The best software implementations are built on realistic timelines and an openness to process and productivity improvements. That’s what Denise Guira, NCRM, CRVPM, has learned over her 16-year career in compliance and risk management.
Formerly a compliance officer and a senior vice president of integrated risk for a financial institution, today Denise guides Ncontracts customers through the implementation of risk, business continuity, and vendor management solutions. More than just a risk management and compliance pro, she’s an expert in implementation.
Her ERM background combined with comprehensive product knowledge gives Denise the tools to help Ncontracts customers craft more effective implementation strategies – predicting potential challenges and tailoring the software to better meet customer needs.
What can financial institutions do for a smoother transition and greater adoption rates of risk management software and other solutions? Read on to find out how to implement software.
Q: What’s the first thing to consider when adopting a new software solution?
Denise Guira: When you're thinking about bringing in a new software solution and how to implement software, it's crucial to take a good look at what's already happening inside your organization. What projects are underway? What big changes might be on the horizon that could shake up the software implementation process?
This might be events like mergers or core conversions, or maybe even the formation of a brand-new committee. Having a good grip on the timeline for these projects helps dodge surprises down the road.
Q: What other factors should be considered when developing a realistic implementation timeline?
Denise: Successful implementation isn't just about training or classes – it involves doing the necessary groundwork to make the process purposeful. When you bring in new software, it’s an opportunity to reinvent things, like introducing new processes or reinventing existing ones.
If you're planning to change policies or shift the organizational culture, remember to account for this in your overall project timeline.
Related: What are the gaps in your strategy? Here are 7 questions to ask
Q: How do you ensure these considerations are accounted for during implementation?
Denise: It's important to sit down with your team and define your objectives – both in terms of the software implementation and your broader organizational goals.
At the end of the implementation, we recommend setting up a success plan for the next 90 days. Remember that the software implementation process doesn't stop once the software is running. It's likely you'll continue refining processes, innovating new ones, and making policy changes in the year following implementation.
The implementation timeline may be short, but there can be waves and ripples that can still affect processes for months down the line. You should lean into those things because that’s how you improve and mature your program.
Q: Can you provide an example of implementation considerations in action?
Denise: Absolutely. One institution adopted Nrisk and Nverify.
Nverify identified gaps in the institution’s audit controls – gaps the institution wasn't aware of. This initially caused anxiety, but we helped them see it as an opportunity to address those gaps and create a plan moving forward.
When implementing new software, be prepared to unearth these kinds of insights and use them to improve your processes.
Q: Who should oversee software implementation?
Denise: There’s no one-size-fits-all answer. The makeup of the implementation team depends on your organization and objectives. Consider who your audience for the software is, and who needs to be involved in its implementation. This might include administrators, key organizational players, or anyone with a stake in the software.
Q: What considerations are specific to implementing enterprise risk management software?
Denise: When implementing an enterprise risk management (ERM) tool like Nrisk, one of the first questions we ask is whether the organization will use a centralized or decentralized model for risk management.
With a centralized model, you might have a risk management department that both creates and performs risk assessments. With a decentralized model, individual stakeholders are tasked with creating and completing their own risk assessments to ensure those with the most knowledge of risk controls are performing the assessments. So, there might be an expectation that the IT and compliance departments will create their own risk assessment.
This can affect the way software is used and who should be involved in the implementation process. It's important to consider the overall culture of the organization and include all stakeholders in these decisions.
Related: 6 Features Your FI Needs in a Risk Management Solution
Q: What other stakeholder considerations are important?
Denise: It is important to involve any stakeholders who have a role in the software to ensure that they weigh in on decisions about implementation, policies, and procedures. These are the building blocks of your program, and they must be well thought out.
It is difficult (and time consuming) to redo things like vendor classifications or inherent risk classifications later. That's why software implementation best practices recommend identifying all stakeholders and giving them an opportunity to have a say in implementation.
Q: What considerations should be made for reporting requirements?
Denise: One way to handle reporting requirements is to list the reports and expectations you currently have and discuss how these can be recreated using the new software.
That way, there are no surprises two months down the line when you need to reproduce a report that the board is used to seeing. This conversation should be held with your subject matter expert during the implementation phase.
Q: What is a common misstep organizations make when implementing new software?
Denise: One common issue is that organizations may want all the features they see in a demonstration but may not be ready for them in their current state. It's crucial for organizations to understand where they are and what their immediate needs are before deciding on the features they want from the software.
Remember that you bought the software to allow your programs to grow in maturity.
So even if you don't track vendor incidents or use all the functions today, you can set a timeline with achievable goals like getting all vendors in the software in the first 30 to 60 days, completing risk assessments in the next phase, and so on.
It's important to recognize that this is more of a marathon than a sprint.
Related: Why to Get Management Software Designed for Financial Institutions
Q: What are some things to remember during software implementation?
Denise: It's important to remember that software is not a magic wand, and there is work required to get the most out of it. Coupling the software implementation with other tasks like culture assessment and innovation can help reinvigorate a program and make it more than just the software you've purchased.
It is also critical to have project management in place to guide this process.
Q: How can you ensure continued support for the software?
Denise: It's important to have a plan to keep reinforcing the value the software brings by continually showcasing the efficiencies and advancements the software is enabling. Find a way to highlight your wins. During implementation, keep bringing forward new reports or features the software is offering, and illustrate how these are benefiting the organization.
This can help validate the software's value and secure budgetary provisions for its sustained use.
Related: The Problem With Playing In A Software Sandbox
Q: Any closing thoughts on software implementation?
Denise: Remember that software implementation is not just a short-term project, but a longer-term commitment. It involves both immediate and ongoing considerations, from establishing initial processes to providing ongoing training for users. The software is likely to be with you for years, so it's worth taking the time to get the implementation right.
And of course, we're here to support you every step of the way.
Meet a Bank CRO Whose Team Is Successfully Implementing Nrisk