Companies often find themselves facing insurmountable pressures that appear to be closing in from all sides. From sweeping regulatory changes across key jurisdictions, to political uncertainty, rising overheads and data security. Organisations now live or die based upon their ability to clearly articulate how they identify their principle business risks, and subsequently ensure they’re capable of managing those threats as part of a strategic, controlled risk appetite.
That’s where enterprise risk management (ERM) comes in, and it is critical to a business’ success.
ERM is a process developed in cooperation between a company’s board of directors, management, employees and other stakeholders to point out and categorise potential events that pose a negative impact upon the company – and then consequently use that analysis to develop processes and work flows to manage those risks and provide reasonable levels of assurance that the organisation can largely mitigate relevant threats in order to achieve its strategic goals.
Absolutely every business should have an ERM process in place, and not just for the benefit of stakeholders. Regulatory bodies across industries such as finance will often demand to see proof of an integrated ERM approach as part of a company’s wider compliance obligations – ordinarily to ensure capital adequacy is relative to a company’s risk profile.
Yet because ERM is such a critical business focus, the market is absolutely flooded with a proverbial sea of various ERM solutions and software products. More confusing still, a large proportion of these dynamic offerings are based upon differing enterprise risk models, fundamentally altering their effectiveness across certain industries.
That’s why it’s worth delving into the various types of enterprise risk models and providers currently available on the market before investing in an ERM software solution.
Statistical enterprise risk modelling
When exploring different ERM models, a company’s search will often both start and end with ISO 31000, which is the collection of risk management standards launched by the International Organisation for Standardisations in 2009. ISO 31000 has been adopted by many regulatory bodies and national governments across the world alongside the framework put forward by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), and both encompass a fairly generic set of guidelines surrounding the design, implementation and ongoing maintenance of an organisation’s ERM process.
Because many organisations find it easiest to meet those guidelines and demonstrate compliance through the analysis of clear-cut quantitative data, a large proportion of ERM software solutions have historically focused primarily on statistical risk modelling tools as a means of identifying risk and recording the effectiveness of any related mitigation processes.
In many cases – particularly for identifying financial risk – statistical modelling makes perfect sense. After all, this family of ERM models uses hard data captured over extensive periods of time to assist financial directors in effectively assessing and forecasting risk appetite in the context of macroeconomic developments, asset performance, insurance performance and foreign exchange volatility.
Yet in the grand scheme of enterprise risk management, solutions that rely only on hard data without reference to the less quantifiable variables associated with many operational risks can often be found lacking in terms of helping companies develop a bigger picture of perceived risk. That’s why the risk management sector has generally been steering away from traditional statistical modelling in favour of more wholesome approaches that better capture the cause-and-effect relationships between the factors that generate those risks, as well as to their outcomes.
Structural modelling methods
Many market participants within the ERM space are now turning to structural modelling methods as an incoming trend and development goal for new products. These methods differ fundamentally from statistical modelling methods in that structural models strive to simulate the dynamics of given systems by furthering the cause-and-effect relationships between each variable within those systems.
Structural methods vary dramatically in design, from the mathematically complicated stochastic differential equations to the probabilistic-focused Bayesian network. Yet regardless of the method used, all structural models are characteristic in their ability to solve for problems of oversimplifying variable relationships – particularly relationships surrounding operation risk.
Structural modelling solutions typically function by cascading each risk variable alongside the relevant variables to represent the points at which tangibles like wage inflation, equity earnings yield or short-term interest rates intersect. Which assists management teams in developing a more wholesome macroeconomic picture, and is particularly effective when applied over multiple time periods.
As a result of deploying structural based modelling methods, organisations can typically expect to avoid limitations on probability distributions and constant correlation that they would expect to encounter by relying upon statistical-only ERM methods.
System dynamics modelling methods
While many ERM consultants and solutions providers are now considering structural modelling methods and the way in which they can be applied to marketable software solutions very soon, a similarly innovative technique that has already been successfully brought to market in recent years is the system dynamics model.
Developed in the 1950s, system dynamics has made a comeback primarily due to the elevated role the model offers qualitative data in an increasingly data-driven world. In short, ERM solutions that benefit from system dynamics ordinarily use so-called expert testimony to fill in gaps of historical data that could be missing as part of a wider risk assessment.
Relying upon that testimony paired with hard data, developers create a system map designed to explore the parameters of any given enterprise risk and its relationship with other variables. Developers can then use that map to quantify each risk relationship and run a dizzying amount of simulations to generate the potential outcomes of any given decision in either a current operating environment or forecasted future conditions.
It’s this ‘what-if’ planning that companies are increasingly demanding, which is why many service providers are now working to incorporate more innovative forms of system dynamics modelling methods as part of their wider ERM software suites.
Which software providers are leading the industry?
Without question, the globe’s leading ERM software provider in terms of integrated system dynamics solutions is AnyLogic. Servicing organisations ranging from IBM and DHL, to Coca-Cola, GlaxoSmithKline and NASA, AnyLogic’s object-oriented approach to system dynamics enables sprawling multinationals and tiny start-ups alike to better inform long-term strategy and decision-making.
Although other ERM solutions providers do offer various system dynamics modelling modules, AnyLogic is widely credited as being the only industry tool that enables management teams to identify and observe risk through the combined lenses of system dynamics, agent and discrete event components. AnyLogic argues this combined method is particularly useful in the context of supply chains and logistical planning across consumer markets.
Nonetheless, system dynamics modelling could ultimately turn out to be a somewhat tedious and unnecessary exercise for smaller organisations that are on the hunt for simpler ERM solutions to test and monitor only particular or very niche risk sets. That’s why, in general most of the ERM software available on the market seeks to leverage the most basic aspects of each enterprise risk modelling method to generate a more wholesome, if somewhat broader, view of an organisation’s exposure to risk.
When shopping for ERM solutions, management teams should expect to see a bare minimum of functionality across all providers. For example, workable solutions across the majority of industries will require modules that perform threat and vulnerability analysis, incident and compliance management, vendor or third-party management, financial auditing and reporting, and policy management.
Yet above all else, companies should focus on ERM software solutions that easily integrate with existing systems. Organisations wishing to implement an ERM solution in order mitigate risk across an entire enterprise will need their ERM software to draw on data from other systems of record to develop an adequate modelling system – which is why the industry’s leading providers work to offer solutions with open APIs.
Workiva is one of the most wholesome places to start a search for a new EMR system, because its cloud-based Wdesk system is specifically designed to connect existing systems and scale alongside a growing organisation. Meanwhile, LogicManager is an industry leader in terms of the provision of additional resources organisations are to draw upon, in order to customise and expand modelling methods to suit their specific business needs.
Elsewhere, MetricStream offers unique, multi-dimensional assessments based upon a range of enterprise risk methods to produce prioritised breakdowns of organisational risk. Like Workiva, one of MetricStrem’s unique selling points is its ability to integrate with multiple external systems to capture relevant data other software products might not ordinarily pick up and factor into modelling, such as regulatory updates or industrial developments.
Organisations are certainly spoilt for choice when it comes to adequate ERM software. Yet as the market continues to shift towards more dynamic ERM models and methods of assessment, it’s also worth pointing out that no business can remain static. Enterprise risk is crucial to the success of every business, and so managers should constantly be testing and reassessing their existing ERM systems to ensure their organisations are benefitting from the most relevant modelling and functionality available.