Quarterly risk reviews still relied on circulating Excel files, manually identifying changes and rebuilding reports for senior leadership and committees.
Over time, this approach became unsustainable. The small central team was carrying the majority of the workload, while the process itself offered limited auditability and little assurance that information hadn’t been altered or duplicated.
At the same time, wider organisational pressures were increasing. Local Government Reorganisation was approaching, policy teams were under strain and capacity was tightening. There was a clear need to modernise risk management without introducing another standalone system.
The turning point came when the team recognised that the way they already managed project and programme risks in Verto could be applied more broadly.
Rather than attempting to further automate spreadsheets or invest in a dedicated risk management tool, they explored whether Verto could be reconfigured to support strategic risk management at an organisational level.
This shift reframed the problem. Instead of asking “how do we improve the current process?”, the question became “how do we move risk management into a single, controlled environment where change, ownership and reporting are built in”.
The team worked collaboratively to design a new way of managing strategic risks within Verto, ensuring buy-in from the outset.
In practice, this involved:
Crucially, the process shifted accountability. Risk and control owners were now responsible for maintaining their own risks, supported by clear visibility and a shared audit trail.
Moving to this approach significantly reduced manual effort and improved confidence in the data.
The officers responsible for co-ordinating strategic risk updates reclaimed over 20 hours per person per quarter, previously spent on chasing updates, checking spreadsheets and rebuilding reports. Audits became simpler and faster, with auditors able to access information directly rather than requesting evidence packs.
Reporting also improved. Subscriptions now generate presentation-ready updates automatically, removing the need for manual slide creation and reducing duplication of effort.
Perhaps most importantly, the integrity of the risk register improved. With a single live source and clear change history, the organisation gained greater assurance over how risks were being managed and reviewed.
One unexpected benefit was the quality of information added by risk owners once they began engaging directly with the system.
Additional commentary captured during reviews proved valuable enough to be incorporated directly into leadership reporting, further reducing rework and improving the usefulness of discussions at committee level.
This approach demonstrates how organisations can rethink familiar processes without introducing new tools or additional systems.
By adapting an existing platform to fit strategic risk management, the team avoided the cost of procuring specialist software, reduced administrative burden and created a more resilient, auditable process at a time of significant organisational change.
“What made the difference was having everything in one place. Once people could see how the information flowed through to reporting, engagement followed naturally.”
Vix Watson, Senior Business Analyst at Warwickshire County Council