The True Cost of Using Spreadsheets for GRC Processes

To help fulfil their Governance Risk and Compliance (GRC) obligations – and faced with a lack of suitable functionality within their native ERP systems – many organizations use spreadsheets as a “low cost” solution to help them manage their controls, risk analysis, audit reporting and more.

Whilst many are aware of the limitations and problems of using spreadsheets, they perceive this to be more cost effective than investing in a GRC solution.

But is this use of spreadsheets costing them more than they think?

We’ve always believed that using spreadsheets to store critical or sensitive data isn’t a realistic proposition within a robust GRC strategy; they are notoriously prone to error, difficult to manage in a collaborative environment insecure and impossible to audit – exactly what you DON’T need when you’re trying to manage risk or prove compliance!

By their nature, spreadsheets don’t provide a centralized, secure repository for risk and compliance information – which makes it very difficult to:

  • Be sure that you have the correct version with current information
  • Retrieve accurate data to respond to information requests from auditors
  • Automate tedious, time-consuming risk management processes
  • Gain accurate insight into risk exposure and historical trends
  • Respond efficiently to business or regulatory change.

In May 2014 Blue Hill Research published “The Hidden Costs of Spreadsheets in Compliance and Risk Management,” a report which finds that the limitations of using spreadsheets increase organizations’ costs in three main areas:

  • inefficient compliance and risk processes
  • impediments to business process execution
  • increased and unknown risk exposures.

Organizations who implemented GRC applications reported 25-30% time savings in compliance and risk activities, but perhaps more importantly, they also reported improved insight into risk and reduced risk exposure.

This insightful report discusses these issues in more detail and explores how to build a successful business case to justify GRC software investment – you can download it here