre-configured solution will save your organization a lot of time. If the solution is not pre-configured, the vendor’s Implementation Services team could take months to gather your requirements. Knowing if an ERM software vendor offers an out-of-the-box solution indicates whether the software is ready to use with minimal customization.

This information is crucial because it enables your organization to make informed decisions about implementation for your specific needs. Specifically, asking this question helps assess how quickly and easily the software can be implemented and whether it aligns with your organization’s basic risk management needs without extensive customization, saving time and resources.

3. Will you have access to a trial?

We never make a big investment blindly. We test drive cars before buying them; visit and inspect houses before presenting an offer; and see televisions in the store before making a purchase. Investing in software should be no different.

Many vendors will allow you to test their platform before you commit. During the trial, some factors you should look at include:

  • User-friendliness: Evaluate how easy the software is to use. It should be intuitive, with a user-friendly interface to ensure widespread adoption.
  • Functionality: Test whether the software provides the essential features you need for your specific risk management processes. Ensure it covers risk identification, assessment, mitigation, reporting, and analytics.
  • Integration: Assess the software’s ability to integrate with your existing systems, such as ERP or CRM software, to streamline data sharing and reduce duplication of efforts.
  • Reporting and analytics: Evaluate the software’s reporting and analytics capabilities to ensure it can generate meaningful insights from your risk data.
  • Performance and reliability: Test the software’s performance, responsiveness, and reliability to ensure it can handle your organization’s workload without issues.
Maximizing Your GRC Benefits: Build a Strong Business Case with Impactful Strategies Read more

4. How will your data get into the system?

Is it manual? Can it be bulk imported? Who does it? When speaking to a potential ERM software vendor, it’s important to talk about your existing risk register and historical assessments.

It’s also wise to ask about what it takes to get your data out. A beneficial feature to inquire about is whether or not you can easily export all of your data in CSV so you can port it if needed. There may be additional time and costs associated with uploading this data, so it’s important to understand the data import landscape.

5. What is your pricing structure, including any potential additional costs or licensing fees?

Speaking of costs, it’s important to know if there are any additional or hidden fees associated with the ERM software. During the demo stage, you should gather critical information about the financial aspects of a potential ERM software vendor, including initial setup costs, subscription or one-time purchase models, scalability, potential extra charges, support options, and available pricing tiers. This knowledge is essential for effective budget planning and making an informed financial decision regarding the ERM software.

6. What level of post-implementation support is available?

The most difficult time is arguably the first 6 months after you’ve implemented new software. This is where you may run into challenges rolling the software out to your end users. Your vendor can offer support and training to help you with your user adoption internally and help you troubleshoot, but it often comes at an additional cost. Ask the vendor up front if it will be included as part of the annual license fee. You should also keep in mind that many vendors only run regular business hours support so it’s important to ensure that the support team is located in your time zone, or that the vendor is willing to provide 24/7 support.

Read more: 5 Steps to Reinvigorate Your ERM Program Components

7. How will changes to the system be made after you go live?

It is likely that you may have a few changes that you’d like to make to the ERM software after your users begin using it. Ask your vendor upfront how quickly those changes can be made and who can make them. Some systems need specialized programmers to perform these changes, while others have a user-friendly interface that will allow you to perform simple administrative changes yourself.

Doing this will allow you to better understand the process for updates, enhancements, or adjustments. This knowledge helps your organization plan for system evolution, assess potential downtime or disruptions, and ensure that the software can adapt to their changing needs and regulatory requirements.

8. How can you scale the software as your company grows?

If you work in an organization where acquisitions and divestitures are common, it’s important to ask your potential ERM software vendor how they expect to scale the system as your company grows software. Doing so will ensure that the software can adapt to your company’s growth. This information helps plan for increased data volume and users, prevents future software limitations, and ensures the ERM system remains effective and cost-efficient as the organization expands.

Knowing how a potential ERM software vendor can scale the platform as a user’s company grows is crucial because it ensures that the solution can adapt to increasing data volume, user requirements, and evolving risk management needs.

Let Resolver aid in your search of ERM software

Selecting the right ERM software is a pivotal decision that can significantly impact your organization’s risk management capabilities. By asking the right questions, understanding the software’s scalability, customization options, and post-implementation support, you can make an informed choice that aligns perfectly with your needs.

Resolver’s ERM software is a comprehensive solution designed to help organizations identify, assess, mitigate, and monitor risks effectively. It offers a wide range of benefits that make it a valuable tool for managing risks and ensuring long-term business resilience. To see it in action, click here to watch a demo.

This content was originally published on January 26, 2018
Watch a brief ERM product demonstration to see Resolver’s ERM software in action Watch The Guided Tour


Table Of Contents

    Request a Demo

    I'd like to learn more about
    • I'd like to learn more about
    • Enterprise Risk Management
    • Incident Management
    • IT Risk
    • IT Compliance
    • Investigations Management
    • Security Operations Management
    • Compliance
    • Security Audit
    • Loss Prevention
    • Brand Protection
    • ESRM
    • Internal Audit
    • Internal Control (SOX)
    • Third Party Risk Management
    • Threat Assessment

    I agree to receive promotional email messages from Resolver Inc about its products and services. I understand I can unsubscribe at any time.

    By submitting this form you agree to Resolver's Terms Of Service and Privacy Policy.