SlideShare a Scribd company logo

IRM SIG Avoiding the Pitfalls in ERM IT Solution Selection July 2012

S
Susan Young
1 of 12
Download to read offline
Institute of Risk Management Solvency II Special Interest Group Avoiding the pitfalls in ERM IT Solution Selection Susan Young Head of Risk Management R&Q Managing Agency Limited 10th July 2012 Private & Confidential www.rqih.com
Agenda • Background and Context • Criteria pointing to automation • Approach to selection and selection criteria • Implementation - what went well • Implementation - what lessons did we learn • The Vendor’s perspective • Was it worth it? • Some parting thoughts • Questions
Background and Context • I Joined R&Q in August 2010 as Head of Risk Management • The initial priority was the Lloyd’s Managing Agency, launching a new “Live” syndicate and developing a Solvency II compliant ERM framework • These, however, were not the only drivers……… • R&Q is a complex group engaged in many areas of activity which has grown largely by acquisition. The holding company is AIM listed and there are other regulated entities within the Group including overseas activity, some of which is governed by local regulators There was a group-wide demand for Risk Management
Criteria pointing to automation • The Risk Management Framework needed to be; – Scaleable – Customisable – Interactive – Easy to use – Have comprehensive reporting functionality – Solvency II Internal Model friendly - will it give the modellers what they want in the format they want it? Existing capability (MS Office Tools) alone would not cut the mustard
Approach to selection and selection criteria • Personal research • Exhibitors at IRM (and other) conferences • Word of mouth • Shortlisted 3 to give initial demonstrations to key stakeholders • Made initial selection based on – Ease of use – Reporting Functionality – Vendor’s knowledge of industry and client base – Scenario analysis – Solvency II Use test in mind • Proposal to Risk Committee and to the Board We did our homework as best we could!
Implementation - what went well • We had existing Risk Registers in place which could simply be uploaded – once the requisite analysis and configuration had been done • We also had a developing Risk Management Framework which was already embedding – most users therefore understood this was a means to an end • Buy in from senior management had already been obtained • User training – engagement before roll out • Vendor was very accessible, hands on and patient! That was the good bit….
Implementation - what lessons did we learn? • Plenty! • Scope the implementation our as a project - that’s what it is • Get to know the software and what it can do before you begin • Decide what you want it to do for you early on and avoid scope creep • This is a change management project - it is an integral element of embedding an risk culture – treat it that way! • Leave yourself plenty of time – don’t try and do the implementation on top of the day job (or concurrent with other initiatives – like Solvency II – unless it is explicitly within scope of this project Wait there’s more….
Implementation - what lessons did we learn (continued)? • Don’t set artificial deadlines – be realistic • Don’t rush it – it may mean more time spent in rework later on • Appreciate that any automated Risk Management solution is an enabler – it supplements your Risk Management Framework and it a means to an end only • From the point above, have your Risk Management Framework broadly in place first • Test the system fully before it goes live, with users. Get their feedback on what works and what doesn’t – and then…… • Pilot the live system with a few users before rolling out – get more feedback • Phase it properly – don’t get too excited by all the things it can do initially There were probably others but these were the main ones…..
The Vendor’s Perspective • Help the vendor to help you – give them the full context and background • Define the key people – who may not necessarily be who you think – and ensure the vendor has sufficient time/access to the during the implementation – get the right balance • Prioritise your requirements, keep it simple and to those priorities leaving bells and whistles to later phases • Listen to the vendor’s advice/suggestions, they will have experience of implementing the software at hundreds of organisations so are aware of what works and the potential pitfalls • Provide your users with risk methodology training before the software training so that they can focus on learning the tool • Do not change your mind too many times ! No coincidence there is overlap with the preceding slides…..
Was it worth it? • Empowerment - for Risk/Control Owners • Consistency – all Risk Registers are on a common platform in common format • Reporting and MI at the touch of a button – we have used in our ORSAs • Audit Trail – we can track down the culprits more easily • Control for the Risk Management Function – its all in one place! • Trend analysis and roll forward functionality facilitate monitoring over time • Efficiencies? Undoubtedly – but we are still on our journey and have much to do Yes it was!
Some parting thoughts • Establish the business case first - Risk Management is a business process • Take the business with you – don’t impose it on them • Automation is not for everyone • It can only help you do your job better – it won’t do it for you • “Rubbish in, Rubbish out” – output quality matches that of input – to a degree • Remember the six “P”s Common sense but points worth making
And Finally……….. Thank you for listening! Questions? susan.young@rqih.com www.rqih.com Thank you for listening! Questions? susan.young@rqih.com www.rqih.com

