6 Risk systems and tools
There are a variety of risk tools on the market that help support communication; these range in price from pennies to many millions of pounds. Organisations like Gartner offer a summary of ‘the best’ tools available, but these will often focus on ‘GRC system’. GRC, or Governance, Risk and Compliance, are tools that look to bring together, under one umbrella, all risks, controls, assurance and incident information. The choice of tool will depend on the size and complexity of your organisation and the number of users.
The common requirements vary from a simple database in which to store risk, to more integrated systems where risk, controls and assurance activities are linked. Some of the more advanced tools even link to operating and Enterprise Resource Planning (ERP) systems and thereby provide ‘real time’ control monitoring.
That said the basic requirements for any of these tools are common and should include:
- ease of data entry
- ease of data extraction and reporting
- ability to link one risk to many root causes, many controls and many mitigation actions
- ability to link one consequence, root cause and one control to many risks
- ability to present visually (including charts and graphs).
Many organisations find that one tool cannot meet all of their needs and therefore use separate software specifically designed for a particular solution. This section only gives a brief overview into system tools and anyone interested in this area should undertake their own research before deciding on a particular approach to risk systems and tools.