Using spreadsheets to manage risk is risky business
Using spreadsheets to manage risk is risky business

Spreadsheets are universally loved. Why, because they give everyone their own version of the truth, with complete autonomy to update and amend them as often as they like. However, while spreadsheets might be a great tool at an individual level they are completely unscalable, and therefore totally unsuitable for compiling and analysing important information such as Risk data, either at enterprise or individual project level.

Here are the main reasons that the spreadsheet approach doesn't work:

Lack of integrity therefore easily manipulated.

No audit trail and no guarantee of the provenance of data.

Deadlines missed as no workflows/processes built-in.

No consistency so each time a new spreadsheet formatted differently.

Difficult to compile information – risk management information could be held within hundreds of spreadsheets across the organisation.  Compiling them is a long and arduous task.

Risk management is too important to leave to a spreadsheet

A mature approach to risk management pays dividends. Whether it's increased profitability, on-time delivery, more accurate forecasting or better strategic planning, effective risk management provides a competitive differentiator and drives top and bottom line results.

Increasingly risk management is no longer a standalone function. Taking a more proactive approach is becoming ever more critical to success and can deliver major benefits including:

·         Improved EBITDA – up to three times, according to the Ernst & Young study in 2012

·         Improved visibility  - enhanced visibility and accountability builds confidence in the risk management process

·         Actionable information – supports more effective strategic planning and decision making

·         Better resource allocation - across the enterprise leads to better asset utilisation

·         Achieve goals - Increased ability to deliver capital projects on time and on budget

·         Better relationships with insurance providers, regulators and stakeholders

Comparing spreadsheets with enterprise risk management software

Modern risk management for both project and the enterprise has evolved way beyond what spreadsheets and emails are capable of handling. Information must be easily accessible, understandable and actionable. Risk management necessarily involves every department and asset within the business.

Enterprise and project risk management solutions bring the risk management process to life. They can help to identify emerging risks that may otherwise go unnoticed, enable best practice for mitigating risk, and highlight opportunities that can help organisations to reach goals, win more business and increase revenue/profitability.

Web-based ERM software 

Using spreadsheets for risk management

Consistent capture of data – validated at input

Little or no data entry validation

Sophisticated simulations and probability assessments

Easy to corrupt formulas and calculations

Data is always up to date 24/7

Data is not real-time

Processes more robust and secure 

Data on laptops, tablets and USB sticks can be easily lost or stolen.

Full audit trail provides transparency

No audit trail and difficult to share information

Standardised metrics and automated reports streamline the review and handling of risks at all levels of management

The ‘beautification' of information for management can introduce errors

A single system provides the ‘true picture' of risks and opportunities

Information is fragmented and can become out of synch.

Risks can be linked to related information such as controls, mitigation plans and losses

No full overall picture

Aids compliance with standards such as ISO 31000, COSO, AS/NZS 4360, SOX and PmBok

Makes compliance to standards difficult to achieve

Making a difference to the bottom line

Manual methods and spreadsheet solutions have become the high-risk option for managing risks and are no longer up to the job. Only a true enterprise risk-management solution will capture consistent data, provide a single version of the truth, allow access to real-time, trustworthy information and provide the reports required to proactively manage risk and opportunities.

Contributed by Keith Ricketts, director of marketing at Sword Active Risk