Welcome to

Articles on best practices and our experiences in managing business, technology and data risk.



Why Spreadsheets are a Risk to Your Risk Program

June 12, 2018 in Enterprise Risk Management

Spreadsheet based risk programs can be risky

If you are like many organizations, your enterprise risk program and risk register started on spreadsheets. After all, spreadsheets are free, easy and flexible, and require little user training.

Spreadsheets are also a risk to your risk program.

There are many ways to view risk. One that we find helpful is to think of risks as events that may occur and negatively affect outcomes that are important to you.

So, what are the outcomes that are important to you for your risk program? Identifying the biggest risks? Lowing mitigation costs? Engaging the right stakeholders and contributors? Supporting better executive and board decision making? Ensuring integrity in the risk program? Lowering the cost and pain of managing the program? How about “operationalizing” risk, so that it becomes a continuous management practice throughout your organization and not just something that the risk experts do?

Simply put, spreadsheets are a risk to your risk program because they threaten every one of these outcomes.

First, if you are responsible for administering and maintaining your risk program, you know firsthand the pain, time and expense involved in using spreadsheets to collect and collate risk information. This is the true cost of spreadsheets. Less time is spent on value-added work, simply because risk managers spend too much time gathering and massaging data. (OK, one could argue that this is not technically a risk, because it is a virtual certainty!).

With spreadsheets, follow up on action plans is entirely manual and often doesn’t happen at all. How can a risk program have integrity without accountability and follow through? ERM programs can easily become dreaded annual “checkbox” activities that do not add real value to the organization.

On the topic of integrity, changes cannot be tracked properly in spreadsheets. Many risk managers react by locking down access and centralizing ERM administration in the hands of a few experts rather than propagating it out through the organization where it can add real value.

Next, spreadsheet-based programs fail to deliver new and meaningful insights. It is not feasible to create many-to-many linkages in a spreadsheet. Managers cannot see the relationships between risks, root causes, controls and consequences – preventing them from exploring risk scenarios and uncovering new insights. Drill-down and flexible reporting is impossible. Executives become frustrated when they cannot get quick answers to questions or see reports recast from different perspectives.

And now for the big one. Risk programs based on spreadsheets are not able to effectively engage business and executive team members, because of all the reasons above and the simple fact that executives not not enjoy filling out spreadsheets. Risk never becomes an organizational-wide practice. Risk culture never takes hold. And the true value of risk management – improving the likelihood of desired business outcomes – is never realized.

We spend a lot of time speaking with risk thought leaders about this topic and practical ways to move beyond spreadsheets to improve effectiveness and make things easier. If any of these challenges sound familiar, or if it is just something you would like to share ideas on, please comment below or reach out to us – we’d love to chat.

Thank you,
Jason Doel

Tracker Networks Inc.

Real Risk Cultures That Work

June 6, 2018 in Enterprise Risk Management

Creating an environment where a risk culture thrives

Since the release of our Essential ERM solution, we’ve had the opportunity to speak with many smart risk and finance professionals. This post is the first of many to come.  As we go, we’ll share with you some of the best observations we’ve heard from experts in the practice. We hope these can help you make better sense of risk management within your organization, and more importantly, boost your business outcomes!

The first and most common thing we hear is that Enterprise Risk Management (ERM) means very different things to different people. For many, it is an outgrowth of compliance.  For others, it is an extension of the executive planning process, identifying opportunities and threats that affect business outcomes. Still others view it through the lens of oversight and reporting. But across the board, there is a lot of interest in the importance of fostering risk management practices through an underlying “risk culture”.

Culture is an intangible, and risk is complicated and challenging. But, a great deal of it boils down to the behaviours of individuals in a specific group or setting and much value can be found by zeroing in on two dimensions:

1) More powerful communication of risk insights

2) Better alignment of enterprise risks to incentives.

COMMUNICATION: Not every employee has the same insight into the operational, market, financial or reputation aspects of risks. Not everyone is in the same position to offset the downside of risk or exploit the opportunities inherent in uncertainty. Question: Are your risk specialists sharing their insights with the doers in your company and vice versa?

INCENTIVES: Similarly, not everyone feels the impact of risk equally and not everyone is affected by uncertainty the same way. Question: In terms of “skin in the game”, do the people in your organization who are best positioned to mitigate and manage risk early and effectively have the authority to do it? Do the incentives make them likely to act decisively or effectively?

These are ideas we discuss often.  If they are interesting to you, please don’t hesitate to reach out – we’d love to talk.  

Also, please feel free to share your thoughts below and let us know what you would like us to discuss in future posts! You can subscribe to be notified of our next post by visiting www.trackernetworks.com/observations.


Miles Smit, PhD

Tracker Networks

Tracker Networks is a Toronto-based software company that offers a suite of risk tracking solutions including AppTracker and Essential ERM. Essential Erm offers no-nonsense risk tracking. It is simple, visually appealing, powerful and a breeze to implement.

Learn more at www.trackernetworks.com/essential-erm or email us: success@trackernetworks.com

Welcome to Tracker Observatons

May 17, 2018 in General

Welcome to the  Tracker Networks blog. We call it Tracker Observations. We periodically post articles on risk management best practices and our experiences in managing business, technology and data risk.

[contact-form-7 title="" id="4"]