Devon & Cornwall Police Authority adopted a formal risk management strategy in 2006. Until January 2011, it employed an Excel spreadsheet to record and track corporate risks. At first this was a simple spreadsheet, but inevitably it was tweaked and modified over time, for example, to indicate direction of travel for individual risks, provide a narrative to support changes to scores, date fields for actions etc.
As the maturity of risk management improved, it became clear that the limitations of spreadsheet functionality were beginning to hamper further progress. As part of the 2008/09 internal audit plan, the Head of Audit conducted a risk maturity survey of Members and Officers of the Authority to ascertain where, on the journey from risk naive to risk enabled, the organisation was positioned. The maturity model, based on that developed by International Association for Contract & Commercial Management (IACCM), measures maturity across four domains:
It was concluded that in particular, risk management processes could not advance in maturity using spreadsheet based records.
- Associated actions from each department's risk register now drive prompts via email to management - ensuring the risk universe is comprehensive
- Employee familiarisation with one system has resulted in organisation-wide employee buy-in
Pentana Performance has transformed the way we monitor risk. When we loaded our risks onto Pentana Performance, we took the opportunity to change the way we articulated them in the past. We now use a short description followed by causes and their potential effects. By doing it this way, it made it much easier to assign mitigating actions to individuals. Pentana Performance has added significant value to the Authority’s governance arrangementsSpokesperson, , Devon & Cornwall Police