Skip to content

How can I build the business case for a new ERM system?

Staying ahead in risk management means continually questioning the adequacy of our tools and processes. We need to understand when our existing systems, perhaps cobbled together from spreadsheets and disparate software, or maybe just designed for a smaller and less complex business, no longer meet our organisations’ needs.

A new system can close current gaps and anticipate future challenges, providing both operational efficiencies strategic benefits. But how can you convince stakeholders that the new system is what they need?

The concept of return on investment (ROI) is important here – but the business case for a new ERM system is about more than just budgetary approval. It's about articulating a vision for a more informed, agile, and resilient organisation in a way that resonates with stakeholder values and aligns with your strategic objectives.

So how can you best go about the process? We think the key steps include:

  • Recognising the need for an upgrade
  • Envisioning the solution
  • Demonstrating the benefits
  • Calculating return on investment (ROI)
  •  Addressing implementation risks and concerns
  •  Building the business case document

Download our comprehensive Business Case Template now to help your transition to a modern ERM system. This template not only guides you through articulating the need for an upgrade but also helps you calculate the ROI, address potential risks, and outline the next steps for implementation:
Download the template

Recognising the need for an upgrade

As organisations grow and the complexity of risks increases, the limitations of outdated or manual ERM systems become glaringly apparent. But how do you know when it's time for an upgrade?

The first sign that an upgrade is necessary comes from within the system itself. Perhaps you're relying on a patchwork of spreadsheets, emails, and standalone software that barely communicate with each other. This disjointed approach not only consumes valuable time but also increases the likelihood of errors. When risk assessments take longer to compile than to analyse, it's a clear indicator that your processes are due for an overhaul.


But the decision to upgrade isn't one to be taken lightly. It requires a clear understanding of the benefits and a solid  business case to back it up.

Envisioning the solution

The solution to overcoming these challenges lies in adopting a modern ERM system that not just matches but anticipates your organisation's needs. But what exactly should you look for in a new system?

  1. Automation and integration: Modern ERM systems automate repetitive tasks and integrate various data sources, ensuring that information flows seamlessly across the organisation.
  2. Real-time analytics and reporting: Real-time reporting allows for quicker decision-making, ensuring that your organisation can respond swiftly to emerging threats.
  3. Collaboration and accessibility: These systems are designed to foster collaboration, making it easy for different departments to share information and work together on risk assessments.
  4. Compliance management: Keeping up with regulatory changes can be a full-time job. Modern ERM systems can alert you to relevant changes and help ensure that your organisation remains compliant.

Demonstrating the benefits

The benefits of upgrading to a new ERM system extend far beyond the immediate improvements in efficiency and risk management. They touch every aspect of the organisation, creating value that can be felt across the board.

Tangible benefits include:

  • Operational efficiency: By automating tasks and streamlining processes, a modern ERM system can reduce the time and resources devoted to risk management activities.
  • Risk visibility: With integrated data and real-time analytics, these systems provide a clearer view of the organisation's risk landscape, making it easier to identify and prioritise risks.
  • Compliance ease: Automated updates and compliance management features help ensure that your organisation stays ahead of regulatory changes, reducing the risk of penalties.

Intangible benefits include:

  • Strategic decision-making: Enhanced analytics and reporting capabilities support better-informed decision-making, aligning risk management with strategic goals.
  • Culture of risk awareness: A more accessible and collaborative ERM system promotes a culture where risk awareness is integrated into daily activities.

As compelling as these benefits are, they need to be quantified to build a strong business case.

Calculating return on investment (ROI)

ROI allows you to quantify the benefits, by measuring the financial return compared to the cost of the investment in the new system. A positive ROI indicates that the benefits (or returns) of the upgrade outweigh the costs, making it a financially sound decision.

Step 1: Calculate total costs

The first step in calculating ROI is to compile all costs associated with the upgrade. This includes:

  • Initial costs: The purchase price or subscription fee for the new ERM system, including any discounts or incentives offered by the vendor.
  • Implementation costs: Expenses related to setting up the new system, such as data migration, customisation, integration with existing systems, and initial training for staff.
  • Operational costs: Ongoing expenses, such as subscription renewals, additional training, maintenance, and support services.

