A Joined Up Approach To Enterprise Risk Management

You would have thought that recent events in the financial markets would have shaken the business world out of its complacency, and injected a healthy dose of reality regarding the importance of risk management across the enterprise and also what can happen if things go wrong.

But then, you would have thought that they would have learned from fiascos such as Wembley Stadium, the Dome, the Millennium Stadium, The Scottish Parliament and any government IT project that you care to think of. How many other smaller disasters are happening every day because risk is not being effectively managed?

Achieving compliance with corporate governance guidelines is about gaining visibility to risks at the highest level and just not a matter of ticking the boxes to show that a risk management process is established. ‘Knowledge is Power’, and the ability to make successful corporate decisions is totally dependent on ready access to high quality, up to date information.

The fact is that most individuals in organisations usually know exactly what risks they face. However, the problem is that the risks are not always known by the right people or, if they are, they tend not to be properly understood and acted upon. One has to accept that there is still a culture prevalent within many organisations of routinely hiding risk as no-one likes to be the bearer of bad news or admit that their planning processes have failed.

This is often compounded by the natural human instinct of burying your head in the sand and hoping that a problem will go away, and the fact that employees are more A Joined Up Approach To Enterprise Risk Management Y commonly rewarded for firefighting and solving problems than for ensuring that these problems did not happen in the first place.

When deploying enterprise risk management it is essential that you start from the ground up if you are to stand any chance of getting the right information flowing throughout the organisation. Yet one of the biggest obstacles to achieving this is the continued reliance on Excel-style spreadsheets.

It is easy to see why the spreadsheet-based risk registers are so popular as most people have access to a spreadsheet on their computers. They are quick and straightforward to use, so it’s easy to get busy people to enter some risks. However, whilst this approach has certainly got to be better than doing nothing at all, the limitations of spreadsheets are many.

Firstly, how on earth do you consolidate information from multiple spreadsheets to enable effective corporate decisions to be made with all the facts to hand? If you want to get a business-wide view of risk, you need all the information in one place and entered in a consistent way, so that you can easily identify the biggest risks to your business objectives.

And since only one person can use a spreadsheet at once, it is inevitable that it will be the risk manager who updates it. But how do you ensure that data is provided to them on a regular and timely basis? How is it possible to get a real-time snapshot of all risks when so much is dependent on information being manually sent to the risk manager? To be successful, enterprise risk management requires that the right information flows up, down and across the organisation. This means that employees have to take responsibility for their own risks. However, this is not easy to achieve when only the risk manager ‘owns’ the risk register?

It is difficult to see, by any stretch of the imagination, how the spreadsheet approach can equal good corporate governance. Deploying an effective enterprise risk management solution will help get everyone thinking about risk as part of their daily routines. It will also enable all information about risks to be out in the open and accessible from any location around the clock. But we all know that you can’t expect people used to the simplicity of Excel to use a complex enterprise risk management tool that has been designed for experts.

This was one of the biggest challenges facing us when we were designing Predict! 4. Predict! 4 overcomes many of the concerns expressed by organisations wishing to abandon their reliance on spreadsheets. For users requiring a simple, no-frills approach to risk management, we developed RCLite, an Excel-style template that has all the benefits of flexibility, familiarity and ease of use that spreadsheets bring. What is more, RCLite can also be used in conjunction with Predict!, using the spreadsheet to create and update risks and actions, then easily uploading the information into the central database, so that the information is available for instant review.

Users requiring greater functionality can access editable spreadsheet-style registers to enter data directly into Predict!. The amount of data to be entered and the way it is presented is configured by an administrator to meet the needs of different types of users and the complexity of each business area ensuring that users are never overwhelmed by a needlessly complicated interface. If a user isn’t going to use part of Predict!, whether it’s a field in a form or a feature, you just hide it!

Once the information is in Predict!, you can achieve a consistent and clear understanding of risks and opportunities and how they impact on the delivery and profitability of projects and business initiatives across the enterprise. And our simple, targeted escalation feature allows you to raise key risks to the organisational level where they are best managed. Predict! represents the latest generation of risk management and analysis solutions and gives organisations a single, holistic view of risk enabling more intelligent and timely business decisions to be made.

Predict! helps turn risk into reward as well as making it easy for people throughout an organisation to determine the cost of dealing with risks and make strategic decisions, based on ground-level information. Now there really is no excuse for the sorts of disaster that have become all too common.