Using spreadsheets to manage risk is risky
Spreadsheets are universally loved. Why? Because they give everyone their own
version of the truth, with complete autonomy to update and amend them as often
as they like, without interference from anyone else. However, while spreadsheets
might be great tool at an individual level they are completely un-scalable, and
therefore totally unsuitable for compiling and analysing information
enterprise-wide, or even for individual projects.
When applied to a risk management scenario, the potential horrors magnify.
Who knows what risks are lurking in a spreadsheet so far undiscovered, with all
around thinking that they have ticked the box and that risk is managed.
Using spreadsheets and emails to manage risk, is a very risky approach.
Here are the main reasons that does not work:
- Lack of integrity spreadsheets are easily manipulated.
Anyone could make changes to data to help present a better picture. This could
be to cover up a situation once it has happened, to help move blame or
mitigate responsibility, or to present a situation or opportunity in a better
light. - No audit trail you cant easily check who changed what
when. You have no guarantee of the provenance of data supplied, and you
cant see how it may have changed over time. - Deadlines missed spreadsheets dont have any workflows
or processes built into them. So while someone may request a review, some
information or an audit, if there is no response, there is no mechanism to
highlight missed deadlines. - No consistency with no formal structure, each time a
new spreadsheet is set up the formatting will be different. - Difficult to compile information risk management
information could be held within hundreds of spreadsheets across the
organization. Compiling them is a very long and arduous task.
src="http://www.e-janco.com/images/Order_Threat.png">
src="http://www.e-janco.com/images/Order_Download.png">
Resources
Post Your Resume to 65+ Job Sites
Resume Service
