Manage Tomorrow's Surprises Today

Steven Minsky

Why SharePoint Fails to Support ERM

user-pic
Vote 0 Votes
iStock_000033404482Small.jpg
While SharePoint is a good tool for file storage, it falls significantly short of delivering the capabilities a risk manager needs to analyze trends and see the relationships the job requires.


Cost & Innovation


SharePoint on the surface may look like an inexpensive solution versus commercial ERM software, however the hidden cost of IT development is rarely understood until too late. To make a SharePoint project useful, a minimum of $150,000 in labor alone invested over 2 years is required for small to mid-sized businesses, even for the most modest attempts to internally develop, test and support a software infrastructure for ERM. This investment is often much greater for larger organizations (greater than 1000 employees). ERM software vendors invest millions of dollars in their product development, have the benefit of 10 years of business requirements definition, and thousands of experienced risk managers providing feature recommendations. Software companies can then distribute this cost over its entire customer base and have access to the many ways organizations are actually using the software to shape the functionality over time to incorporate evolving best practices to support an effective and efficient ERM program. These costs do not include the time of business users in the business requirements gathering process or consultants on risk management best practices inquiries. Worst of all, how will risks be managed during this time when your organization is tied up with software development rather than focusing on their core area of business?


Engagement of Others

Risk management is an iterative process that requires collecting a great deal of information to glean the necessary insights.  An ERM program is only effective if regular folks throughout the business use it! So the true insidious cost of an internally developed SharePoint attempted ERM solution is the lost time and energy of that results when IT developers without risk or business backgrounds attempt to deliver a tool for business users without the prerequisite experience to do so.  The result is a solution that no normal business user can understand. Without the engagement of managers to participate in assessments, there is no meaningful data for an enterprise risk management program manager to analyze.


Managing Relationships

Not only does SharePoint impede the process of combining data into a coherent big picture, it also means any changes to data structure becomes a great undertaking.  Dependent on SharePoint and spreadsheets, risk managers will spend countless hours validating data, double-checking formulas, and updating values instead of spending that time on much needed evaluation and mitigation. Risk analysis is not a static process; it's dynamic and highly strategic. Assessment structure, information, and the people involved evolves over time as management's requirements and priorities change. SharePoint and spreadsheets, however, are static.  With each change to a spreadsheet or SharePoint site, links between information are lost making it very difficult to analyze relationships over time.  Without these relationships, how will you link risks and their controls to your organization's strategic goals? What's worse, SharePoint and spreadsheets can actually limit the depth of risk analysis.  You can only analyze the relationships your risk tools can uncover.  Spreadsheets offer limited access to past and current data, you cannot easily aggregate and dissect information, and they require a high level of technical knowledge to compare data over time. Simply put, spreadsheets and SharePoint prevent an understanding of the dependencies and consequences between departments, processes, and strategic goals.  Without these connections it's impossible to see how multiple risk can come together to create a disaster like the BP oil spill or the Japanese nuclear crisis.


Reporting

Risk management isn't something that can be done in isolation.  The information risk managers collect and analyze needs to be accessible to the rest of the organization.  SharePoint does not have sophisticated reporting capabilities, called business intelligence software, to share information with management or other support functions that could benefit from that data. The result is a risk management function without support from management and an organization with an abundance of duplicate tests, controls, and information.  Risk managers need to be able to aggregate and access information across business silos and multiple levels in order to engage the right people with the right information.


The Solution

Risk management requires dynamic tools that can organize and link data automatically, analyze dependencies and consequences enterprise-wide, and be accessed by decision makers and other silos. The solution is ERM software with a robust risk taxonomy that can organize risk-information all in one place, link the relationships between data, and be accessible to the rest of the organization.  Identify duplicate tests and controls, uncover the complex relationships between risks, and make that information accessible to decision-makers with one shared risk management platform.  

Explore how quickly you can make progress in your ERM Program with a complimentary 2 week trial of our new Basic Edition
Enhanced by Zemanta

1 Comment

| Leave a comment

1. How did you gather this information?
2. How many organization participated in providing the result that you provided?
3. What is the talent level of the IT individuals participated in deploying SharePoint?
4. Have you ever participated in a Firm that leverage SharePoint as a Risk Management Solution by talented individual to gather true value analysis?
5. Did you know that in most enterprise where SharePoint has been deployed and failed were managed by UNIX Management and Engineers?
6. Have you ever research the concept of: The True Quality of a product is determined by the talent engineers that deployed it?
You cannot have an IT Management that is weak in Talents to drive success of Business Goals. Hope this helps.

Leave a comment

In this blog, risk expert Steven Minsky highlights the differences between traditional risk management and true enterprise risk management, which is about helping things happen rather than preventing them from happening. Manage Tomorrow's Surprises Today is designed to help you think about risk in new ways and learn how to benefit practically from this rapidly evolving field.

Steven Minsky

Steven is the CEO of LogicManager, Inc. the leading provider of ERM software solutions. Steven is the architect of the RIMS Risk Maturity Model for ERM, author of the RIMS State of ERM Report among many other papers, and a RIMS Fellow (RF) instructor on ERM. Steven has conducted ERM and RIMS Risk Maturity Model training for hundreds of organizations around the globe. Steven is a patent author of risk and process management technology and holds MBA and MA degrees from the University of Pennsylvania’s Wharton School of Business and The Joseph H. Lauder Institute of International Management. You can reach Steven at steven.minsky@logicmanager.com.

Recently Commented On

Monthly Archives

Blogs

ADVERTISEMENT