Step 2: Identify and quantify benefits

Next, identify the benefits the new ERM system will bring. These benefits often extend beyond direct financial savings, including:

  • Efficiency gains: Reduction in time and resources spent on risk management activities, quantified by hours saved and the cost of labour.
  • Error reduction: Savings from avoiding mistakes due to manual processes or outdated systems, quantified by the costs associated with these errors.
  • Compliance savings: Reduction in fines, penalties, and the cost of compliance activities through improved compliance management features.
  • Improved decision-making: Although harder to quantify, enhanced analytics and reporting capabilities lead to better strategic decisions.

Step 3: Calculate ROI

With total costs and benefits quantified, calculate the ROI using the formula:

Protecht email banners 2024 600x200
This formula gives you the ROI as a percentage, providing a clear indicator of the financial return on the investment in the new ERM system.

Step 4: Presenting ROI

When presenting the ROI to stakeholders, it's important to articulate not only the numerical value but also the story behind the numbers. Explain how the benefits were quantified, the assumptions made, and the potential impact of the new ERM system on the organisation's risk posture and bottom line.

Addressing implementation risks and concerns

To mitigate resistance to change, it's essential to involve employees early, provide comprehensive training, and communicate the benefits clearly.

Data migration challenges can be addressed through detailed planning, seeking expert assistance, and conducting pilot tests to prevent data loss or corruption. Ensuring the new system's security and compliance involves choosing vendors with strong track records, conducting regular audits, and understanding how the system meets current regulations.

Aligning the new ERM system with business processes requires customisation options, vendor collaboration for process mapping, and establishing feedback loops for ongoing adjustments. Finally, to manage cost overruns, review contracts carefully, include a contingency budget, and regularly compare the project budget against actual expenses.

Building the business case document

Basing our work on all the steps we’ve gone through above, here’s how to create a compelling business case document:

  1. Executive summary: Start with a concise, powerful summary that encapsulates the core argument for the ERM system upgrade. Highlight the primary benefits, anticipated ROI, and strategic alignment with organisational goals. This section is your first, and sometimes only, chance to grab the attention of busy executives, so make it count.
  2. Define the current state: Clearly articulate the limitations and challenges of the current ERM process or system. Use data and examples to paint a vivid picture of inefficiencies, compliance risks, and any near misses or losses that have occurred as a result. This section should create a sense of urgency about the need for change.
  3. Envision the future state: Outline the capabilities and benefits of the proposed ERM system. Describe how automation, real-time analytics, enhanced compliance management, and improved decision-making processes will transform risk management within the organisation. Use scenarios or case studies to illustrate the tangible impacts of these improvements.
  4. Detailed ROI analysis: Leverage the ROI calculation detailed earlier to present a clear financial case for the investment. Break down the costs and benefits, and provide a timeline for when the organisation can expect to see a return. Transparency about assumptions and sensitivity analysis adds credibility to your projections.
  5. Address risks and mitigation: Strategies Identify potential risks associated with the ERM system upgrade, including implementation challenges, data migration issues, and user adoption. For each risk, propose a mitigation strategy, demonstrating thorough planning and a proactive approach to problem-solving.
  6. Implementation Plan: Offer a high-level overview of the implementation roadmap. This should include key milestones, such as vendor selection, system customisation, data migration, user training, and go-live date. Indicate the project governance structure and the roles and responsibilities of key team members.

Conclusions and next steps for your organisation

Ready to take the next step in transforming your risk management capabilities? Start by downloading our comprehensive Business Case Template for transitioning to a modern ERM system.

This template not only guides you through articulating the need for an upgrade but also helps you calculate the ROI, address potential risks, and outline the next steps for implementation.

Equip yourself with the right tools to build a compelling case for a new ERM system and pave the way for a more resilient future for your organisation. Download the template now and begin your journey toward enhanced risk management and compliance.

Download the template

About the author

Damien Stevens leads our Product & Marketing team and is responsible for Protecht’s global product vision, design and go to market strategy. He graduated from the University of Technology, Sydney with a degree in Marketing & Finance. With extensive experience in B2B software, financial services and data and analytics, Damien has built and launched many widely used and loved products that solve real problems for large and small businesses.