Recommended

IACON Internal Audit Obligations under Solvency II June 2013
IACON Internal Audit Obligations under Solvency II June 2013IACON Internal Audit Obligations under Solvency II June 2013
IACON Internal Audit Obligations under Solvency II June 2013
Susan Young
 
Church Hierarchy Pope
Church Hierarchy Pope Church Hierarchy Pope
Church Hierarchy Pope
Monty Haytham
 
Brochure - Bachelor in Business Administration
Brochure - Bachelor in Business AdministrationBrochure - Bachelor in Business Administration
Brochure - Bachelor in Business Administration
Business Administration - University of Tor Vergata School of Economics
 
Church hirearchy
Church hirearchy Church hirearchy
Church hirearchy
Monty Haytham
 
IRM SIG What does the Second Line of Defence look like post SII July 2013
IRM SIG What does the Second Line of Defence look like post SII July 2013IRM SIG What does the Second Line of Defence look like post SII July 2013
IRM SIG What does the Second Line of Defence look like post SII July 2013
Susan Young
 
University of Rome Tor Vergata - Student guide 2014-15
University of Rome Tor Vergata - Student guide 2014-15University of Rome Tor Vergata - Student guide 2014-15
University of Rome Tor Vergata - Student guide 2014-15
Business Administration - University of Tor Vergata School of Economics
 
IRM SIG Embedding Risk - Group and Local Functions March 2014
IRM SIG Embedding Risk - Group and Local Functions March 2014IRM SIG Embedding Risk - Group and Local Functions March 2014
IRM SIG Embedding Risk - Group and Local Functions March 2014
Susan Young
 
Forslag til en sosiale medier-kampanje
Forslag til en sosiale medier-kampanjeForslag til en sosiale medier-kampanje
Forslag til en sosiale medier-kampanje
Bjørnar Magnussen
 

Recommended

IACON Internal Audit Obligations under Solvency II June 2013
IACON Internal Audit Obligations under Solvency II June 2013IACON Internal Audit Obligations under Solvency II June 2013
IACON Internal Audit Obligations under Solvency II June 2013
Susan Young
 
Church Hierarchy Pope
Church Hierarchy Pope Church Hierarchy Pope
Church Hierarchy Pope
Monty Haytham
 
Brochure - Bachelor in Business Administration
Brochure - Bachelor in Business AdministrationBrochure - Bachelor in Business Administration
Brochure - Bachelor in Business Administration
Business Administration - University of Tor Vergata School of Economics
 
Church hirearchy
Church hirearchy Church hirearchy
Church hirearchy
Monty Haytham
 
IRM SIG What does the Second Line of Defence look like post SII July 2013
IRM SIG What does the Second Line of Defence look like post SII July 2013IRM SIG What does the Second Line of Defence look like post SII July 2013
IRM SIG What does the Second Line of Defence look like post SII July 2013
Susan Young
 
University of Rome Tor Vergata - Student guide 2014-15
University of Rome Tor Vergata - Student guide 2014-15University of Rome Tor Vergata - Student guide 2014-15
University of Rome Tor Vergata - Student guide 2014-15
Business Administration - University of Tor Vergata School of Economics
 
IRM SIG Embedding Risk - Group and Local Functions March 2014
IRM SIG Embedding Risk - Group and Local Functions March 2014IRM SIG Embedding Risk - Group and Local Functions March 2014
IRM SIG Embedding Risk - Group and Local Functions March 2014
Susan Young
 
Forslag til en sosiale medier-kampanje
Forslag til en sosiale medier-kampanjeForslag til en sosiale medier-kampanje
Forslag til en sosiale medier-kampanje
Bjørnar Magnussen
 
C
CC
C
Monty Haytham
 
Brochure - Master of Science in Business Administration
Brochure - Master of Science in Business AdministrationBrochure - Master of Science in Business Administration
Brochure - Master of Science in Business Administration
Business Administration - University of Tor Vergata School of Economics
 
Task 1
Task 1 Task 1
Task 1
Monty Haytham
 
Medieval church dark ages
Medieval church dark agesMedieval church dark ages
Medieval church dark ages
Monty Haytham
 
Gesture keyboard
Gesture keyboardGesture keyboard
Gesture keyboard
Sravan Kumar.D
 
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
Susan Young
 
스태커회사소개서
스태커회사소개서스태커회사소개서
스태커회사소개서
stackrinc
 
떠블유퀴즈제안서
떠블유퀴즈제안서떠블유퀴즈제안서
떠블유퀴즈제안서
stackrinc
 
7 Steps to a successful ServiceNow Implementation
7 Steps to a successful ServiceNow Implementation7 Steps to a successful ServiceNow Implementation
7 Steps to a successful ServiceNow Implementation
Navvia
 
PM Tool Meetup
PM Tool MeetupPM Tool Meetup
PM Tool Meetup
Paul McCormack
 
PM Tool Meetup
PM Tool MeetupPM Tool Meetup
PM Tool Meetup
Paul McCormack
 
PM Tool Meetup
PM Tool MeetupPM Tool Meetup
PM Tool Meetup
Ambition Group
 
Pm Tool Meetup
Pm Tool MeetupPm Tool Meetup
Pm Tool Meetup
Ambition Group
 
The seven deadly sins of Scrum
The seven deadly sins of Scrum The seven deadly sins of Scrum
The seven deadly sins of Scrum
franohara99
 
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practiceJohn Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
itSMF UK
 
Gain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls MonitoringGain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls Monitoring
Emma Kelly
 
5 Things to Look for in Corrective Action Software Solutions
5 Things to Look for in Corrective Action Software Solutions5 Things to Look for in Corrective Action Software Solutions
5 Things to Look for in Corrective Action Software Solutions
EtQ, Inc.
 
Standard Bank: How APM Supports DevOps, Agile and Engineering Transformation ...
Standard Bank: How APM Supports DevOps, Agile and Engineering Transformation ...Standard Bank: How APM Supports DevOps, Agile and Engineering Transformation ...
Standard Bank: How APM Supports DevOps, Agile and Engineering Transformation ...
AppDynamics
 
2015 ISACA NACACS - Audit as Controls Factory
2015 ISACA NACACS - Audit as Controls Factory2015 ISACA NACACS - Audit as Controls Factory
2015 ISACA NACACS - Audit as Controls Factory
Nathan Anderson
 
ch03-Design Project.ppt
ch03-Design Project.pptch03-Design Project.ppt
ch03-Design Project.ppt
LuckySaigon1
 
RPA - International Quality Summit
RPA - International Quality SummitRPA - International Quality Summit
RPA - International Quality Summit
Allan Tan
 
Dynamic System Development Method (DSDM)
Dynamic System Development Method (DSDM)Dynamic System Development Method (DSDM)
Dynamic System Development Method (DSDM)
LennonDukeDuero
 

More Related Content

Viewers also liked

The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
Susan Young
 
스태커회사소개서
스태커회사소개서스태커회사소개서
스태커회사소개서
stackrinc
 
떠블유퀴즈제안서
떠블유퀴즈제안서떠블유퀴즈제안서
떠블유퀴즈제안서
stackrinc
 

Viewers also liked (8)

C
CC
C
 
Brochure - Master of Science in Business Administration
Brochure - Master of Science in Business AdministrationBrochure - Master of Science in Business Administration
Brochure - Master of Science in Business Administration
 
Task 1
Task 1 Task 1
Task 1
 
Medieval church dark ages
Medieval church dark agesMedieval church dark ages
Medieval church dark ages
 
Gesture keyboard
Gesture keyboardGesture keyboard
Gesture keyboard
 
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
 
스태커회사소개서
스태커회사소개서스태커회사소개서
스태커회사소개서
 
떠블유퀴즈제안서
떠블유퀴즈제안서떠블유퀴즈제안서
떠블유퀴즈제안서
 

Similar to IRM SIG Avoiding the Pitfalls in ERM IT Solution Selection July 2012

Gain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls MonitoringGain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls Monitoring
Emma Kelly
 
Standard Bank: How APM Supports DevOps, Agile and Engineering Transformation ...
Standard Bank: How APM Supports DevOps, Agile and Engineering Transformation ...Standard Bank: How APM Supports DevOps, Agile and Engineering Transformation ...
Standard Bank: How APM Supports DevOps, Agile and Engineering Transformation ...
AppDynamics
 
Dynamic System Development Method (DSDM)
Dynamic System Development Method (DSDM)Dynamic System Development Method (DSDM)
Dynamic System Development Method (DSDM)
LennonDukeDuero
 
Managing Risk and Capital in the Lloyd's and London Market - Ensuring Boards ...
Managing Risk and Capital in the Lloyd's and London Market - Ensuring Boards ...Managing Risk and Capital in the Lloyd's and London Market - Ensuring Boards ...
Managing Risk and Capital in the Lloyd's and London Market - Ensuring Boards ...
Susan Young
 

Similar to IRM SIG Avoiding the Pitfalls in ERM IT Solution Selection July 2012 (20)

7 Steps to a successful ServiceNow Implementation
7 Steps to a successful ServiceNow Implementation7 Steps to a successful ServiceNow Implementation
7 Steps to a successful ServiceNow Implementation
 
PM Tool Meetup
PM Tool MeetupPM Tool Meetup
PM Tool Meetup
 
PM Tool Meetup
PM Tool MeetupPM Tool Meetup
PM Tool Meetup
 
PM Tool Meetup
PM Tool MeetupPM Tool Meetup
PM Tool Meetup
 
Pm Tool Meetup
Pm Tool MeetupPm Tool Meetup
Pm Tool Meetup
 
The seven deadly sins of Scrum
The seven deadly sins of Scrum The seven deadly sins of Scrum
The seven deadly sins of Scrum
 
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practiceJohn Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
 
Gain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls MonitoringGain business insight with Continuous Controls Monitoring
Gain business insight with Continuous Controls Monitoring
 
5 Things to Look for in Corrective Action Software Solutions
5 Things to Look for in Corrective Action Software Solutions5 Things to Look for in Corrective Action Software Solutions
5 Things to Look for in Corrective Action Software Solutions
 
Standard Bank: How APM Supports DevOps, Agile and Engineering Transformation ...
Standard Bank: How APM Supports DevOps, Agile and Engineering Transformation ...Standard Bank: How APM Supports DevOps, Agile and Engineering Transformation ...
Standard Bank: How APM Supports DevOps, Agile and Engineering Transformation ...
 
2015 ISACA NACACS - Audit as Controls Factory
2015 ISACA NACACS - Audit as Controls Factory2015 ISACA NACACS - Audit as Controls Factory
2015 ISACA NACACS - Audit as Controls Factory
 
ch03-Design Project.ppt
ch03-Design Project.pptch03-Design Project.ppt
ch03-Design Project.ppt
 
RPA - International Quality Summit
RPA - International Quality SummitRPA - International Quality Summit
RPA - International Quality Summit
 
Dynamic System Development Method (DSDM)
Dynamic System Development Method (DSDM)Dynamic System Development Method (DSDM)
Dynamic System Development Method (DSDM)
 
Managing Risk and Capital in the Lloyd's and London Market - Ensuring Boards ...
Managing Risk and Capital in the Lloyd's and London Market - Ensuring Boards ...Managing Risk and Capital in the Lloyd's and London Market - Ensuring Boards ...
Managing Risk and Capital in the Lloyd's and London Market - Ensuring Boards ...
 
Professional Project Manager Should Be Proficient in Agile
Professional Project Manager Should Be Proficient in AgileProfessional Project Manager Should Be Proficient in Agile
Professional Project Manager Should Be Proficient in Agile
 
Surgery rules that 'hurt' patients
Surgery rules that 'hurt' patientsSurgery rules that 'hurt' patients
Surgery rules that 'hurt' patients
 
Top tools process_excellence
Top tools process_excellenceTop tools process_excellence
Top tools process_excellence
 
Future Proof Your DAM
Future Proof Your DAMFuture Proof Your DAM
Future Proof Your DAM
 
Digital Transformation, Testing and Automation
Digital Transformation, Testing and AutomationDigital Transformation, Testing and Automation
Digital Transformation, Testing and Automation
 

IRM SIG Avoiding the Pitfalls in ERM IT Solution Selection July 2012

  • 1. Institute of Risk Management Solvency II Special Interest Group Avoiding the pitfalls in ERM IT Solution Selection Susan Young Head of Risk Management R&Q Managing Agency Limited 10th July 2012 Private & Confidential www.rqih.com
  • 2. Agenda • Background and Context • Criteria pointing to automation • Approach to selection and selection criteria • Implementation - what went well • Implementation - what lessons did we learn • The Vendor’s perspective • Was it worth it? • Some parting thoughts • Questions
  • 3. Background and Context • I Joined R&Q in August 2010 as Head of Risk Management • The initial priority was the Lloyd’s Managing Agency, launching a new “Live” syndicate and developing a Solvency II compliant ERM framework • These, however, were not the only drivers……… • R&Q is a complex group engaged in many areas of activity which has grown largely by acquisition. The holding company is AIM listed and there are other regulated entities within the Group including overseas activity, some of which is governed by local regulators There was a group-wide demand for Risk Management
  • 4. Criteria pointing to automation • The Risk Management Framework needed to be; – Scaleable – Customisable – Interactive – Easy to use – Have comprehensive reporting functionality – Solvency II Internal Model friendly - will it give the modellers what they want in the format they want it? Existing capability (MS Office Tools) alone would not cut the mustard
  • 5. Approach to selection and selection criteria • Personal research • Exhibitors at IRM (and other) conferences • Word of mouth • Shortlisted 3 to give initial demonstrations to key stakeholders • Made initial selection based on – Ease of use – Reporting Functionality – Vendor’s knowledge of industry and client base – Scenario analysis – Solvency II Use test in mind • Proposal to Risk Committee and to the Board We did our homework as best we could!
  • 6. Implementation - what went well • We had existing Risk Registers in place which could simply be uploaded – once the requisite analysis and configuration had been done • We also had a developing Risk Management Framework which was already embedding – most users therefore understood this was a means to an end • Buy in from senior management had already been obtained • User training – engagement before roll out • Vendor was very accessible, hands on and patient! That was the good bit….
  • 7. Implementation - what lessons did we learn? • Plenty! • Scope the implementation our as a project - that’s what it is • Get to know the software and what it can do before you begin • Decide what you want it to do for you early on and avoid scope creep • This is a change management project - it is an integral element of embedding an risk culture – treat it that way! • Leave yourself plenty of time – don’t try and do the implementation on top of the day job (or concurrent with other initiatives – like Solvency II – unless it is explicitly within scope of this project Wait there’s more….
  • 8. Implementation - what lessons did we learn (continued)? • Don’t set artificial deadlines – be realistic • Don’t rush it – it may mean more time spent in rework later on • Appreciate that any automated Risk Management solution is an enabler – it supplements your Risk Management Framework and it a means to an end only • From the point above, have your Risk Management Framework broadly in place first • Test the system fully before it goes live, with users. Get their feedback on what works and what doesn’t – and then…… • Pilot the live system with a few users before rolling out – get more feedback • Phase it properly – don’t get too excited by all the things it can do initially There were probably others but these were the main ones…..
  • 9. The Vendor’s Perspective • Help the vendor to help you – give them the full context and background • Define the key people – who may not necessarily be who you think – and ensure the vendor has sufficient time/access to the during the implementation – get the right balance • Prioritise your requirements, keep it simple and to those priorities leaving bells and whistles to later phases • Listen to the vendor’s advice/suggestions, they will have experience of implementing the software at hundreds of organisations so are aware of what works and the potential pitfalls • Provide your users with risk methodology training before the software training so that they can focus on learning the tool • Do not change your mind too many times ! No coincidence there is overlap with the preceding slides…..
  • 10. Was it worth it? • Empowerment - for Risk/Control Owners • Consistency – all Risk Registers are on a common platform in common format • Reporting and MI at the touch of a button – we have used in our ORSAs • Audit Trail – we can track down the culprits more easily • Control for the Risk Management Function – its all in one place! • Trend analysis and roll forward functionality facilitate monitoring over time • Efficiencies? Undoubtedly – but we are still on our journey and have much to do Yes it was!
  • 11. Some parting thoughts • Establish the business case first - Risk Management is a business process • Take the business with you – don’t impose it on them • Automation is not for everyone • It can only help you do your job better – it won’t do it for you • “Rubbish in, Rubbish out” – output quality matches that of input – to a degree • Remember the six “P”s Common sense but points worth making
  • 12. And Finally……….. Thank you for listening! Questions? susan.young@rqih.com www.rqih.com Thank you for listening! Questions? susan.young@rqih.com www.rqih.com