1. Ensure you have an existing risk management policy, risk framework and methodology
2. Identify the risk champions and risk owners at the various levels of your organisation.
3. Get buy-in from the top and educate your users as to the value of ERM and the reason for
4. Confirm the kinds of risk management reports you would like out of the system: heat maps,
trend analysis etc.
5. Sanitise and import your existing Excel-based risk registers into the system
Now that you are ready to use the software:
1. Inform users that whilst the system is non-intrusive there will be automated follow-up of
2. Embed and expand the usage of the system over time
3. Add value to the organisation with insightful reporting
4. Demonstrate the effective mitigation of risks and monitoring of controls
5. Follow up on remedial action plans