Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

USING SPREADSHEETS TO MANAGE RISK IS RISKY BUSINESS INDEED!

 Spreadsheets should be banned from the Risk Management process – Keith Ricketts, Marketing Director at Sword Active Risk explains why.

Keith Ricketts, Marketing Director, Active Risks
Keith Ricketts, Marketing Director, Active Risks

Spreadsheets are universally loved. Why, because they give everyone their own version of the truth, with complete autonomy to update and amend them as often as they like, without interference from anyone else. However, while spreadsheets might be great tool at an individual level they are completely un-scalable, and therefore totally unsuitable for compiling and analysing information enterprise-wide, or even for individual projects.

When applied to a risk management scenario, the potential horrors magnify. Who knows what risks are lurking in a spreadsheet so far undiscovered, with all around thinking that they have ‘ticked the box’ and that risk is managed.  Using spreadsheets and emails to manage risk, is a very risky approach.

Here are the main reasons that the spreadsheet approach doesn’t work:

Lack of Integrity – Spreadsheets are easily manipulated. Anyone could make changes to data to help present a better picture. This could be to cover up a situation once it has happened, to help move blame or mitigate responsibility, or to present a situation or opportunity in a better light.

No Audit Trail – you can’t easily check who changed what when.  You have no guarantee of the provenance of data supplied, and you can’t see how it may have changed over time.

Deadlines missed – Spreadsheets don’t have any workflows or processes built into them. So while someone may request a review, some information or an audit, if there is no response, there is no mechanism to highlight missed deadlines.

No Consistency – With no formal structure, each time a new spreadsheet is set up the formatting will be different.

Difficult to Compile Information – Risk management information could be held within hundreds of spreadsheets across the organisation.  Compiling them is a very long and arduous task.

 Risk Management is too important to leave to a Spreadsheet

It is well documented that a mature approach to enterprise and project risk management pays dividends. Whether it’s increased profitability, on-time delivery, more accurate forecasting or better strategic planning, effective risk management provides a competitive differentiator and drives top and bottom line results.

Increasingly risk management is no longer a standalone function. Taking a proactive approach to risk management is becoming ever more critical to success and can deliver major benefits including:

  • Improved EBITDA – up to three times, according to the Ernst & Young study in 2012
  • Improved Visibility  – Enhanced visibility and accountability builds confidence in the risk management process
  • Actionable information – supports more effective strategic planning and decision making
  • Better resource allocation – across the enterprise leads to better asset utilisation
  • Achieve Goals – Increased ability to deliver capital projects on time and on budget
  • Better relationships with insurance providers, regulators and stakeholders

 Comparing Spreadsheets with Enterprise Risk Management Software

Modern risk management for both project and the enterprise has evolved way beyond what spreadsheets and emails are capable of handling. Organisations need access to risk data seven days a week, 24 hours a day.  Information must be easily accessible, understandable and actionable. Risk management necessarily involves every department and asset within the business, which amounts to a lot of data that needs to be collected with an easy to use tool. The software can then calculate the risks, the likely impacts on the business and communicate that information to those that need to know.

With the sheer scale of the data involved, the geographic spread of many organisations, risk management can only by managed effectively using purpose built software. Unlike spreadsheets enterprise and project risk management solutions can bring the risk management process to life. They can help to identify emerging risks that may otherwise go unnoticed, enable best practice for mitigating risk, and highlight opportunities that can help organisations to reach goals, win more business and increase revenue/profitability.

A web-based ERM software approachA spreadsheet approach to risk management
Consistent capture of data – validated at inputLittle or no data entry validation – ‘garbage in’ will get magnified as it progresses up through the business
Sophisticated simulations and probability assessments can be applied to the dataEasy to corrupt formulas and calculations
Data is always up to date and available 24 hours a dayData is not real time and cannot be guaranteed to be current
Processes become robust and secureOpen to fraud and mis-representation. Data on laptops, tablets and USB sticks can be easily lost or stolen.
Full audit trail provides transparency and certaintyLack of audit trail and difficult to share information across an organization
Standardized metrics and automated reports streamline the review and handling of risks at all levels of managementThe “beautification” of information to manually create presentations for management and the board can introduce errors, costs money and takes time and resources
A single system provides the ‘true picture’ of risks and opportunities across the businessInformation is fragmented and spread throughout the organization with the possibility of multiple versions of documents which can become out of synch.
Risks can be linked to related information such as controls, mitigation plans and lossesIt is difficult to see the full, integrated process and overall picture
Aids compliance with the growing range of standards such as ISO 31000, COSO, AS/NZS 4360, SOX and PmBokMakes compliance to standards difficult to achieve and to demonstrate

Making a difference to the bottom line

Manual methods and spreadsheet solutions have become the high-risk option for managing risks and are no longer up to the job. Only a true enterprise risk management solution will capture consistent data, provide a single version of the truth, allow access to real-time, trustworthy information and provide the reports required to proactively manage risk and opportunities. ERM can move risk management from a cost to the business to a value-adding process which can make a difference to the bottom line of any organization or project.