EBMS Nimblex joins VendorPanel, creating a world class Source-to-Pay procurement suite
Wednesday November 19, 2014

Using Spreadsheets to Manage Risk is Risky Business Indeed! .

5 minutes

Spreadsheets are universally loved. Why? Because they give everyone their own version of the truth, with complete autonomy to update and amend them as often as they like, without interference from anyone else. However, while spreadsheets might be great tool at an individual level they are completely un-scalable, and therefore totally unsuitable for compiling and analysing information enterprise-wide, or even for individual projects.

When applied to a risk management scenario, the potential horrors magnify. Who knows what risks are lurking in a spreadsheet so far undiscovered, with all around thinking that they have ‘ticked the box’ and that risk is managed. Using spreadsheets and emails to manage risk, is a very risky approach.

Here are the main reasons that the spreadsheet approach doesn’t work

Lack of integrity – spreadsheets are easily manipulated. Anyone could make changes to data to help present a better picture. This could be to cover up a situation once it has happened, to help move blame or mitigate responsibility, or to present a situation or opportunity in a better light.

No audit trail – you can’t easily check who changed what when. You have no guarantee of the provenance of data supplied, and you can’t see how it may have changed over time.

Deadlines missed – spreadsheets don’t have any workflows or processes built into them. So while someone may request a review, some information or an audit, if there is no response, there is no mechanism to highlight missed deadlines.

No consistency – with no formal structure, each time a new spreadsheet is set up the formatting will be different.

Difficult to compile information – risk management information could be held within hundreds of spreadsheets across the organization. Compiling them is a very long and arduous task.

Risk management is too important to leave to a spreadsheet!

It is well documented that a mature approach to enterprise and project risk management pays dividends. Whether it’s increased profitability, on-time delivery, more accurate forecasting or better strategic planning, effective risk management provides a competitive differentiator and drives top and bottom line results.

Increasingly risk management is no longer a standalone function.

Taking a proactive approach to risk management is becoming ever more critical to success and can deliver major benefits including:

Improved EBITDA: up to three times, according to an Ernst & Young study in 2012.

Improved visibility: enhanced visibility and accountability builds confidence in the risk management process.

Actionable information: supports more effective strategic planning and decision making.

Better resource allocation across the enterprise leads to better asset utilisation.

Achieve goals: increased ability to deliver capital projects on time and on budget.

Better relationships with insurance providers, regulators and stakeholders.

Comparing Spreadsheets with Enterprise Risk Management Software

Modern risk management for both project and the enterprise has evolved way beyond what spreadsheets and emails are capable of handling. Organizations need access to risk data seven days a week, 24 hours a day. Information must be easily accessible, understandable and actionable. Risk management necessarily involves every department and asset within the business, which amounts to a lot of data that needs to be collected with an easy to use tool. The software can then calculate the risks, the likely impacts on the business and communicate that information to those that need to know.

With the sheer scale of the data involved, the geographic spread of many organizations, risk management can only by managed effectively using purpose built software. Unlike spreadsheets enterprise and project risk management solutions can bring the risk management process to life. They can help to identify emerging risks that may otherwise go unnoticed, enable best practice for mitigating risk, and highlight opportunities that can help organizations to reach goals, win more business and increase revenue/profitability.

A web-based ERM software approach

  • Consistent capture of data – validated at input
  • Sophisticated simulations and probability assessments can be applied to the data
  • Data is always up to date and available 24 hours a day
  • Processes become robust and secure
  • Full audit trail provides transparency and certainty
  • Standardised metrics and automated reports streamline the review and handling of risks at all levels of management
  • A single system provides the ‘true picture’ of risks and opportunities across the business
  • Risks can be linked to related information such as controls, mitigation plans and losses
  • Aids compliance with the growing range of standards such as ISO 31000, COSO, AS/NZS 4360, SOX and PmBok

A spreadsheet approach to risk management

  • Little or no data entry validation – ‘garbage in’ will get magnified as it progresses up through the business
  • Easy to corrupt formulas and calculations
  • Data is not real time and cannot be guaranteed to be current
  • Open to fraud and mis-representation. Data on laptops, tablets and USB sticks can be easily lost or stolen.
  • Lack of audit trail and difficult to share information across an organisation
  • The ‘beautification’ of information to manually create presentations for management and the board can introduce errors, costs money and takes time and resources
  • Information is fragmented and spread throughout the organization with the possibility of multiple versions of documents which can become out of synch
  • It is difficult to see the full, integrated process and overall picture
  • Makes compliance to standards difficult to achieve and to demonstrate

Making a Difference to the Bottom Line

Manual methods and spreadsheet solutions have become the high-risk option for managing risks and are no longer up to the job. Only a true enterprise risk management solution will capture consistent data, provide a single version of the truth, allow access to real-time, trustworthy information and provide the reports required to proactively manage risk and opportunities. ERM can move risk management from a cost to the business to a value-adding process which can make a difference to the bottom line of any organization or project.

Source: continuitycentral.com


What is Nimblex?

Created in Australia, Nimblex is a cloud-based integrated business management platform that will deliver the business process automation you need.

We configure Nimblex’s Core solutions using our unique low-code tool and a wide variety of value-added features. This gives the flexibility that enables us to automate any type of process, especially if compliance and transparency are non-negotiables.

Our world class support team is ready to help.

1300 721 159

+61 3 9958 0000