Introducing ERM Software: How to Get It Right the First Time

When it comes to ERM software implementation, credibility matters. Deliver what you promise. Failing to implement a project, risk management initiative, audit program, or compliance program wastes time, money, and resources. It also makes future initiatives harder to engage stakeholders in.

To help organisations succeed, we explore types of ERM software, pitfalls to avoid, and practical tips to ensure a smooth implementation the first time.

Types of ERM Software

Many people assume risk management and internal audit technology is complex. They imagine relational databases, complicated codes, and steep learning curves. This is not always true.

According to the 2009 RIMS ERM Technology Survey (Risk and Insurance Management Society) there are three main types of ERM technology:

1. Desktop Software – spreadsheets, word documents, and basic databases

2. Purchased ERM Software – off-the-shelf systems that can be licensed and configured

3. Custom-Built ERM Software – purpose-built systems developed in-house or by external vendors

The RIMS survey revealed desktop software was most popular, used by 52% of respondents. Similarly, a 2006 study by InConsult on NSW Local Government risk practices found that most councils relied heavily on desktop tools. Purchased software was used by 38% of organisations. Custom-built solutions were less common.

The rise and rise of purchased ERM Software

Although desktop software remains widely used, purchased ERM software is the fastest-growing segment. Its rise is driven by:

• Improved technology and web access

• Modern browsers and cloud capabilities

• Tech-savvy workforce (Gen X and Y)

Regulatory pressure has also accelerated adoption. After major corporate failures, governments increased risk management and compliance requirements:

• Australia: After HIH’s collapse, APRA introduced prudential standards mandating minimum governance, risk management, internal audit, and capital management practices.

• United States: Following Enron and WorldCom, the Sarbanes-Oxley Act (SOX) improved controls over financial reporting accuracy.

These regulations encouraged organisations to adopt more structured, proactive ERM and compliance systems.

To purchase or not to purchase Risk and Audit Software

Desktop software works well for early-stage risk management, compliance, and audit programs. It is flexible, requires minimal training, and allows teams to quickly edit documents and generate basic reports.

However, as an organisation’s risk framework matures, desktop solutions start to limit growth:

• Security and access restrictions become cumbersome

• Version history and audit logs are difficult to maintain

• Scalability is hard; updating one document often means updating many

• Reporting becomes error-prone as data comes from multiple, disconnected sources

If spreadsheets aren’t sufficient for finance or CRM systems, why rely on them to manage organisational risk, internal audits, compliance obligations, and incidents?

Tips for implementing ERM software

1. Establish a Strong Foundation
   Don’t rely on software alone. A clear risk management framework and well-managed internal audit function are essential. Good software complements strong processes—it does not create them.

2. Evaluate Before You Purchase
   Start evaluating systems while formalising your ERM framework. Use software during workshops to engage risk owners and demonstrate value.

3. Select the Right Vendor
   Technical expertise matters. Some vendors defer complex risk questions to consultants at extra cost. Always ask risk-specific questions during demonstrations.

4. Focus on Functionality, Not Looks
   Avoid being impressed by flashy interfaces. Prioritise software that meets your functional requirements. Prepare a checklist of features and ensure demos address your needs.

5. Understand Total Cost
   Many vendors offer a basic package but charge extra for:

   • User training

   • Implementation support

   • System customisation
     Consider integrated governance systems, which bring together risk management, WHS, internal audit, and compliance. According to Gartner, buying separate software for each compliance area can cost up to 10 times more. (Gartner, 2020)

6. Set Realistic Expectations
   No system will meet 100% of requirements. Even finance and HR systems rarely do. Focus on solutions that perform core functions reliably.

Conclusion

Choosing ERM, internal audit, and compliance software is challenging but necessary. Desktop tools may suffice early on, but mature organisations need integrated solutions.

Plan carefully, select the right vendor, focus on functionality, and integrate the software into your ERM framework. Do this, and your organisation can implement ERM software successfully the first time.

Ready to Take the Next Step?

Stop struggling with spreadsheets and see how GuardianERM can transform your risk management. Contact us today for a personalised demo and discover how your organisation can improve reporting efficiency, strengthen governance, and reduce operational risk.