The acquisition of a Risk Management Information System (RMIS) is a project that presents serious long-term implications for your organization.  Here are some of the risks, along with proven ways to improve your satisfaction with your new RMIS, regardless of which vendor you select:

THE RISK:
Inability to effectively control costs for additional needs during the contract period.

MITIGATION:
Lock vendor into CPI cost increases in the contract.

A common theme in the Risk Management technology space is the nickel and dime’ing that occurs every time you need a minor change to your system.  Your first line of defense it to choose a system that is completely configurable BY YOU!  Is there an easy “drag-n-drop” screen formatter, is there an ability to quickly and easily add new objects and fields (without being a programmer) and are their visual “drag-n-drop” interfaces for workflow, approval processes, reports and dashboards.   If your vendor holds the house keys for making changes to your system, run away!  You should be able to do pretty much they can do all by yourself without being a techie. (yes, this technology does exist!) 

Make sure in advance that the vendor only charges clients additionally when there are projects that were not contemplated with the original scope and for additional user identifications.  Also, be sure they do not charge for new features and  upgrades to the base project.