Skip to content

5 reasons why spreadsheets don't work for managing risk assessments

Anthony Stevens |

October 15, 2019
5 reasons why spreadsheets don't work for managing risk assessments



If your organisation relies on Excel and Word as its preferred tools for managing compliance and risk assessment, this could have disastrous consequences for the business, both internally and externally.

‘But Excel has worked so well for so long,’ I hear you say.

While that’s true, it’s time to face facts.

In the context of the modern, digitised economy, Excel is fast becoming an outdated solution. While it’s versatility and accessibility long stood as the industry standard, the development of competing, purpose-built cloud solutions could change this. Particularly in use cases related to risk assessment, risk management and compliance, Excel is quickly becoming an undesirable solution for the reasons I’ll outline below.

Five reasons why spreadsheets are an ineffective risk management tool  

When an organisation first makes the decision to use Excel (or Word and/or SharePoint) to manage its risk processes they sacrifice the ability to manage data consistently, at scale, and across a widespread operation.  

Whether it be for cybersecurity, data privacy or modern slavery, failing to ‘keep up’ with related threats or adequately assess related risks will only lead to further frustration, failure – and potential disaster. 

Here are just some of the ways that spreadsheets may be hindering rather than helping your organisation.  

1. Mistakes galore

You might be surprised to learn that as much as 90% of all spreadsheets have errors that affect their results, according to an article published by ZDNet 

Even your best employee can make a simple error when entering data into a spreadsheet or generating formulas. If this error is carried across multiple spreadsheets (as is often the case), this only compounds the problem.  

To make matters worse, inaccurate data can easily be overlooked. But, if a particular decision is based on that data, it can have a lasting – and potentially devastating – impact.  

2. Huge amounts of time and money

There’s no denying that risk management is a laborious, time-consuming, expensive task. Risk management teams spend hours upon hours checking and double-checking data, rather than focusing their energy on evaluation and mitigation. This could be the difference between a $340 million fine and a $1 billion fine.

Be honest: How much time do you think your organisation spends on the colossal task of documentation during the compliance cycle? But it doesn’t end there. Once the data-gathering process is finally complete, you must build out your reporting. This has to be done manually. As a result, collating and sharing your compliance status with your colleagues can start to feel all-consuming, requiring seemingly endless amounts of manpower and time.  

3. A lack of accountability 

Admittedly, it is possible to password protect particular spreadsheet files, to protect them from unwanted eyes.  

But is there a way to delegate specific sections or questions of these excel documents? More specifically, to the exact experts or teams with the relevant information working across an organisationIs there a way to track who opened and saved a spreadsheet? Is there a way to see whether changes have been made and who made those changes, as well as why?  

Without these sorts of ‘features’, spreadsheets suffer from a crucial lack of accountability. This also leaves your organisation open to spreadsheet manipulation, perhaps to cover up compliance issues or risks that could hurt your company’s image or operations. This will only end badly.

4. Too much rigidity

As you know, risk analysis is always changing. The tools, processes and people involved will naturally evolve over time, as the requirements and priorities of your organisation change.  

Yet spreadsheets are in stark contrast to this, since they’re rigid. With any change to a spreadsheet, you run the risk of information being lost. This makes it difficult to collaborate with other stakeholders, both internal and external. As a result, it becomes incredibly difficult to maintain effective risk management, particularly where thirdparties are concerned.

5. Limited reporting and analytical capabilities

You may already know this, but it’s very difficult – sometimes even impossible – to extract meaningful business and risk management insights from the data you input into spreadsheets. This is because of the lack of referential integrity and the inability to create links between data in different files.  

Even if you can extract actionable improvements, spreadsheets are still limited to a ‘point in time’ snapshot of one’s compliance. Though, only recently have other solutions appeared that assist businesses with ongoing compliance monitoring. 


The inherently flawed nature of spreadsheets – and what you should use instead 

While we understand spreadsheets are familiar and comfortable, they also create a lot of stress and potential risk, due to the reasons outlined above.  

The manual nature of spreadsheets means they also require extensive time and money, including substantial manpower, to deliver the bare minimum in terms of compliance-related data and reporting. Adding to that, the results generated are only accurate for a limited time.  

So, what’s the solution?  

Supercharge your risk management with 6clicks

6clicks is a cloud-based platform built to automate inbound, outbound and internal risk assessments for organisations.  

When it comes to effective risk management, there are many benefits of using 6clicks technology in the place of spreadsheets, including: 

– Integrated risk assessment data (meaning results appear instantly). 

– Test out 6clicks using the Free Forever plan or sign up for 10 times cheaper than alternatives on the Enterprise plan

– Assign actions and tasks to the relevant individuals or teams. 

– Easily collaborate and leverage the expertise of your teams or preferred service providers

– Harness our built-in comprehensive analytics and reporting module. 

– Access best-practice guidance from industry-leading cybersecurity organisations. 

Anthony Stevens

Written by Anthony Stevens

Ant Stevens is a luminary in the enterprise software industry, renowned as the CEO and Founder of 6clicks, where he spearheads the integration of artificial intelligence into their cybersecurity, risk and compliance platform. Ant has been instrumental developing software to support advisor and MSPs. Away from the complexities of cybersecurity and AI, Ant revels in the simplicity of nature. An avid camper, he cherishes time spent in the great outdoors with his family and beloved dog, Jack, exploring serene landscapes and disconnecting from the digital tether.