ComplianceESGApril 15, 2021|UpdatedFebruary 22, 2022

Excel versus BowTieXP – Which one is better?

CGE Risk, Blog, Risk, Excel Pittfals

Are you conducting risk assessments with help of Excel?

Stay focused, as amongst other important downsides, Excel can be excessive and does not rule out blind spots. If you want to fully understand the most important risks you are dealing with, read on, and rule out those hidden Excel risks!

Excel might seem a good tool for risk assessment…

Many companies choose to use spreadsheet in Excel for their risk assessments. The results of risk assessments are often gathered within risk registers, which provide insights in all possible risk scenarios, their threats, consequences, and controls. Risk registers are also often kept in Excel spreadsheets. Registering data within a spreadsheet is a great way to store and organize all relevant information. However, Excel is not specifically built for risk assessment, so there are some limitations to this approach to keep in mind.

Pitfalls when using Excel

1. Excel is excessive

Risk management is easily overcomplicated. Building a risk assessment in Excel can quickly lead up to hundreds of rows of data. This makes it cumbersome to interpret the data, perform your analysis, build reports and decide what information is crucial and what is not. When looking at a risk register, the information often gets too excessive for non-experts. And even experts can easily get lost in the amount of data.

2. Excel does not rule out blind spots

A spreadsheet does not necessarily show the relations that are so important to fully understand the risks your company is dealing with. Blind spots can arise because excel sheets often don’t show control measures in the context of specific risk scenarios. In other words, you cannot always distinguish where a control is placed within the risk scenario, and subsequently, where controls are lacking.

Excel blog post image

Figure 1 – Classic risk register spreadsheet (click here to see an enlargement of the image)

For instance, what does the above image tell you? You can tell that there are 9 control measures in place covering 3 threats and 3 consequences. This should be enough or at least “medium safe”. Therefore, the risk rating is set to medium based on this Excel register analysis. A logical assumption could be that the control measures are equally divided overall threats and consequences. However, this is not guaranteed for it is not visualized clearly by the spreadsheet.

3. Excel does not easily transfer and/or communicate information

Risk Management is not a one-man job. A risk manager often needs input from key individuals across the business. Excel is not really equipped to collaborate though. You cannot access and work in the same file. Of course, you can circumvent this by using tools such as SharePoint but watch out for errors or ‘double truths’. Furthermore, you would like to inform your ‘non-risk-related’ colleagues about the risks involved in their job right? It can be hard for them to see the bigger picture from those hundreds of rows of data.

4. Excel is sensitive to input errors or typo’s

As any of us know, it is very easy to make a mistake in Excel. Due to the huge number of cells, it is easy to make a small typo or error without realizing it.

5. Excel is time-consuming

Excel lacks scalability, has limitations in the amount of data and a lot of actions must be done manually. This makes the whole process time-consuming.

6. Excel can’t combine data sources

Excel misses the opportunity to link your risk assessment or risk register to other data sources like audits, incidents, etc. It is precisely this link that makes your data valuable.

Stay focused!

Keep these pitfalls in mind when conducting your next risk assessment in Excel and make sure that these disadvantages do not get in the way of making your risks fully understandable.

Do you want to learn more about keeping overview of risk scenarios and how they can be managed? Learn more here.

© CGE Risk. 2021 – The copyright of the content of this blog belongs to CGE Risk Management Solutions B.V.

Related Insights

  • Article
    Compliance
    May 02, 2025

    Preventing serious injuries and fatalities in the energy industry

    Download this infographic to learn how EHS professionals in the energy industry are adopting a risk-driven approach to prevent serious injuries and fatalities (SIFs).
    Learn More
  • Article
    Compliance
    May 02, 2025

    How to build strong bank-fintech partnerships: Opportunities, risks, and compliance considerations

    Zaida Aponte's feature article in ABA Risk & Compliance magazine explores best practices for bank compliance professionals to follow to actively manage risks and help ensure successful fintech partnerships.
    Learn More
  • Article
    Compliance
    April 30, 2025

    Maximizing internal audit effectiveness through external quality assessments

    One of the key processes that bolsters the trustworthiness and effectiveness of the internal audit function is the external quality assessment (EQA).
    Learn More
  • Article
    Compliance
    April 29, 2025

    7 reasons why lenders need compliant, efficient document generation ― and how automated solutions can help

    Automated document generation is crucial for lenders to meet compliance, streamline processes, and mitigate risks. It enhances efficiency, improves customer experience, supports scalability, and ensures audit readiness, making it a vital tool.
    Learn More
Back To Top