Home > Risk > How can you manage risk without the right tools?

How can you manage risk without the right tools?

I’ve tried to run a risk management program using Excel; it was not a success. It just took too long to update the spreadsheets and I simply didn’t have the tools to keep up with the speed of change.

So I sought and obtained approval to acquire automated solutions.

That was a few years ago and it is disheartening to see so many risk practitioners still trying to help their organizations understand and manage uncertainty without capable tools.

KPMG recently conducted a poll of about 100 risk practitioners. 64% were entirely reliant on manual processes.

Deloitte’s recent survey found that fewer than 25% are continuously monitoring risk, even though a majority believe that risk volatility will increase in the next year (i.e., risks will change more frequently and by larger amounts).

With the accelerating pace of change, the increasing impact of small events on reputation risk, and the pressure from regulators and others to have effective risk management, how can a company continue to rely on manual processes?

I don’t understand. Do you?

I am pleased to see that my own company, SAP, is increasing its use of automation. They are not only using SAP’s own solutions for risk management and control assurance, but they are implementing some very cool mobile apps so that executive and line management will be able to monitor and address risks as part of their daily routines. Risk management is being embedded into normal business processes and decision-making.

How about you?

  1. July 5, 2012 at 12:11 PM

    You have to have the tools. The decision to use spreadsheets / word processing docs (as opposed to something modern) goes back to the age-old question of whether the information is a ‘document’ or ‘data’. My company is using a great new tool that focuses more on building relationships among goals, strategies and risks so that management can understand the overall performance management environment. We see that risk is one piece of the big picture, but not the only piece. This tool helps keep us focused on actually achieving results rather than pursuing a disconnected ‘risk management’ initiative.

  2. July 5, 2012 at 7:38 PM

    Reblogged this on Mukesh Gupta and commented:
    Marks raises a simple but an important question.
    “How does your organization manage risk?”

    This is one of the kinds that you do not realize the cost of not doing this right until something terrible happens. Then the cost is much more than if it was done right in the first place.

  3. July 6, 2012 at 9:38 AM

    Having the right tools are key to an “effective” risk management strategy. I do not logically understand why organizations will not invest in risk management, but I can identify the rationale based on discussion and observations. What follows are some of the things I have heard along with my opinions:

    -Many believe risk assessment (notice I said assessment, not management) to be an internal audit function. With this in mind, imaging the philosophy on risk management (of which risk assessment is one element).
    -It is also believed that taking the time to document risks slows down getting things done. Of course, this makes no sense. Having risks in writing provides for greater clarity, responsibility and accountability.
    -It is hard to see the value in investing in a risk system. Obviously, it is one of those things you do not know you need until you really need it.
    -I have also heard “I know what my risks are”. To which I always wonder, “Yeah but does anyone else. And who is making sure you are appropriately managing those risks.” It is difficult to manage the abstract.

    Unfortunately most organizations are still managing risks by putting out fires as they develop.

    • Norman Marks
      July 6, 2012 at 10:21 AM

      Excellent comments, Robert!

  4. Ali
    July 7, 2012 at 3:31 AM

    How can you manage risks without right purposes 😉

  5. Robert Kasaija
    July 9, 2012 at 8:10 AM

    Great article Norman. Let me explain it my way-imagine you want to move from point A to Point B (say 25,000 km apart) and the available tools are 1- you can walk 2- you can run 3- you can use a car 4- you can use a train, 5- you can fly.

    Now, there is chance that some of the tools used to travel from point A to Point B shall not succeed or if they did, it would take a long time.

    The implication is some of the tools used are too slow that they can not catch up with the pace of risk and are therefore ineffective given the high pace of business in the current environment. In fact some tools may never management the risk at all.

    It therefore makes sense to invest in the right tools to deal with the right risks at the right time.

  6. Paul Bradley
    July 22, 2012 at 11:50 PM

    Good article Norman and great comments. It is staggering how many organisations continue to use excel .. but sometimes it’s appropriate for the size and complexity of a project or organisation.

    I think it comes down to the design of the risk tool. It must be agile and help an organisation quickly respond to emergent risks. Risk tools are typically designed to assist in the prioritisation of risks, management of risk responses and often standardise the risk process. They don’t always behave in an agile way, too many features are instilled in an effort to satisfy all their customers requirements, bloating the software

    I’ve found complicated, field hungry risk tools often reduce an organisations ability to deal with change- the bureaucracy confuses people, paralysing the organisation. Individuals typically focus on populating all the fields within the risk tool, rather than managing risk… maybe i’m cynical.

    Excel can sometimes win, but in complex programmes and large organisations it loses.

  1. July 6, 2012 at 5:19 PM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: