This is the first part of a three-part series. Part 2 weighs in on the role that data automation can play in a risk management programme’s success. In Part 3, we examine why having actionable risk and compliance data is essential for transitioning into a data-driven organisation.

In a recent Q&A session with Origami Risk, Danny Pollard, Group Risk and Assurance Manager at the UK-based legal services firm Metamorph Group Limited, described the vision and roadmap for the Metamorph Group’s risk maturity model and spoke about what it means for the organisation as a whole. Among the topics covered by Pollard during the session is the criticality of ensuring that risk owners and other stakeholders are working from the same point of reference. “I like to identify that ‘one source of truth’”, says Pollard. “It’s important to get all of the different perspectives — to get the right people involved at the right time to source the right information… When you pull everything together, you start to see the issues and the opportunities that come along with it.” 

Having all relevant stakeholders involved at the right junctures in order to source the right information is a central component of a data-driven culture, which is defined in How to create a data-driven culture, an Amazon Web Services (AWS) Cloud Enterprise Strategy blog, as one that “embraces the use of data in decision making. It treats data as a strategic asset of the company by making data widely available and accessible.” 

When in place, a data-driven risk management culture can contribute to more informed decision making and help shift an organisation’s response to existing and emerging risks from reactive to proactive. “[B]eing data-driven enables you to start getting all the signals about what’s happening, and then you can put yourself in a position to respond,” says Rahul Pathak, general manager for analytics at Amazing Web Services (AWS), in Becoming a Data-Driven Enterprise: Meeting the Challenges, Changing the Culture, an article published in the MIT Sloan Management Review. “Once you’ve got the ability to understand what’s happening in your business and the ability to act on it, you can start to make good decisions.” 

Multiple Sources of Truth and the (Many) Other Problems with Spreadsheets 

Data silos are one of the more common roadblocks in building a data-driven risk management culture. Edd Wilder-James, in the Harvard Business Review article Breaking Down Data Silos, describes these silos as isolated islands of data that complicate and make more costly any advanced data analysis initiatives.  

A prime culprit in the presence of data silos is the widespread use of spreadsheets for the collection, sharing, and analysis of risk, compliance, and other critical points of data. With spreadsheets stored on different computers and disseminated via email, it can be difficult to ensure that stakeholders are operating from a single source of truth. 

Building on what is already a problematic foundation, spreadsheets can also negatively impact a data-driven approach to risk management in the following ways:  

Increased likelihood (and proliferation) of errors — Within spreadsheets, an issue with a single formula or the miskeying of data — even into a single cell of a spreadsheet — has the potential to affect the accuracy of analyses businesses depend on when making critical decisions. A recent Wired article, Meet the Excel warriors saving the world from spreadsheet disaster, points to research suggesting that over 90% of spreadsheets contain errors and that approximately half of the spreadsheets used operationally by large businesses have “material defects.”  

Over time, as a spreadsheet containing an error is shared, edited, and shared again, errors can be exponentially amplified. To compound the problem, the lack of an audit trail makes it impossible to identify the point at which errors were introduced, thus limiting any chance of quickly and easily correcting issues. 

Wasted time and reporting lags – For firms with data that is stored across multiple systems, collecting and storing data in spreadsheets typically means a lot of copying and pasting (or worse, rekeying). The result is an inordinate amount of time spent manually working with data instead of performing higher-value objectives related to risk management, compliance, and other objectives.   

Depending on the amount of data and the frequency with which reports are run, manually populating spreadsheets can also mean that reports and analyses don’t draw from real-time data. 

Constraints on collaboration – The ability to collaborate with multiple users, in real-time, is critical to an organisation having a data-driven culture. Unfortunately, spreadsheets were not designed with collaboration in mind. Although recent enhancements to Microsoft’s Office Suite have improved the ability of multiple users to simultaneously access and work in the same Excel spreadsheet, there are still limitations when it comes to collaborating and communicating with stakeholders. 

“Excel is the most commonly misused programme in existence,” states the author of Excel Spreadsheets are often a giant waste of money. “A spreadsheet is a desktop application meant to be used by one person. When the application needs input from multiple people or the data needs to be secure and shared by multiple people, the spreadsheet is the wrong tool for the job.” 

The Benefits of an Integrated, Single-Platform Solution 

Just as risk management professionals and the stakeholders with whom they work must operate from a single source of truth that supports a data-driven culture, the technology used to support risk and compliance programmes should contribute to the elimination of data silos. Success depends upon it.  

An integrated, single-platform solution like Origami Risk counters the issues associated with the use of spreadsheets in a number of ways. These include the following:  

Access to real-time data – Origami Risk’s single-platform integrated RMIS, GRC, and EHS solutions include flexible tools that allow for integrations with virtually any third-party software platform, including HR, document management, payroll, and other systems in use across the firm. Automating these feeds not only reduces the amount of time spent manually entering data, but it also means that reporting and analysis is performed using current data. 

Improved data quality – Whether through the direct entry of data into a system or via integrated feeds of data from other systems used throughout the firm, a eliminates the error-prone process of transferring data between spreadsheets. Analyses and reports are based on data that is more accurate. In addition to the ability to set up system checks based on defined business rules and the ability to protect designated fields from being updated, the system also stores audit trail of changes. 

Improved collaboration – Beyond allowing multiple users being able to update or report on data simultaneously, and integrated risk management platform can help to break down silos of data and enhance collaboration across departments. Improved collaboration can potentially have additional benefits. For example, exposure data and/or can be shared with brokers to help ensure that policies are renewed on time and, in many cases, provide information about risk mitigation efforts and the effectiveness of controls that can contribute to renewals at favourable rates. 

Is it Time for Your Organisation to Move Off of Spreadsheets?  

“In an era of ‘interesting times’, it’s clear that pursuit of the status quo in risk management is looking less and less likely to hold.” That is one of the many takeaways from Origami Risk’s 2022 State of Risk Report. “This means that everyone, from risk managers to executive teams, will be reconsidering how the risk function works. Likewise, risk professionals at all levels will need to understand what will be required for their organisations to become more agile and resilient.”  

Getting there — by becoming a data-driven organisation — is difficult when using spreadsheets to manage risk, compliance, insurance, and claims data. So how does one know when it’s the right time to invest in a more effective technology solution?  

As a rule of thumb, the difficulty level of gathering exposure information for use in the insurance policy renewal process or collecting and analysing risk assessments are just two ways of determining if your firm might be ready for the move from spreadsheets to integrated, single-platform solutions that provide access to risk management, compliance, internal audit, or claims administration solutions.  

Additional questions that risk professionals can ask to determine if a change in technology is warranted include the following: 

  • Is risk, claims, and insurance data stored in spreadsheets used across multiple departments? 

  • How much time is spent on the manual entry and correction of risk and compliance information? 

  • What are the complexities of your firm’s risks and exposures? 

  • How much time is spent on the collection and analysis of data used to better understand risks to the organisation’s strategic objectives, negotiate lower premiums, or guard against coverage gaps (or overlaps)? 

  • How much time is spent pulling together data for use in the creation of reports for your firm’s executive management team or board of directors? 

To learn more about risk management, compliance, and insurance technology solutions available from Origami Risk and other providers, download the 2022 RMIS Report or contact us for more information