Result-oriented risk management requires appropriate tools
Risk management does not mean a single way of developing business, but it comprises many very different methods and operating models. There are approximately as many risk management methods and models as there are organisations and companies carrying out risk management. The reasons for carrying out risk management also vary between companies and sectors. In some sectors, risk management is encouraged by regulatory obligations, while in some companies, the ultimate incentive to get started with risk management is a requirement from partners. In this respect, risk management can also serve as an excellent competitive advantage. Organisations that perform effective risk management are much more attractive partners than those that do not take advantage of it.
However, the need for risk management does not depend on the organisation’s industry, size or nature of business. It is determined by the goals set for the organisation’s operations and what it strives to achieve with its operations. If implemented properly, risk management can accomplish results that develop business, enable the achievement of goals, and maintain the operational reliability of business. With the help of risk management, organisations and companies can implement their strategies in practice and maximise the benefits obtained from the opportunities offered by the business environment.
Risk management is always tied to goals, so it is advisable to exercise careful consideration when setting goals for risk management. This is important, above all, because the goals of risk management are realised through the tools used for it. Most organisations select the spreadsheet software Excel as their first risk management tool.
The choice of Excel as the risk management solution is understandable since most organisations are already using it for other purposes, so availability and familiarity do not become additional obstacles to starting risk management. Risk registers and other risk management solutions created using the templates in spreadsheet software may, therefore, contribute to lowering the threshold for starting risk management, but from the point of view of result-oriented risk management, choosing Excel means moving the obstacles to development into the future.
Excel can be suitable for starting risk management, but its shortcomings emerge very quickly when risk management requires a tool that supports development and provides additional information to support decision-making. The challenges of risk management based on an Excel register are as follows:
1. Information obtained from risk management is not readily available
Particularly as a tool used to perform various calculations, Excel has undoubtedly established its position. That is why many novices in risk management find it an easy-to-use and convenient place to store information on the risks and risk assessments identified in risk management workshops. The theory behind this is that they are kept in good store there until they are needed to be used as support for decision-making in a meeting of the management team, for instance. However, practical risk management work has proved otherwise, almost without exception.
Storing risk data in Excel presentations does not promote the implementation of risk management measures, except in exceptional cases. Result-oriented risk management should be systematic, and it is important for systematic risk management that risks are not only assessed for the sake of assessment. Risk identifications and assessments are information that is needed in the organisation’s decision-making.
If Excel is selected as the risk management tool, the practical level of risk management will involve a countless number of back-and-forth emails as people try to fill in all the information needed to support decision-making in risk spreadsheets. The collected risk data must be combined with other information manually using cut and paste, which leads to a situation in which you can say goodbye to standard-format risk registers. In the long run, this will significantly reduce the effectiveness of risk management and, in particular, the measures taken to correct the risks. However, the availability of risk data is not the only stumbling block when risk management is carried out using Excel.
2. Information is not up-to-date
Risk management is one of the basic elements of knowledge-based management, which by default means that the information on the basis of which decisions are made is consistent and accurate. Without an up-to-date situational picture, the decisions are based on more or less educated guesses, and the desired results can only be achieved with good luck. In the hands of a competent head of risk management, Excel is, of course, an efficient tool, but even the most dedicated individual cannot compensate for its shortcomings.
Excel may just be suitable for assessing the risks of a very simple entity or a local phenomenon, but for larger entities, risk management cannot be carried out using spreadsheet solutions. At least not without going through significant trouble. Maintaining an Excel-based risk register actually brings its own data management risk to the activity.
The integrity, availability and confidentiality of data are compromised when Excel files are sent back and forth as email attachments, but the problem of having multiple different versions that results from this kind of activity is even more difficult. Hunting for the most recent risk assessments does not serve the goals of any organisation. When risk management is carried out using Excel, it is not possible to keep track of changes made to risk assessments or corrective measures or other history data, which in its own way undermines the advantages of risk management. In this way, the information used to support decision-making may easily be outdated, but its quality cannot be assessed, either.
3. Risk data cannot be translated into action
Goals are at the heart of all business activities. It is, therefore, becoming increasingly common for organisations to start carrying out risk management in the hope of achieving results. This is an important step, but if you want to achieve the best possible goals with risk management, action is also required. It may well be that it is not enough to regularly identify risks or to slavishly reassess them in accordance with the annual clock of risk management. It is also necessary to address the identified and assessed risks. If you also want to do something about the risks, it is absolutely necessary to determine the corrective measures and the persons responsible for them. It will be up to them to ensure that the risks are also controlled. This saves the persons responsible for risk management time for planning and development.
When Excel has been chosen as the risk management tool, it is of course possible to assign both corrective measures and responsible persons for the risks, but, after that, the progress of the measures is left to the self-direction of the persons responsible for risk management. Since everyone’s days seem to be filled with everything other than risk management work, it is more the rule than the exception that progress on corrective measures is non-existent at worst and sporadic at best.
Risk management carried out using Excel guides the operations to a situation in which risks are addressed at the last moment, for example just before the next review, which naturally does not produce the desired results. This way, only some of the risks will be dealt with as required, and the rest will have to wait for the next risk management effort marked on the calendar.
A better risk management solution as an alternative
Efficient and comprehensive risk management requires certain investments if Excel is to be replaced by an alternative that delivers results.
Fortunately, the investment does not necessarily have to be substantial. Many organisations think that the best alternative to Excel-based risk management is an information system built to meet their specific needs. However, everyone knows how vast and frustrating large-scale information system projects tend to end up being. And if the result does not meet the expectations, it might have been more sensible to stick to the traditional risk management model.
However, the availability and timeliness of information should not be insurmountable requirements. And they really are not. Modern risk management tools such as Granite meet all of the above challenges without any major adjustments. With the help of Granite, for example, the assignment of responsibility for measures takes place in a guided manner, and the designated responsible person will receive automatic reminders of the tasks assigned to them. This way, the tool will guide operations in an automated way, and the time and other resources of the person in charge of risk management will be freed for more productive work. In a digital risk management tool such as Granite, these problems are solved as if by themselves.
When all risk work is carried out on a single, secure platform, the organisation can be assured that an up-to-date and accurate situational picture is available for decision-making and development.
- Granite’s risk management tools are designed to meet the needs of modern business, which is why they support the systematic development of risk management and are ideally suited to supporting the risk management models of every organisation.
- With the help of a digital risk management tool, an up-to-date and accurate situational picture can be created in a guided manner, and it will produce results. The allocation of resources is easy when all the necessary information is collected in one automatically updated location.
- With an efficient risk management tool, risk management is not only about eliminating identified risks. At the same time, it makes it possible to avoid the challenges of growth and find new opportunities to be utilised in business.
- The deployment of Granite’s range of easy-to-use risk management tools will not take months, as is the case with traditional, heavy information system projects. Instead, the testing of Granite’s functionality is a smooth process, and the deployment will be completed swiftly, even in a matter of weeks.