Risk

Avoid This Makeshift Method For Collecting Risk Data

By Michael J. Martin | June 27, 2024 | 3 min read
Spreadsheet frustration

Are you using spreadsheets to collect your risk assessment data? If so, you're not alone — most Fortune 500 security teams use this makeshift method for collecting risk data. Unfortunately, it’s a waste of time and may create more problems than it solves.

When I visit a Fortune 500 company, there’s usually a little bit of reluctance when I ask to see their current method of collecting risk data. Then I am shown a sprawling spreadsheet with pivot tables, formulas, and other complexities. Sometimes it’s a Word document with a table in it. Sometimes it’s a collection of documents and spreadsheets.

Whatever the combination is, it’s complicated, not secure, and could get deleted or copied. There are much better ways to collect, analyze, assess and mitigate your risk.

The problem with spreadsheets

Spreadsheets may seem like a good way of collecting risk information. Most organizations have access to spreadsheets, for example, and most of your employees probably understand the basics of Excel. However, when it comes to managing, tracking, and remediating risk, spreadsheets aren’t able to act as a database for your security team.

1. Spreadsheets don’t scale well

While a spreadsheet can roll up information from one site, or even from a few sites, things get much more complicated when your organization starts growing. The more sites you add to your spreadsheet, the more difficult it will be to see all the information you need at a glance.

2. Spreadsheets are static

A spreadsheet is a static document; someone needs to manually enter information from a risk assessment into the spreadsheet. This requires time, effort, and data entry is not a good use of a security member’s time. Additionally, the spreadsheet may be able to capture certain information, such as the number of cameras or fire extinguishers at a site, but they’re limited. There’s no way to view that information through the lens of a particular risk scenario. A spreadsheet can’t tell you if the types of cameras you have are well placed to catch insider theft, for example. You can’t see where those cameras are on the floorplan of your site.

3. Human error

Data entry is tedious, and it’s easy to make mistakes during boring tasks. This can lead to the wrong information being input, or to accidental changes to formulas. A colleague might inadvertently change a formula and affect the entire spreadsheet.

4. Versions

You want your risk and remediation database to be a single source of truth, but spreadsheets are easily copied. If a team member makes another version of the spreadsheet? Which version is correct or do both versions contain their own information? Who will combine multiple versions back into a single document? The logistics around managing the spreadsheet can turn into a nightmare.

A more sophisticated solution for risk analysis

When you’re managing risk, the platform you use should be a living document that grows with your organization and helps you see the information you need to see at a single glance. It should be able to aggregate risk analysis data, and let you look at your entire organization’s security through the lens of different risk scenarios.

Circadian Risk’s digital platform consolidates your risk information in one database. It’s a single source of risk information; from the assessors who input their evaluations directly into the platform to the team members who use that data to create reports, presentations and checklists for remediation, everything is in one platform.

Circadian Risk takes assessment data, collates it for immediate analysis, and aggregates it to immediately give you insights across your organization. The platform reflects remediations as soon as they are made, and there is only one version, securely stored on the cloud.

‘This is the solution I’ve always wanted but didn’t know existed’

The reason so many organizations are using spreadsheets is that they don’t know a better solution exists. We’ve been told by many clients that they’ve wanted a solution like Circadian Risk, but didn’t know one was available.

Ready to learn more about Circadian Risk’s unique product? Talk to us now to schedule a demo.

Are you ready to improve your organization’s risk management?

See Circadian Risk In Action Now
Schedule FREE Demo