The risk process produces large amounts of data that are needed to support analysis, reporting, decision-making and action. Tools can help us to manage these data efficiently. But there are many alternative risk tools, so how can you choose the right one for your needs?
The following factors should be considered:
- User base. Ask potential users of the risk tool what they need. Consider each user group, as their needs will be different.
- Functionality. Define and prioritise the required technical risk functions for the tool.
- Process support. Be sure that your risk process is mature and stable, and then be sure that the chosen tool can support your process.
- Integration. Consider how the risk tool should integrate with other tools and processes in projects and the wider business.
- Reporting. Define what standard risk reports you need, as well as the ability to produce bespoke outputs.
- Training. Consider what training your staff might need to be able to use the risk tool properly.
- Scalability. Decide on scalability and whether you are managing risk for different sizes of project and at various levels across the organisation.
- Support. Think about what ongoing support you might need after you have bought the tool.
- Growth potential. Assess how the chosen tool might need to grow with your business.
- Affordability. Determine your budget, including purchase of the tool, possible customisation, piloting, data cleansing and entry, training, communication and roll-out. But cost should not be the driving consideration as you will get what you pay for, so you should buy what you need.
These factors can be compiled into a ‘functional requirement specification’ defining what you need from your risk tool. This categorises requirements into those which are essential, the ones that are preferred, and optional extras. You might even develop a weighted scoring system based on the various requirements.
You can then use this specification to screen available risk tools and produce a short-list of possible candidates that meet all or most of the criteria.
Invite the vendors of these tools to present their tool in more detail. Try testing each tool using actual risk data to ensure that the reality lives up to the vendor’s sales pitch. Invite real users to take part in trials to give you their feedback on whether it meets their needs. See if vendors are able to tailor their tool to meet your specific requirements. Be ready to ask difficult questions!
A risk tool cannot guarantee effective risk management, however good that tool may be, just like having a copy of Microsoft Word will not make you a good writer, and owning a power-drill does not mean you can build a wardrobe. In the same way, use of a risk tool does not ensure the ability to manage risk. But tools can certainly play a part in supporting the risk process if you choose the right one.
This article was originally published as ‘Choosing the right risk tool’ and has been reproduced with permission.