Do you feel that? Each stinging slice and stab to the heart…
that’s spreadsheets slowly and methodically ruining your risk management efforts and killing your business.
Microsoft Excel is by far the dominant business tool used by organizations around the world. I did a quick poll of my own company and the average employee here has over 20 active Excel files on their personal computers. That means that at any one time there are a few thousand individual Excel files being worked on, each containing data related to our business. I have to ask myself a couple of questions. How much of that data is important to our goals and objectives and how much of it will ever make it into the hands of anyone but the person who owns the file?
Now, let’s take this to another level. Imagine you’re a large multi-national, a government agency or a fast growing firm. How many Excel files do you think you would have in your business? The number starts to become staggering and scary very quickly.
For anyone trying to effectively implement or manage risk across their enterprise, then spreadsheets are a nightmare and a ticking time-bomb.
As the world quickly shifts towards an integrated, enterprise view of risk management, the possibility to use spreadsheets to manage risk is quickly fading. Every day:
- Firms around the world are discussing the need for better risk management
- CEO’s express their commitment to more effective risk identification and mitigation
- project managers look for efficiencies and cost savings
- Board members look for confidence in their firm’s ability to know what risks and opportunities it has, and how it will achieve its goals
However, despite all of this, Excel remains the dominant tool for risk management in most organizations. Deloitte suggests that over 85% of firms are either still using manual processes for risk management or are just beginning to look at how to automate risk reporting to executives. Our own research suggests that over 85% of organizations use Excel to manage risk. Although this presents a huge opportunity for Enterprise Risk Management technology firms like mine, this also suggests that despite huge advances in risk management, organizations remain subject to the ticking spreadsheet time-bomb.
Why are spreadsheets a ticking time-bomb? Well, I have met with hundreds of organizations and thousands of risk managers, and without fail there is always one common theme in our discussion about why they want to move their risk management process to another level. When something goes wrong, they perform a root cause analysis. They determine what happened, but almost every time they find something else. They find that at some point in the past, they had in fact identified the root issue as being a problem, but had failed to do anything about it. Why? Because it was in an Excel file which was emailed around, and then forgotten. Excel did not give them the ability to actively manage the risk, assuming it ever got into their hands in the first place. Now think about all of the potential issues in your business and think about all the Excel files which may be “managing” them… tick tock… tick tock.
I know the arguments for Excel. It’s on everyone’s desktop. It costs the business little. It is easy to configure and use, etc. etc. etc. I can appreciate the value of using Excel in certain instances. But if you are an executive, a project manager or a board member and your firm is relying on Excel to manage risk, then I am 100% confident what your organization’s largest risk is… Excel itself.
Unfortunately there are huge problems with spreadsheets as a risk management tool:
- Excel is not a collaborative enterprise tool. It was never designed to manage large scale data across multiple sites and thousands of people. Risk management is an enterprise process, requiring the integration of data across multiple sites and thousands of people.
- Effective risk management requires easy access to risk information as quickly as possible. Excel requires that you manually email and aggregate data, resulting in a significant time-lag between when you identify a risk, and when it gets into the hands of someone who can do something about it. Not to mention the potential for data loss.
- Good risk management requires consistency and Excel provides anything but.
I could go on and on about why spreadsheets are a ludicrous solution for risk management, but the simple fact is that the world has evolved. Stakeholders, boards, regulators, communities and employees are all demanding that organizations take responsibility for their risks. They are demanding that organizations move from old, slow and dysfunctional risk management processes to new, effective and valuable enterprise risk management. Leading firms, or those who want to lead, can no longer justify the use of Excel in their risk management process. It is simply too risky.
If you’re an executive and you’re being presented with risk information using Excel, or if you’re using Excel to do risk assessments, to control planning, to track mitigation, or any other risk-based process, it is time to enter the 21st Century. Shut that Excel file down and let’s start talking about how risk management is supposed to work.
Download our free white paper on “Why a Spreadsheet Approach Can No Longer Meet Today’s Growing Risk Management Needs”.