Managing risk data: From spreadsheets to information systems

The goal of Risk Management is to define prevention and control mechanisms to address the risks attached to specific activities and valuable assets. Many Risk Management efforts operate in silos with narrowly focused, functionally driven, and disjointed activities. That fact leads to a fragmented view of risks, where each activity uses its own language, customs and metrics. That limits an organization-wide perception of risks, where interdependent risks are not anticipated, controlled or managed. The lack of integrated solutions to manage risk information, lead the experts to use spreadsheets as their main tool, impeding collaboration, communication and reuse of risk information. In order to address these issues, this paper presents a solution that integrates a Risk Management framework, including a XML-based Domain Specific Language for Risk Management. The proposed framework is supported by an information system to manage the definition or risks.