The COSO Framework for Internal Control
February 12, 2025
A Pillar of Democracy The political system in any country is that part of the state apparatus that is in charge of the legislature and the executive. It is the practice in democracies to appoint politicians in the legislature and executive to administer the country. The political system is one of the pillars of modern […]
Enterprise risk management (ERM) is a buzzword that has been doing rounds in the risk management field for the past few years. It is often used by managers in a context that implies that it is wider in scope than the traditional risk management function. However, the number of risk management professionals who do not […]
The Necessity of Change and Change Agents World Over World over, the leaders of nations and firms are grappling with the need to change old ways of thinking and change old habits of behavior to face the future that is certainly disruptive and hence, to thrive in the years to come, change would be the […]
We have come across a number of times during our exploration of the topic, that it is somewhat difficult to define public administration in concrete terms. It has close association, interaction and influences from several fields of studies like law, political and social science administrative science and human relations and even behavioral science for that […]
Lisa works as a Brand Executive with a reputed multinational firm. She was asked to deliver a presentation on her assignments and achievements. Her appraisal was due that month, and she did not get her promotion. No points for guessing, her presentation played the culprit. Her thoughts were not at all clear and she could […]
Technology has disrupted the entire business world and the field of risk management is no exception. All across the world, companies have been spending millions of dollars in order to upgrade themselves and use technology in a manner that helps them minimize risks. There are several advantages to this approach which we already studied in the previous article. However, there are also some disadvantages related to risk management information systems.
In this article, we will try to make the reader aware of the disadvantages of using a risk management information system.
The first disadvantage of using an automated risk management information system is that it may not be useful for all companies. These systems are only useful for companies that have a certain kind of profile. Some of the characteristic features of such companies are as follows:
Companies that have a large number of risks to track benefit from using risk management information systems. Hence, if a company does not own a lot of movable and immovable property and does not use several different risk management products, the integrated system may have limited utility.
If a company does not have to deal with a large number of third party vendors with each transaction having its own different terms and conditions, the risk management information system may not be very useful
If a company does not have its business interests located across different geographical areas and hence is forced to use different currencies and languages, the risk management system may be unnecessary.
If the company does not need automated actions to be taken based on certain pre-defined business rules then risk management information systems may not add value to the business proposition of the company
The bottom line is that risk management information systems are valuable only for companies which have a wide variety of complex business interest that span various geographies. For small and medium-sized companies, using simple spreadsheets to manage the risk seems like the best alternative.
Risk management information systems can be quite expensive. They are often sold as standalone software solutions or as solutions that can be integrated with the overall enterprise resource planning software. Either way, planning and implementation of these systems can be expensive as well as time-consuming. To make matters worse, the implementation of information systems is not a one-time activity.
These systems need to be updated every few months and hence there are significant maintenance costs associated with their purchase. Also, access to risk management software is often restricted to higher-level employees. Hence, business stoppages have been reported since employees have to wait for their managers before performing certain tasks. These business stoppages also cost money and add to the expense of the software.
Risk management software can be complicated to use. This is the reason that employees have to be trained to use them. Also, if employees leave the organizations, their replacements also have to be trained. This training takes time and also costs money. Hence, productivity goes down and expenses go up. As mentioned earlier, this makes the cost of implementing risk management information systems prohibitive for smaller and medium-sized companies.
In the absence of automation, employees have to collect data from different parts of the organization. This helps them build relationships and also identify practices that help make the organization vulnerable to risks.
In the case of a risk management information system, the entire process of data collection, as well as analysis, is automated. In some cases, systems are being programmed to make decisions based on available data using artificial intelligence. However, as more and more tasks become automated, employees interact less with the processes. Hence, they have a lesser understanding of the systems and processes. This is the reason why the gains from automation often end up being offset by the losses arising due to lower process knowledge.
Lastly, risk management information systems collate all of the organization’s important data in one place. This creates data security risks. If the risk management information system is hacked, it could cause severe damage to the company. This is because important data could be hacked into. Details regarding the assets, employee personal data, financial data are all part of the risk management information system.
Centralization of data brings advantages in the data processing. However, it also creates a situation wherein the data security of the organization is jeopardized. The end result is that organizations have to spend large sums of money in order to protect sensitive data. This ends up adding to the overall cost of having a risk management information system.
The bottom line is that it is not feasible for every company to have an integrated risk management information system in place. Since the costs are so high, companies need to have large-scale operations before they can afford these systems. In the absence of large-scale systems, it would be better to use spreadsheet-based or lesser sophisticated systems rather than incurring cost overruns because of investing in the more sophisticated ones.
Your email address will not be published. Required fields are marked *