Digitalization, industry 4.0 and the proliferation of standards and regulations have significant impacts on the risks and opportunities that companies face. Recently, this subject has become “hot” and Risk Managers have seen their palette of risk types widens while their function becomes more and more transversal within organizations.
It is therefore essential to implement a digital risk management strategy that ensures:
- an up-to-date vision of the risks and their level of criticity,
- a good governance, through a clear definition of roles and responsibilities,
- an efficient control management,
- a monitoring of all actions and measures,
- a fluid collaboration,
- the quality of the process, guaranteeing rigor and efficiency of management.
Indeed, it is essential to manage risk mitigation, traceability of measures and controls as well as a total compliance, while optimizing the necessary resources.
Many organizations have set up an in-house team that typically uses an Excel © solution for risks, controls, and metrics management. Risk management is a collaborative activity which requires the participation of different people: everyone has access to and generates part of the information. It then becomes difficult to wisely share information stored in such Excel © files. Thus, it is common to use emails and aggregate the different responses in a table. This is not only time-consuming but it also induces a risk of errors; besides, it becomes difficult to track “who changed what?” and “what is the latest version? “.
Therefore, Risk Managers need a solution which – in addition to the previously discussed features – can answer the following questions:
- Collaboration, consolidation, obsolete information and loss of information:
- How to spread information? Decision Makers and Risk Managers must be able to quickly access the collected information. Excel © tends to isolate information in “silos”, making access, sharing, comparison and management difficult.
- How to ensure that we are working with the latest version of data?
- How to make sure not to lose data (no backup or lost files)?
- Confidentiality, traceability, integrity and security of information:
- How to ensure confidentiality of the data without multiplying the number of files, which will make complex both aggregation and follow-up of information?
- How to track “who modified what”? Indeed, the major reason for the vulnerability of spreadsheets is their inherent lack of controls which makes changes / errors in formulas / values / etc. difficult to follow.
- Maintainability and scalability
- How to keep very personalized files up? When the owner of the files, who designed them, changes activity (or even business), it becomes difficult to continue using them. Thus, the new user will tend to rebuild his own system in Excel ©.
- How can the system evolve, when the organization grows or when new risks need to be managed? The multiplication of files and links between files clearly increases the inherent risks.
Beyond these aspects, taking risks also should be managed and measured according to the risk appetite/aversion and performance goals of the organization. Indeed, in order to seize market opportunities while remaining in an acceptable level of risk, it is valuable to link risk with performance information. Instead of opposing these two visions – performance versus risk – they can be combined into a more complete and robust system, leading to a better communication, an optimized collaboration and a more efficient management of the business.