Amid the unpredictability of their day-to-day jobs, risk managers have come to depend on the ability of risk software to evolve with times. David Adams notes the widening application of software in an increasingly sophisticated market

While advanced solutions were once the preserve of larger, wealthier organisations, recent years have seen risk software being used by a much broader variety of organisations, with adoption or the desire to upgrade often driven by multiple factors.

These include a realisation that for anything other than the most basic organisation, spreadsheets and Word documents are not fit for purpose as a means of managing risk; a growing awareness of the need to address specific types of risk that may affect many different types of organisation, such as cyber and data risks; and increased sector-specific and/or more generally applicable regulation.

Although the software is evolving quickly, there is still usually a clear distinction between Risk Management Information Systems (RMIS), usually used to gather data for the purpose of managing the costs of insurable risks; and broader solutions, which may be used in combination with other business tools and processes.

A number of vendors offer multiple solutions to meet different requirements. For example, Origami Risk provides a RMIS, used to collect and standardise risk data drawn from a wide range of sources, then trigger further management and mitigation activity when necessary; and software as a service (SaaS) based enterprise risk management (ERM) solutions, which offer an overall view of risk across the enterprise, but can also be used to manage risks related to specific processes or projects.

Neil Scotcher, sales and client service executive at Origami, says many clients are keen to use SaaS solutions that provide a large degree of flexibility, in part because their requirements are likely to change over time, but also because the risk management function is now being used more proactively, often by multiple parts of an organisation. He claims that meetings with prospective clients are often extended when it becomes clear that the solution could add value in more parts of an organisation than had at first been understood by the prospect: in property management or health and safety management, for example.

Origami end users include Royal Cosun, a multinational agricultural company group based in the Netherlands, which employs almost 4,000 people across the different businesses within the group. It has been using a tailored version of Origami’s RMIS to meet specific risk and insurance needs in multiple territories for several years. The company also now uses the solution to meet other risk management requirements, including safety, loss and environmental management functions, insurance policy management, asset valuation and compliance. Its use has helped to reduce insurance and claims management costs and to improve insurance administration. Senior management have access to a dashboard view of risk resilience across the different locations used by companies within the group.

Jeroen Helder, group treasurer and insurance risk manager at Royal Cosun, says the solution provides multiple benefits, including putting the company in a better position to have informed discussions with insurance companies without being so dependent upon a broker.

“The system is used to support our risk management strategy throughout the organisation; and data sharing with stakeholders is also done via the system,” says Helder. “Savings are made on several levels, including lower broker fees and more efficient claims handling.”

New risk management software also now tends to have a very user-friendly front end, because the need to gather risk data from every part of an organisation means it will be used by risk owners across an organisation, often via mobile devices. Another vendor, Ventiv, delivers “integrated risk management solutions”, incorporating sophisticated analytics and reporting, plus automated capture of risks, claims and safety information; but also integrated with Ventiv Digital, a survey-style front end accessible to ordinary users via mobile phones, allowing them to provide risk data from the field.

Ventiv and other vendors may also enable integration of enterprise risk management processes into processes including safety management, insurance management and audit functions. End users include corporate insurance managers and risk managers, as well as insurers, brokers and captives. Smaller organisations may also use the solution when it is provided for them by an insurance broker.

Solution design is also informed by regulatory conditions. Ventiv global product manager Angus Rhodes says one element of its proposition that seems to appeal to many end users is that Ventiv hosts, develops and manages all of its products itself, so end users never have to deal with other third party hosting service providers. He believes this will become an even more important selling point in future as data protection regulation continues to tighten.

For some organisations, a risk management function forms part of broader, integrated governance risk and compliance (GRC) capabilities. Rhodes says some end users are seeking to use the software’s capabilities to integrate it with business processes elsewhere in the organisation, such as the legal and financial departments.

Other vendors have taken a different approach. JCAD has focused on creating off the shelf, yet customisable specialised risk management and claims handling software, rather than multi-purpose systems. Sales and marketing director Phil Walden says some end users come looking for a specialist tool as an alternative to a larger integrated GRC strategy, “perhaps because they’ve found that a tool that does multiple things relatively well does none of them brilliantly”, as he puts it.

Colt Data Centre Services has been using JCAD software to manage risks for its data centre services business since early 2018. The company provides data centre services to clients all over the world, including major financial services and technology companies.

In the past, risk management processes were implemented within individual data centres and at a country level, using different formats and processes – creating significant difficulties when the company tried to consolidate these operations at a group level. David Allen, operations business planning manager for data centre services and managed services at Colt Data Centre Services says the company wanted to find a “more scientific and consistent” way to consolidate risk management: a relatively simple system it could buy off the shelf, then configure to meet its requirements.

“We were looking to consolidate risk management up to country level, then up to the regions and to our head office in London,” says Allen. “It’s given us a proactive and controlled way of understanding our risks and managing and addressing them.”

The system helps the company manage and plan updates, replacements and additions to its technical infrastructures. It also enables direct input at site level from engineers and managers reporting issues or incidents that need to be addressed. Altogether, about 100 members of staff worldwide use the system.

The JCAD client base also includes charities keen to assess risks affecting planned projects and to build up evidence to show to trustees, funders and regulators to prove that risks, as well as finances, are being managed effectively and responsibly.

So it seems likely that the drive towards improving understanding and managing risk in order to deliver these fundamental benefits – increased efficiency, better business decisions and certainty on the question of compliance – will continue to encourage more organisations in every sector to review risk management capabilities and consider investing in more effective risk management solutions.

But even as these technologies become ever more sophisticated, it is also important to remember that no organisation should ever become over-reliant on software alone. Effective risk management strategies also need human elements, from buy-in to the strategy and solution in the boardroom to the commitment of risk owners throughout the organisation. Some of these technologies may be hugely impressive, but, as Origami Risk marketing director Traci Gregorski points out: “Software is only as good as the way that you use it.”


This article was published in the January 2019 issue of CIR Magazine.

Download as PDF

More interviews and analysis

Contact the editor

Follow us on Twitter

Share Story: