7 Ways to Build a Business

Case for ERM Software

+1 617 530 1210 | logicmanager.com | info@logicmanager.com ©LogicManager, Inc.

1
Table of Contents

4 Chapter 1: Why are Spreadsheets so Popular?

5 Chapter 2: Disadvantages of Spreadsheets

6 Chapter 3: The Business Case for ERM Software

6 Robust Taxonomy

11 Data Validation

14 Dynamic Relationships

17 Reporting

20 Audit & Compliance

24 Customer Support

26 Financial Return

30 Chapter 4: Conclusion

2
 Manage Tomorrow’s Surprises Today

Being surprised in business is bad. Everyone has had one of those days where
nothing seems to go as planned - from minor surprises like missing a contract
renewal, to major surprises like a data breach.

At LogicManager, we believe that these so-called surprises, or risks, can for the most part be prevented. A
business is the sum of many moving parts - internal departments, suppliers and customers - and everything
is connected. These connections by themselves do not necessarily bring risk. Instead, it’s often the lack of
transparency between connected areas that causes unwanted surprise and uncertainty.

Enterprise Risk Management is a systematic way to help everyone prevent surprises by creating a common
framework for managing and connecting information. Fewer surprises means more smoothly run operations,
where people can focus on proactive tasks rather than reactive fixes. At the end of the day, this means a
better bottom line, a 25% improved market value to be specific.

Audit
Missed Financing
Contract
Renewal

Surprise!

Data
Regulatory Breach
Trouble

3
Chapter 1: Why are Spreadsheets so Popular?
Organizations are increasingly adopting ERM programs, both at the request of senior leadership as well as to
meet the expectations of regulators. Despite the positive increase in adoption, there is confusion around the
requirement to invest in ERM technology. And so the question remains, why do so many organizations choose
to rely on spreadsheets and shared drives to manage their risks?

Benefits of Spreadsheets
Many organizations choose spreadsheets for their ERM programs because of their perceived benefits.

Because spreadsheets are readily available, and most everyone understands how they work, many assume
that spreadsheets will adequately serve ERM programs because they have done well enough in the past
for other departments. However, it needs to be understood that the very mission of risk management is to
prevent business surprises, and therefore is different from all other departments in that its sole purpose
is interoperability across silos. However, it can be intimidating to build a business case for evaluating,
purchasing, and implementing a software solution.

Siloed Risk Software

Finance Operations Legal IT

4
Chapter 2: Disadvantages of Spreadsheets
While it may appear that there are many benefits to using spreadsheets to manage an organization’s ERM
program, the disadvantages far outweigh the advantages.

Downfalls of Spreadsheets
Those tasked with the role of managing risk and compliance are likely all too familiar with the drawbacks of
these applications.

Spreadsheets are horrible for data collection because they have no audit trail, user mistakes are hard to
identify, sending out assessment questions across departments is difficult, and re-aggregating this
information for analysis and reporting is an even more impossible task. Further, they fail to meet regulatory
compliance requirements as they lack controls over the accidental or deliberate alteration or substitution of
data.

But how can known deficiencies be translated into measurable returns on investment in ERM technology?
With the cards stacked against governance personnel, they need concrete, measurable reasons why their
organization should do things differently. Risk professionals have to be prepared to educate their leadership
on the real risks they face by relying on generic products, and must have a full understanding of the value that
can be achieved by transitioning to the right software solution.

Doesn’t Contain Doesn’t Meet Assessments Can’t Be

Audit Trail Regulatory Assigned to Different
Requirements Departments

No Easy Way to No Easy Reporting

Identify Mistakes

5
Chapter 3: 7 Ways to Build the
Business Case for ERM Software

#1: Robust Taxonomy

An ERM software that can build a risk-based taxonomy streamlines processes and uncovers redundancies.
This unlocks value and efficiency not just for risk managers, but across the entire enterprise.

Engagement Across Silos

One of the largest perceived benefits of spreadsheets can also be one of their greatest drawbacks.

By providing what amounts to an endlessly customizable application, organizations lose the standardization
required to share and measure risks across the enterprise.

Spreadsheet-based tools often get siloed into different business units. Finance measures and mitigates their
risks in a much different manner, and with a much different language, than HR or IT does. Silos like this create
costly redundancy, as best practices are not shared and underlying commonalities go undiscovered.

When each department uses disaggregated spreadsheets, and disconnected risk language, the organization
is left with a limited understanding of their risk exposure and the effectiveness of mitigation activities. ERM
software builds a risk taxonomy across the organization. This language is applicable across all horizontals
and verticals, and leads to efficiency and cost-savings.
Accounting

Resources

Strategic Goals
Operations

Marketing

Information Security
Human
Finance &

Regulatory Compliance

6
Connected Assessments
A risk taxonomy ensures that all risks across an organization are identified, assessed, and evaluated in a
uniform, interconnected manner.

ERM software with a risk-based taxonomy enables this to happen by defining the vertical and departmental
core processes of an organization, as well as outlining other cross functional dimensions that are related to
governance, risk, and compliance activities. Taxonomy connects enterprise-level risks to individual business
processes in a centralized, repeatable, and user-friendly manner.

Vendor Management

IT Management Financial Reporting

Compliance Audit Management

Taxonomy

Business Continuity Operational Metrics

Policy Management Strategic Planning

Click here to download our free Risk Assessment Template for Excel!

7
Eliminate Duplicate Work
Risk-based software enables organizations to uncover systemic risks by providing the framework for a
common risk language and highlighting duplicity.

Employees may not even realize that the work that they are doing, or the risks they are facing, have already
been addressed by someone in a different department. The root cause of this is a lack of visibility. Taxonomy
eliminates this by highlighting the areas where duplicity exists. This is turn leads to increased productivity
across the enterprise, saving both time and money.

Person C Person B Person A

Completing Completing Completing
Task A Task A Task A

Person B
Completing
Task A

Increased Decreased
Savings Costs

8
Positive Risk Culture
Poorly defined taxonomies result in poor communication, limited accountability, and a siloed approach to
solutions. Organizations with a clear taxonomy are able to easily aggregate and compare information.

A common risk taxonomy supports a positive and proactive risk culture by cascading organizational priorities
to risk managers and individual process owners. Information is shared across all levels of the organization,
and input from the front line process owners can be aggregated and reported to executives. Risk-based ERM
software closes the gap between high level strategy and on the ground operations, providing transparency
that is unachievable with spreadsheets

Positive Risk Culture

Board of Directors

Risk Managers Risk Managers

Process Owners Process Owners

What other metrics can you collect?

Download our eBook, “Meaningful Metrics: Using ERM to Inform
Strategy,” to see some actionable risk metrics that can improve
efficiencies, identify new opportunities, and prevent risk events.

9
Another benefit of a risk-based platform is that it can be used to reflect the unique characteristics and
features of an organization in a robust and repeatable manner.

Spreadsheets connect rows and columns of cells. They are one dimensional and labor intensive. With
limited built in monitoring, process improvement, and reporting capabilities, spreadsheets are poorly suited
for quick decision making and keeping employees up to date with key changes to the business environment.
This leads to low engagement, poor performance, and wasted time trying to get spreadsheets to work.

Taxonomy, on the other hand, builds dynamic relationships between employees, departments,
physical assets, policies and the external environment. Inefficiencies are streamlined as clear relationships
are defined, and manual tasks become automated. This means that risk managers spend less time tending
to data, and trying to scale risk management. Process owners are able to focus on the activities that create
value: improving their processes, eliminating waste, carrying out strategic initiatives, and mitigating risks.

Applications

Vendor Physical Asset

People
Data

Business Process

10
#2: Data Validation
Another consideration when building a business case for software is that, for an organization to effectively
manage and analyze its risks, it must first ensure that the data that it has collected is accurate.

Prevalence of Errors in Spreadsheets

A major problem with spreadsheets is that they are very susceptible to data errors.

While it may not seem obvious, using spreadsheets to track an organization’s risks increases your vulnerable
to data errors. A University of Hawaii study on corporate use of spreadsheets found that 94% of spreadsheets
have errors, and that on average there is an error in one out of every 20 cells within a spreadsheet. Meaning,
incorrect data within spreadsheets is much more prevalent than what boards realize.

94%
of spreadsheets 1 in 20
contain errors spreadsheet cells
contains an error

Lack of Validation
Spreadsheet errors can result from both malicious intents and seemingly simple mistakes.

Because spreadsheets lack controls, it is very easy to change formulas and values, thus creating a window for
fraudulent behavior that can easily go undetected.

Unfortunately, simple human errors can also result in disastrous consequences. While a missed decimal
place, duplicate entry, or mistake using copy and paste may not seem like huge deal, they can have
tremendous results.

11
JPMorgan London Whale
A quick Google search of “spreadsheet horror
stories,” will output any number of examples where
companies lost millions of dollars as a result of a
human error made in a spreadsheet.

One of the most infamous stories of spreadsheet

errors comes from 2013, when JPMorgan’s London
Whale losses of $6 billion occurred. The auditors’
report during their investigation found that on top of
not being tested correctly, the model suffered from
some pretty standard Excel flaws, such as incorrect
copying and pasting data from one spreadsheet to
another. Excel data can easily get lost. Information can get written over, and a user might not even notice.
If a mistake using Excel shows that there is less risk than there actually is, organizations can run into a huge
problem.

Types of Validation
Software is able to eliminate these risks by validating data as it is entered into the system.

Software acts as its own internal control over business processes by designating field types, varying
permissions, and notifying users of irregularities. For example, a person is not able to enter a letter in a field
used to track revenue. Also, aggregating data is fully automated with no manual activity to copy information
from one spreadsheet to another.

In addition to these controls, by assigning different individuals different permission levels and entry options,
governance personnel can limit access and the opportunity for errors or fraud.

Data Validation

Text Numeric Date User Lookup Picklist

Allows user to Only allows Only allows Only allows Only allows
enter free text user to enter user to select user to select users to select
numbers and a date from a people listed from a pre-
decimals calendar year within the determined
platform picklist

12
Historical Tracking
Software easily tracks changes that occur throughout an organization’s ERM program over time.

Solutions create a centralized location for all of an organization’s data so that it does not get lost between
spreadsheets in different versions and locations. Historical tracking and version control not only records
when changes are made and who they were made by, but it also reminds people why a certain test failed
the last time they completed it, or why one of their least critical risks is now in the top 10. This leads to a risk
management program that can scale dynamically over time.

LogicManager Copyright

Additionally, the latest version of the data is automatically saved, so that if an error is made, the system can
be restored back to its previous state. This can save countless hours and money trying to find and correct
mistakes. As a result of these safeguards, software inherently adds immense value when managing an
organization’s risks.

Version Number: 24 Version Number: 25 Version Number:a ke 26

Last Update: Last Update: i st
Last Update:
12/18/2021 3/5/2022 M
3/5/2022
!

13
#3: Dynamic Relationships
Governance, Risk, and Compliance is, by its very nature, a relational exercise. When organizations build
and document the dynamic relationships that exist within their data, they create a vastly more robust and
valuable program.

Spreadsheets Over Time

Risk management is not a static process; it is highly dynamic and evolves over time as requirements and
priorities change. Spreadsheets, on the other hand, are very one dimensional and rigid.

Risks are associated with one or more controls, which are tied to one or more tests or monitoring activities,
all of which must be assigned accountability and reviewed regularly.

As spreadsheets become more complex in order to keep up with changing demands, they in turn become
harder to manage, and more likely to breakdown. Time and money are wasted trying to keep the process
afloat.

New Demands Changing Needs

Original Needs

Original Needs
Changing Needs Original Needs New Demands

New Demands Changing Needs

New Demands Changing Needs

14
Building Relationships
ERM software is designed to support this relational exercise across an organization’s data to show how
different areas are connected.

Creating relationships between one risk and multiple mitigating actions, and then that mitigation and the
multiple tests that govern it, would be almost impossible to do using spreadsheets, and even harder to report
on. Software enables organizations to make these many-to-many dynamic relationships with the click of a
button.

People > Staff Competencies

Absence of necessary skillsets

Mitigation

Impact Likelihood Assurance

Over-dependence on single subject matter experts

Mitigation
Impact Likelihood Assurance

LogicManager Copyright

Software allows organizations to easily connect risks to the taxonomy structure previously described.
Links to a core organizational structure, primary markets, and risk types, such as operational, regulatory,
compliance, reputational, and strategic risks- or virtually any other field- can be made and fully reported on
using software.

Organizational
Risk Types
Structure
Risks
Operations Operational Risks

Human Resources Regulatory Risks

Finance &
Primary Markets Reputational Risks
Accounting

Marketing Domestic Market Compliance Risks

Information
European Market Strategic Risks
Technology

15
Root Cause
Organizations can determine the root cause of their risks using software.

Unlike spreadsheets, software platforms that utilize a hierarchical structure, such as LogicManager’s
patent-pending Taxonomy, enable people to discover the root-cause of the risks within their organization.

Indicator

Factor

Category

They are able to determine whether their most critical threats are originating from External, People, Process,
Relationships, or Systems drivers. By tracking the dynamic relationships that exist within their organization,
their risk-based ERM program will be able to provide specific recommendations of who needs to be involved
and what needs to be done.

External People Process Relationships Systems

Risks caused by Risks involving Risks Risks caused by Risks due
outside people, people who arising from the the organization’s to data or
entities and work for the organization’s connection with information
environments organization execution third parties assets
of business
operations

16
#4: Reporting
After articulating the importance of being able to build the appropriate links between risks, the next step in
building a business case is considering reporting requirements.

Better Use of Time

One huge downside to managing the data for an organization’s risks in spreadsheets is that it makes
reporting on the data an incredibly tedious and tactical activity.

Risk managers spend on average 62% of their time on tactical activities. In a 40 hour work week, that is over
24 hours spent manipulating spreadsheets, mining data, and building reports. How can ERM professionals
be strategic if they are committing over half of their time to finding out which risks they need to manage?

In contrast, studies of LogicManager’s customer base indicate that time is cut by over three quarters, to
about 6 hours per week. That is 18 more hours per week that can be spent developing mitigation strategies
for high priorities risk, tending to areas of non-compliance, and improving the efficiency of their
organization’s operations. By reducing the amount of time it takes other people in their program to
contribute, it increases their engagement.

6 hours
24 hours 18 hours
Aggregating & mining
Developing mitigation
data, building reports, and
strategies, tending to
tending to spreadsheets
areas of noncompliance,
and improving efficiency of
operations

17
Centralized Location
Software stores all of an organization’s risk management data in one place.

This eliminates the unnecessary complexity and confusion that pulling data from disparate spreadsheets
creates. This is turn increases efficiencies throughout organizations, and eliminates the chance that a report
will break due to a small error that is hidden somewhere within the spreadsheet

Risk

Risk Risk

ERM Software
Risk
Risk

Risk Risk

Risk

Time Saving
Software has been shown to drastically reduce the
amount of time and resources people spend on reporting.

An analysis of LogicManager customers revealed that

before adopting LogicManager they would spend as Reporting
much as 50% of their time collecting data and building
reports.

Since LogicManager was introduced, this has been cut to

a fraction of the time, as the information is now stored Before Strategic
centrally and reports are run with a simple click of the Initiatives
button.

After

18
Savings Over Time
As a result, all of the time, energy and
money that was wasted before can now be
put towards strategic risk management,
which in turns saves even more money for

Dollars ($)
the organization.

One customer built the business case for

ERM software on the basis that the time Savings Over
the Life of the
a single executive saved building the
Subscription
reports she needed would actually exceed Cost of the
the cost of ownership over the life of the Software
subscription. Time costs money, and ERM
solutions can help save time.

Custom Reporting
Any software that an organization is considering, must come prepopulated with prepared reports and
dashboards designed to meet the common reporting requirements of the board and regulators.

Within the LogicManager platform, any number of flexible, custom reports can be created. These reports can
then be saved and used on a recurring basis. Creating custom reports is typically much easier using an ERM
platform versus in Excel or other tools. This is because software utilizes a Business Intelligence engine, which
is an intuitive and user-friendly tool designed for the sole purpose of creating reports. Software also allows
organizations to adapt their reports easily, as they evolve and their ERM programs grow.

Completed
Deferred
In Progress
Mitigation in Place
New
Not Started
Waiting on Someone Else

Ex. Task by Status

19
Reporting Cycle
By streamlining the reporting cycle, software is able to
save organizations valuable resources. Update
Data
Furthermore, software ensures that the reports an
organization creates are always using the most up-to-date
data. While recreating a complex report with newer data
may be near impossible to complete in a short time frame Communicate Refresh
Refresh
using Excel, software enables users to easily “refresh.” Results Report

As ERM professionals can convey to their senior

management, this functionality will save their organization
resources, as the time once spent on updating reports can Run
now be put towards more value-added actions. Without Report
software, how can risk professionals respond to an auditor,
regulator, management, or board request?

#5: Audit & Compliance

As important as reporting is, it is just as important for organizations to exhibit compliance to external
regulators and internal audit groups. ERM software helps organizations become compliant and adhere to
industry best practices.

Increased Responsibility
The SEC, NAIC, and other regulatory
bodies, as well as legislation from High-Level Oversight CEO-Level Activities
congress, now require formalized
ERM programs.

The responsibility of the Boards of

Directors have increased beyond
Board of
CEO-level activities. They are now Material Risks ERM
Directors
accountable for the material impact
of risks at all levels. Boards are faced
with two choices: either have an
effective risk management program
in place, or disclose the lack thereof
to the public. If they do neither it is
now considered fraud or negligence. Mandatory Disclosure

20
Since the liability for error is so high, internal audit has now been tasked to do the fact-checking on risk
management information to ensure its integrity, all the way up from the business process activity.

The Institute of Internal Auditors (IIA) announced in October 2012 the revision to its International Professional
Practices Framework (IPPF), effective Jan. 1, 2013. These mandated changes require auditors to validate the
most timely and most significant risks, especially those that impact the achieving of the organization’s
strategic objectives.

IIA

Internal Audit

Validate Strategic
Fact-Check ERM Ensure Integrity
Significant Risks Objectives

Disasters in Risk Management

Examples of lapses in risk management and negligence are widespread.

The once common and cost cutting practice of, “don’t write it down,” is no longer viable. Boards of directors
are now liable for not having their risk management programs reach the front lines of their businesses. Not
knowing is not longer an acceptable answer.

Software provides assurance against fines and penalties by making it easy to monitor compliance and risk
over time. The cost of an annual risk-based ERM software subscription is nominal compared to the massive
fines many organizations encounter due to failed compliance or unmitigated risks.

Sony Target
Email Hack Data Breach
BP $15 Million $67 Million
Oil Spill
$18.7 Billion GSK
Contaminated Drugs Oppenheimer
$750 Million Compliance
Bank of America
Compliance $20 Million
$9.5 Billion

21
Risk Maturity
One method of ensuring senior leadership is protected from the liability that a poor ERM infrastructure
creates is by benchmarking their program against industry peers.

The Risk Maturity Model (RMM) is an online assessment that does just this, and is used by thousands of
organizations around the world. The RMM is an aggregate assessment of the most common risk and
compliance frameworks, like ISO 31000, OCEG, COSO, FERMA, and Solvency II among other standards. The
RMM also adds value to those frameworks by prioritizing which elements of your program are most in need of
revamping. This allows ERM professionals to target the aspects of their program that provide senior
leadership with the biggest bang for their buck.

In the RMM, a key distinguishing factor between weak and strong programs is the level of repeatability within
the organization. Spreadsheets are generally ad hoc solutions, which lack the repeatability and oversight
mature organizations need. Compliance initiatives that are spearheaded with spreadsheets, are not
adaptable and transferable, especially when compared to a powerful software that is designed to grow over
time. By using risk-based ERM software for your risk management program, you adhere to industry best
practices, and unlock untapped value for your organization. Research by Queens University verified that value
is worth an increase of 25% of your entire organization’s market value.

7 Attributes

5 Leadership

25 Competency Drivers 4 Managed

3 Repeatable

2 Initial
66 Key Readiness Indicators
1 Ad hoc

Click here to download our free Risk Assessment Template for Excel!

22
Industry Best Practice
With regulatory bodies and industry best practices shifting towards more robust ERM programs, spreadsheets
no longer make the cut.

Spreadsheet based risk management is a compliance nightmare because it lacks audit trails and other
safeguards. Audit departments must move beyond compliance and financial reporting, and begin focusing
on strategic business goals, operational objectives, and enterprise-wide business processes.

ERM programs should be inherently designed around frameworks such as ISO 31000, COSO, PCI, SOX, and a
long list of other required standards.

The best solutions will include out-of-the-box risk and readiness assessments from organizations such as
NIST and the SEC, thus allowing for quick wins and rapid steps towards compliance.

Confusion
Spreadsheets Limitation
Obstruction
Negligence

Accountability
Audit Trails
Software
Sign Offs
Strategic Insight

Take Action on Your Risk Appetites

If you’re looking for more ways to make your risk appetites more
actionable, download our free copy of our eBook, “5 Steps Towards
an Actionable Risk Appetite.”

23
#6: Customer Support
Robust risk and compliance programs unlock value but they are not built overnight. It can be intimidating to
get the ball rolling and win organizational resources. A dedicated ERM vendor can catalyze these efforts and
become an immediate asset.

Dedicated Support Teams

When organizations take it upon themselves to build their ERM initiatives in-house or with spreadsheets, they
cut themselves off from a wealth of knowledge, resources, and industry best practices.

Powerful software solutions come with dedicated support teams that are equipped to solve even the most
complex challenges, minimize learning curves, and assist ERM initiatives as they mature over time.

Dedicated Support Team

Strategic Problem Solving
Growth and Risk Maturity

Software

Spreadsheets

Disparate Support
Limited Oversight
Poor Scalability

24
Restructure Existing Initiatives
No matter what stage an organization’s existing ERM initiative is in, business analysts work to successfully
retrofit current data into their software and establish strategies to increase their risk maturity level.

Some organizations have an intricate web of spreadsheets and internal documents that make up their risk
management initiatives. Other organizations may treat risk management as an ad hoc activity and lack any
formal process.

KPI

KPI

Controls Tests Controls Tests

Software

Audit KRI
Audit KRI

Before After

Questions to Ask All Vendors

In order to present a software to management that will unlock the greatest amount of value for the
organization, it is important to ask the tough questions when evaluating potential vendors.

By asking these questions of all potential vendors, risk managers can then bring transparent information to
board and senior management to further demonstrate the value of purchasing a risk-based ERM platform.

Unlimited Dedicated Domestic

Flexible Satisfaction Quick
Business Business Support
Contracts? Guarantee? Implementation?
Consulting? Analyst? Team?

Does the Will you have Are the business Is the software Does the What is the
software offer an analyst and technical going to lock software offer typical time
unlimited hours dedicated to support teams you into a year, a satisfaction frame for
of business your located or multi-year, guarantee? implementation?
consulting? organization? domestically? contract?
At what cost?

25
#7: Financial Return
The ultimate consideration for any business decision is defining and valuing the financial returns. Executives
are more cost conscious than ever, so all spending must be justified with strong reasoning and financial facts
and figures. A business case should weigh both the short and long term cost-benefit analysis of how the
structure of an ERM program with effect value creation.

Fundamental Business Questions

There are some standard questions that any senior executive will ask when evaluating a business case for
software. Here are some of the most common:

What is the time What is the Are the benefits

How much value opportunity cost
will be created? frame for realizing greater than the
value? of the project? costs?

At first, spreadsheets can appear to be a strong option due to the fact that an organization likely already has
the licenses, resulting in few immediate cash outflows. However, time and resources are wasted trying to
leverage spreadsheets for a ERM program. This results in huge hidden costs, exhausted human resources,
inefficiencies over time, and confusion throughout the organization.

SaaS Software-as-a-Service
Software-as-a-Service deployments now account for over 50% of ERM software implementations.

SaaS solutions help risk professionals build their business case because they limit upfront investments and
offers a much faster implementation. This translates into a much quicker time to value for the organization. A
full SaaS implementation is generally six to eight weeks, as opposed to over a year for traditionally installed
solutions. Software-as-a-Service vendors also offer industry leading security infrastructure by utilizing best
in class hosting methods and security controls. These safeguards often can not be afforded by internal IT
groups, who have limited resources when compared to a data center with the sole responsibility of protecting
its customers. SaaS solutions evolve with the market and the needs of their clients, all without putting the
responsibility on the customer to pursue upgrades and suggest improvements. By strategically partnering
with a SaaS vendor, organizations are able to stay on the cutting edge of ERM technology, security protocols,
and industry best practices.

26
 Limits Upfront Investments Faster Implementation

Best-in-Class Hosting Benefits of SaaS Evolves with the Market

and Security Controls

Easy to Use Highly Configurable

Articulating Deployment Options

The ability of a vendor to grow and expand with an organization’s program is an indication of its long-term
suitability, and should be a part of the decision making process.

Most ERM platforms will offer some manner of hosted or “on-premise” solutions that require the company
to set up and manage the infrastructure needed to run the system. This is very much an archaic method of
purchasing solutions, as it leaves the client on the hook for the licenses, maintenance, upgrade costs and,
most importantly, the continuing professional services fees that can more than double the cost of ownership.

License Fees Professional Services Fees

Costs of
On-Premise
Solutions

Maintenance Fees Upgrade Costs

27
Mature Value Creation
What is the bottom-line impact that risk-based solutions bring to organizations?

To address this question, a team of independent researchers at Queens University statistically analyzed five
years of data collected by the Risk Maturity Model, in order to determine the presence of a significant
connection between the maturity of a company’s ERM program, and their financial performance. The
complete results of their research was published in the Journal of Risk and Insurance, and can be found in
the article, “The Valuation Implications of Enterprise Risk Management Maturity.”

The study found that there was a “clear and significant statistical correlation between mature Enterprise
Risk Management practices and a firm’s value.” Specifically, organizations exhibiting mature Enterprise Risk
Management practices, as defined and assessed by the Risk Maturity Model, can expect to realize a market
valuation premium of up to 25%.

W orth
Net 25%
n
25 %i
20%

15%
10%
5%
Leadership
Repeatable

Managed
Ad hoc

Initial

RMM Maturity Level

28
Process Integration
Researchers found that a key Risk Maturity Model attribute affecting an organization’s valuation was their
ability to integrate a risk-based ERM process into its day to day operations.

Researchers Farrell and Gallagher conclude that, “the lessons for businesses are that ERM processes must be
scalable, repeatable and embedded throughout the organization with a hierarchy of risk-related
responsibility. Furthermore, the quality of this process is monitored and improved by having a clear feedback
mechanism throughout the firm hierarchy.”

Without a method of monitoring progress, it is impossible to say how much an ERM program contributes to
the value of the organization. Software solves that problem by centralizing where data is collected and
mapping the strategic elements of ERM, like risk assessments and risk appetite, with the concrete day-to-day
work of ERM professionals.

Senior Leadership’s ERM Strategy

Risk Managers Risk Managers

Process Daily Process Daily

Owners Operations Owners Operations

Unlock Productivity
Organizations that successfully integrate ERM processes into both their strategic activities and everyday
practices display a superior ability in uncovering risk dependencies and correlations across the entire
enterprise, and enhance value. LogicManager customers typically see:

Quality Efficiency Transparency

167% 381% 183%

Increase in assurance Increase in risks quantified Increase in visibility
of risk coverage into risk assessments

29
Chapter 4: Conclusion
LogicManager authored the Risk Maturity Model, and our risk-based software solution is designed as a
framework to help organizations achieve the best practices outlined in the model. The bottom line is that
organizations with mature and effective risk-based ERM programs are valued up to 25% higher, can
continuously guarantee compliance across departments, and spend 75% less time on tactical activities,
than those without one.

30
LogicManager’s All-in-One ERM
Software Provides All the Content You Need.
Leadership: More than 2000 organizations use our risk management solution.

Insight: Put your risk picture together.

Software-as-a-Service: No up-front investment and no long-term commitment required.

REQUEST A DEMO

AUDIT BUSINESS COMPLIANCE

MANAGEMENT CONTINUITY & DR MANAGEMENT

INCIDENT ENTERPRISE RISK FINANCIAL

MANAGEMENT MANAGEMENT REPORTING (SOX, MAR)

POLICY VENDOR IT GOVERNANCE

MANAGEMENT MANAGEMENT & SECURITY

+1 617 530 1210 | logicmanager.com | info@logicmanager.com ©LogicManager, Inc.

31