ERM Director Software

“Our goal is to make you, as a risk manager, an integral and vital part of the leadership team. We do this by turning your efforts into highly sought after intelligence utilized in every organizational decision”.

Efficient – Effective – Insightful

The following provides a summary of the enhanced features:

Brand New Look and Feel
ERM Director has gone through a major transformation.

  • New overall look and feel
  • New landing page
  • New and improved dashboard
  • Improved ability to export reports

The Dashboard
The dashboard includes new charts and graphs, including click-through functionality allowing you easier access to your risk data.

  • New and updated charts and tables
  • Trending and emerging industry risks

The Risk Matrix
There are two new entry fields on the Risk Matrix Exposure Details screen; Exposure Type and Decision. Also, when adding a new exposure, fields have been rearranged in a more logical order to speed up the risk entry process. And, there is now an exception screen that lists exposures with missing information, or information that was entered incorrectly on the risk matrix.

Exposure Type

  • You may now choose between out-of-pocket loss and opportunity cost. The initial system default for all exposures on the November 24, 2014 conversion date will be Out-of-Pocket Loss. As users review risks on an ongoing basis, they are encouraged to review and select the option most applicable to that exposure.

Risk Mitigation Status

  • You now have the option of indicating whether the risk has been accepted (Accepted), that a plan is pending to mitigate the risk (In Process), that the risk has been reviewed, but a decision is forthcoming (Planned), or that there has been no decision whether or not to accept the risk (Undecided). The initial system default for all exposures on the November 24, 2014 conversion date will be Undecided. Risk unit liaisons are encouraged to review and update this field as applicable.

Risk Matrix Exceptions

  • The risk matrix exceptions screen displays items that were not entered, or not entered correctly on the risk matrix. The screen is similar to the risk matrix, and allows you to edit any risk exposure exceptions. 

Heat Maps
The new and improved heat maps provide additional filter options, as well as provide you with the option of editing exposures without actually leaving the heat maps.

New Filter Options

  • Risk Unit - Not only can you filter heat maps by risk unit, but now you can also filter by risk unit, risk category, and by residual risk.
  • Risk Action Plan – Another new filter is by risk action plan (RAP) items. When this filter is selected, you may choose to filter by all exposures on the RAP, or by the individual sections on the RAP (key risks, mitigated risks to remove from risk action plan, and significant emerging risks).

Edit Risk Exposures

  • ERM Director provides you with three options when editing a risk exposure from the heat map. You may click a specific sphere within the heat map, click a specific short risk description associated with the sphere within the heat map, or select a specific short risk description from the Edit Exposures list. Once you edit the exposure and click the Update button, the exposure will be updated on the risk matrix, with such update reflected in real-time on the heat map.

The Risk Action Plan
ERM Director allows you to edit a risk exposure without leaving the Risk Action Plan (RAP).

Edit Risk Exposures

  • When you edit an item on the Risk Action Plan (RAP), there is a new hyperlink (Edit Exposures) that allows you to edit the exposure without leaving the RAP. Once you edit the exposure and click the Update button, the exposure will be updated on the risk matrix.

Added Security
ERM Director has been updated with several security features.

  • System Timeout – After 10 minutes of inactivity, ERM Director will begin the timeout sequence. Once the timeout sequence begins, the system begins a countdown, and displays a message allowing you to continue working or log out of the system. Continued inactivity will log you out of the system.
  • New User Password Change – When a new system user is created, the Site Administrator assigns a temporary password. When the new user logs on to the system the first time, the system will prompt the user to change their password.
  • Existing User Password Change – When users log on to ERM Director for the first time on November 24, 2014 (or after), they will be prompted to change their password if their existing password does not have a special character. An exclamation point (!) is not considered a special character.
  • Restricted User Role – An individual with a user role of restricted has either read or write capabilities for one or more risk units. This user may not delete exposures from the risk matrix.
  • Security – Secure Socket Layer protocol was disabled on ERM Director and the system currently utilizes TLS 1.0, 1.1, and 1.2 protocols. TLS provides data encryption and authentication between applications and servers. The current Qualys SSL Labs rating is A-.

Additional reports have been added to ERM Director:

  • Residual Risk by Risk Unit, Risk Category and Type of Impact – The Residual Risk by Risk Unit, Risk Category and Type of Impact table summarizes the type of impact (opportunity cost or out-of-pocket loss) by risk unit, and by risk category.
  • Top Residual Risks – The Top Residual Risks report displays the thirty (30) largest assessed exposures in terms of residual risk, sorted by quantitative residual risk in descending order.

Supported Browsers
ERM Director supports the following browsers:

  • Internet Explorer 9+
  • Mozilla Firefox
  • Chrome
  • Safari

As we close the chapter on this update, we have already begun working on our next set of enhancements. Current considerations include:

  • Strategic Planning
  • Risk Tolerance
  • Project Risk Assessment
  • Vendor Management

The Rochdale Group is constantly striving to help improve your ERM program. As such, we will continue to look for new ways to streamline and enhance the risk identification, assessment and reporting processes. If you ever have ideas for us to consider, or have questions on the system, please do not hesitate to contact us at 800.424.4951.


  • Expense of managing an Enterprise Risk Management program
  • Effective and efficient management of Enterprise Risk Management processes
  • Integrity and discipline to sustain an effective Enterprise Risk Management program
  • Inability to effectively right size risk response activity and comprehensively prioritize alongside other organizational objectives
  • Acquiring support and expertise to build and sustain an Enterprise Risk Management program


To make credit unions' risk identification, assessment and mitigation processes more effective and efficient, and to simplify ongoing tracking and reporting processes


  • Provide management and the board with the necessary information they need to set strategic direction and actively manage within acceptable levels of risk
  • Provides best-in-class platform ensuring Enterprise Risk Management program validity and integrity over time

What is ERM Director?

ERM Director is a tool to help credit unions manage their Enterprise Risk Management (ERM) programs. ERM Director allows personnel from across your credit union to identify and assess risks, align risks with strategic objectives, and use Enterprise Risk Management as a strategic management practice to increase your risk-adjusted returns.

ERM Director supports the implementation of the credit union’s ERM program. ERM Director is designed to support an enterprise risk management process that is consistent with the COSO Integrated Framework for enterprise risk management. In essence, it allows you to identify the exposures that influence your ability to meet objectives, and assess their impacts, likelihoods and completeness of mitigation using a consistent process across the organization. ERM Director supports both qualitative and quantitative risk assessment.

ERM Director Login

Why The Rochdale Group?

The Rochdale Group has extensive experience in implementing and managing Enterprise Risk Management (ERM) programs, within the financial industry and regulatory agencies. The Rochdale Group currently focuses solely on credit unions and corporate credit unions. The Rochdale Group has developed a customized methodology for credit unions, scalable to any sized institution.

The Rochdale Group is the only true ERM provider focusing exclusively on credit unions.  Other vendors purportedly offering ERM offer a valued service, but it is often only a policy or compliance audit.  ERM is about business and process risk directly affecting your performance and bottom-line. We offer the experience, knowledge and software to build and implement your personalized ERM solution and provide ongoing coaching to ensure your success.