Our experience is that Excel is still playing a strong role as a risk management tool even among enterprises. When it comes to compliance, it is often managed by one individual who knows it inside out.
This is surprising. Although Excel is in many terms an excellent, one of the most successful software products ever, it is still the wrong tool for this purpose. This has proven to be true especially during the crisis caused by COVID-19.
Why? There are five clear reasons:
- Version management is missing
Most usage of Excel is with one-person management in mind. If it is being used by several people, validity, accuracy and error controls fail completely.
2. Assignments are not possible
It is not possible to assign one item to a person to carry out.
For example: controlling that high-risk vendor has been carried out a risk assessment in accordance with GDPR criteria or an ISO standard. The only way to do this in Excel is to manually assign that task to a person or have people manually open a file and find if they are responsible for an action. In the case when there are hundreds of vendors, and a long list of controls for each like standards, code of conduct and so on, how effective and solid that is anymore?
3. Documentation requires many sources
Excel cannot contain evidence of an action. An assignee must go and find data from other sources to carry out a simple task and then save the evidence of one’s task to another folder or a system.
4. Risk assessment can become a horrendous effect
If a risk is recorded on an Excel sheet, are mitigation actions in another Excel sheet? Where is the related evidence?
Take for example a simple task: demonstrate the exact wording and risk assessment wording on the master risk Excel file on November 8th, 2017 and related mitigation action and related approvals were carried out, and provide all related evidence in an unaltered form with timestamps…it would be a horrendous effort.
5. Comprehensive reporting is not an easy task
Excel sheets have comprehensive features to create graphics. Yet, the very nature of Excel is manual, and managing risk records, mitigation actions in large enterprises or different business units does not easily provide an executive with an up-to-date and comprehensive picture of risk at enterprise level.
These, along with other challenges with Excel call for the need for a solution which answers today’s company needs. Hence, the idea for automation and a holistic approach which solve the problems of many.
Automated compliance solutions help customers to transform compliance operations and processes from manual and siloed approach to up-to-date, dynamic and efficient business advantage.
The author is Janne Järvenoja, lawyer and CEO at NordCheck