Over the years I have seen, used and been part of the development team for a large array of risk management software systems. It was actually the business of risk management or developing solutions for it that dragged me away from the information technology game; so many years ago, twenty years ago I suppose and one rarely looks back but today, I look forwards retrospectively.
What has happened to this market? ... it's completely awash with so many different products. Some systems are quite interesting, novel in places and there are quite a few horrible efforts out there too that need to be recast onto the drawing-board. Many of these risk systems are damn expensive that is for sure, especially with the big players and I do wonder where the true value is with some of these information technology offerings.
Overall, I generally feel sorry for the average risk manager, compliance officer or auditor who is tasked to find an enterprise-wide tool to do nothing more than capture and report risk across their respective organisations. There are literally hundreds, potentially thousands of products to choose from.
Capterra, a website that slogans itself as "Find the Right Software for Your Organization" lists 149 individual enterprise risk management systems [LINK] and Bobs Guide [LINK] another popular website, 'poster boards' risk solutions for pages. It has a tomb of listings that log some quite famous brands when it comes to risk management and there is always the infamous thrown in for good measure.
The big hurdle I am seeing with this little 'Risk IT huddle' is that many of these companies do the technology quite well but they don't really do risk management, if that makes any sense. I do wonder what a risk system should look like if it was built by risk practitioners rather than IT people.
So we are going to build a system. I have taken the leap once more to focus some of Causal Capital's resources into Risk System development and I will itemize some of the technical features risk managers should expect to see in a solid risk solution.
If you are a person working in risk management, please do touch base with me on email or in the comments section with your ideas. I would be interested in hearing your thoughts with what should go into an outstanding enterprise wide risk assessment solution.
Contrivance | Causal Capital [LINK]
So onto these Information Technology features or benefits as it should be but you can be nearly sure that we'll post more updates on our new system in the coming weeks ahead.
Key features that come to mind should include:
 ISO 31000 Risk Framework
The software application should follow a strong risk assessment framework or structure, such as what ISO 31000 describes in its famous Figure 3 Risk Management Process schematic. This would normally commence with a specific method in the tool to capture organisational objectives and finish up with risk treatment. So many risk systems I have recently reviewed are glorified risk registries.
I also believe the system's database should be loaded with contextual information to help risk managers with their work. We are planning on pre-loading Contrivance [LINK] with a risk taxonomy and hundreds of Key Risk Indicators that are ready to go.
 Coherent Risk Measurement
This is a big one for me as many of those who know me would expect. You can have your traffic light reports, sure and why not ... but let's build these traffic light reports as an outcome of a coherent or parametric measurement model not a Frequency x Magnitude fudge which is just plain wrong when it is used to derive results rather than report them.
So coherent measurement is in, a bit of a computational challenge for an enterprise risk management service that is likely to house thousands of risks but I believe it is possible to integrate a recursive Monte Carlo calculator across the lot. For the next edition of our risk system, we'll take a look at adding in enterprise risk aggregation and that is something I have not seen done properly with most risk systems out there.
 Interactive Dashboards
Something I expected to see common place with the tech leaders is dashboards and plenty of them but I was disappointed most of the time. I would have thought IT guys would shine when it comes to the geek features of software development but apparently not. So interactive dashboards that allow risk managers and stakeholders to drill down into their risk reports needs to be turned on in my opinion.
 Unlimited Users and Scope for Free
The commercial aspect is important too and I was quite astounded at some of the costs these risk software companies are charging. At the rich end of the spectrum, the bills can go into the hundreds of thousands, even into millions for average risk reporting and zero risk profiling. That's shocking.
We need to flip this cost model on its head and certainly not restrict the number of users or risks a company can register, that is a ridiculous constraint.
At the moment, Causal Capital is offering the beta risk solution unlimited for free but only for those who attend one of our risk programs and our enterprise risk management workshop [LINK] is filling up quickly. However, long term we will need to find a price tag that is competitive and I am more than interested to hear anyone's thoughts with respects to the economics as well as the features for a top notch risk solution.