​Moving beyond Excel: the urgent need for better risk management tools

While Excel may be easy and free, it is no longer sufficient to manage the complex and ever-changing risks faced by organisations today. Danny Wong, an enterprise risk management thought leader, explores the alternatives.

The prevalence of spreadsheets for risk management

It’s no secret that Microsoft Excel remains the default tool for risk management in the corporate world.

While the limitations of spreadsheets are well-known, their flexibility, ease of use, and cost-effectiveness make them the tool of choice among risk professionals and non-risk experts alike.

However, in today’s rapidly changing business landscape, relying on Excel alone may no longer be enough to manage the growing risks faced by companies.

The growing concerns of business leaders and boards

The post-pandemic landscape has made it clear that businesses need to be bolder in their approach to managing risk.

With supply chains disrupted, geopolitical uncertainties, inflation, and interest rates fluctuating, businesses are exposed to greater risks than ever before.

In this context, if we reflect on our risk management maturity and the true value being derived from our risk registers, it can leave many of us feeling exposed. There is growing urgency to act before it’s too late.

The challenges of improving risk management

The need to improve risk management is undeniable, but the question of how to do it remains challenging.

The answer lies in influencing people, their behaviours, and ultimately, their decision-making. There is a need for more accountability, with regular reminders to senior stakeholders to engage with risks, and to follow through with actions to completion.

Merely identifying and documenting risks is not enough.

It is essential to have a structured approach and disciplined process that includes training and facilitation. This helps to ensure the right risks are being identified, and that we are having quality discussions around them.

“There is a need for more accountability, with regular reminders to senior stakeholders to engage with risks”

Furthermore, risk management is not the sole responsibility of a particular team or individual, but rather a shared responsibility.

Training and facilitation efforts, therefore, need to permeate throughout an entire organisation so that everyone is equipped to manage risk effectively.

Finally, when it comes to making informed decisions, data plays a critical role, yet it is often missing from risk registers. As such, organisations must ensure that they have a system in place to gather and analyse relevant information.

In summary, there is an urgent need for a solution that can effectively:

• Address the challenges of behavioural and cultural change,
• Improve risk management capability,
• Deliver process consistency,
• Enhance accountability,
• Enable action tracking,
• Capture and store data for informed decision-making, and,
• Reduce the burden of reporting.

To achieve widespread adoption among stakeholders, this solution must be user-friendly and ideally, cost-effective. This is particularly crucial given that many organisations currently rely on free spreadsheets as their default tool.

Therefore, a solution that offers greater functionality and ease of use at a lower cost would represent a significant improvement over the status quo.

The case for a new category of risk management software

When it comes to buying risk software, the process is not straightforward. In fact, it is downright overwhelming.

If you search for “risk management software” on Google, you’ll be inundated with countless options. Capterra, a Gartner company that specialises in software comparison, currently lists a whopping 875 risk products.

However, even with the filters and sort features provided, it is almost impossible to narrow down your search, despite the platform’s ability to compare up to four vendors.

Our market analysis has revealed that most sellers are opaque about their products, especially pricing, with less than 2% openly publishing these.

This makes the process of purchasing risk software extremely difficult, as the only way to obtain basic pricing information is to book a demo. But how does one even create a shortlist?

”Most sellers are opaque about their products, especially pricing, with less than 2% openly publishing these.”

It’s likely that if vendors don’t publish their pricing, their solutions are expensive and potentially bespoke, which could lead to a drawn-out sales cycle and contracting phase.

Despite the evolution of cloud and software as a service (SaaS), the market is still in dire need of a new category of modern, lightweight, user-friendly, cost-effective risk management solutions.

These should address the issues of risk maturity, culture, and capability, while enforcing accountability and process consistency, reminding people to review their risks, tracking actions to completion, and streamlining reporting.

Conclusion

While Excel may be easy and free, it is no longer sufficient to manage the complex and ever-changing risks faced by organisations today. The need for a new category of risk management software that is modern, easy-to-use, and affordable is undeniable.