Moving from spreadsheet-based project and portfolio risk management to app focused risk analysis 

Three pitfalls of traditional risk management methods

There’s no escaping the fact that project managers are highly adaptable when communicating critical information. It’s part of the job. And no matter how you prefer to communicate, the issue that many teams encounter is the proliferation of uncentralized spreadsheets via these communication lines. Even with the best intentions, project teams tend to make copies of spreadsheets and, in my experience, this is especially true for risk data. Even after implementing a specialised risk solution, many team members still export data into a spreadsheet, work on it, and email it around for review.  Whether it is action status updates or risk likelihood and impact reviews, the project management world loves an emailed risk spreadsheet! 

On the face of it, this may not appear to be an issue.  After all, everyone has a spreadsheet application on their computer or phone, and people are familiar with the working environment.  However, a spread-sheet based approach to risk management introduces both errors and inefficiencies when trying to manage project risk. In this article I want to examine the key areas of concern: 

1 Risk data spreadsheet configuration control 

Probably the biggest issue is configuration control. Unless version control is monitored strictly it is too easy for a person to create a copy of a spreadsheet that is no longer the latest version. From that point forward, no one who works with the document will be using the right data. In my role as Project Risk Manager on a multimillion-pound defence project, it was up to me to instil a degree of version control on our mandated spreadsheet process. Then at the end of each month, I still had to sift through the plethora of spreadsheets sent back to me in order to rationalise what had been changed and when. On a number of occasions I discovered errors induced by poor version control, which meant I had to go back to the originating data owners to understand their desired position. It did not help that the team was spread all over the UK, so face-to-face meetings were difficult to arrange. It was a slow and difficult way of working. 

2 Single-minded risk data focus 

Next is the single-minded nature of risk owners when it comes to risk data. If you are sent a spreadsheet containing a list of risks, some of which you are responsible for, your focus is likely to be restricted to the risks assigned to you. You may also have filtered the risk data, or had it pre-filtered by someone else, to make it easier to find those issues most relevant to your immediate situation.  Whilst this is the human thing to do, by not looking at the project as a whole, potential critical interdependencies with other project areas can be overlooked. Therefore, it makes sense to look at a project from both the individual risk perspective, and a top-down project risk perspective. This may not be easy when projects contain tens of thousands of activities and potentially thousands of risks.  So it is necessary to introduce categorisations into the risk data. Good categorisation can cut across large data sets to reveal pertinent information about specific groups of uncertainties, both temporally and spatially. This capability is invariably lost when spreadsheets are used.  

So why do project teams prefer to stick to these old, inefficient ways of working?  Having operated in such project environments for many years, I think that it comes down to three key elements. 

• Dedicated risk software tools can seem too cumbersome to use 
• People do not like change – it’s easier to stick with the familiar spreadsheet and email 
• Project teams are too busy to talk – either with each other or with the risk manager
   

3 Exporting risk data to spreadsheets from risk management software 

Even when project teams have very sophisticated, expensive risk management software, they often export the data into a spreadsheet because engaging with the software tool can be difficult.  Indeed,  customers come to me now because they are moving away from such software packages, stating that they are too sophisticated for their needs. Most people want a tool that they can learn to operate quickly; one that provides enough capability to get the job done and move on. 

The bottom line is that people are used to working with a spreadsheet risk register. This may seem a simple (and perhaps familiar) way to look at a lot of data, however it is not the most efficient way.  Spreadsheets cannot easily display the large amount of parallel data used in risk management, such as multiple impacts or actions. I always made lists within a cell to represent my multiple actions. This did not allow me to monitor and record progress very easily. What I wanted was a simple row of data for each risk, but to be able to see the likelihood, the impacts and the actions laid out in a bowtie display of risk data. During the development of Safran Risk Manager, we moved through a couple of different iterations of displaying risk registers until we settled on a hybrid risk sheet which gave me the view I was after. 

We all know that busy project members prefer to fire off an email rather than engage in a conversation about a risk scenario. Software itself cannot change this behaviour, but by making the capture and reporting of risk data both simple and efficient, people recover wasted time, enabling them to engage with other project members in more useful ways. In my experience as a risk professional, a good face-to-face chat with the person who is taking responsibility for their part of the project is an extremely useful way of collaborating. It enables a two-way dialogue where I can better understand their particular area or situation. I can then share my knowledge or previous experience from a wider perspective. On several occasions, my cross-project and cross-disciplinary knowledge highlighted a potential solution to a problem, or else uncovered shortfalls and missed risks within an assessment.   

Risk management using spreadsheets is inefficient and costly to project profitability  

To summarise, it is possible to manage risks using spreadsheets and email, but this approach comes at a cost.  Inefficiency and a tendency to naval gazing mean that project teams are not getting value from the risk management process.  By introducing a simple to use and efficient software solution like Safran Risk Manager, version control can be brought to heel, projects can start to see the bigger picture, data gathering and updating can be streamlined, and value-added dialogue can be facilitated. 

Is your team stuck in a cycle of errors and time-wasting by relying on risk spreadsheets? Or is your current risk management software tool just too complicated, and not fit-for-purpose? We are here to help you save time, drive better risk management practice, and increase the performance of your team. Get in touch with an expert Safran advisor today.