Enterprise compliance and risk management. Is Excel the best tool for the job?

The use of technology in core business functions has changed remarkably over recent decades. Specialist tools are becoming increasingly sophisticated and gone are the days when finance teams relied on spreadsheets to manage budgets and track performance. Management teams have come to expect instant access to financial data, company performance metrics and in-depth analysis of costs and forecasts. Thanks to the growth of FinTech solutions (technology applied to financial services) the analysis is becoming ever deeper.

An area in which software seems to have largely fallen behind however is in the smart management of compliance obligations. So let’s take a look at why there has been this software lag, and how you can quickly move to a position where you have the right technology helping you to make the right decisions.

Before we get into what a ‘smart’ system does, let’s first take a look at the tool that is often used for this task, Microsoft Excel.

“Excel is not intended to be a database, it is not designed to do database manipulations, it is not capable of handling huge datasets at speed. Similarly for specialized problems: it is not designed to handle them, it does not have the tools to handle them.” Dr. Drew Lipman, Lead Data Scientist at Hypergiant in the article ‘Why are you still using excel?’

Excel has been around since 1985, and is now one of the most widely used pieces of software on the planet. It is used by individuals, households, small businesses and corporations alike.

In many ways, it is the ubiquitous nature of Excel that has led to it being used for such a wide array of tasks. And while it is the right tool for so many tasks, it is not always used in situations that it is well suited to.

The use of Excel for managing compliance and risk

As so many of us have a base level of fluency in Excel, it is commonly grabbed as a starting point when trying to gather, store and manipulate information and data. 

We start out with a list of compliance obligations and the activities that need to be taken to comply with regulations, building these up into a spreadsheet. We might even get a person to add some pivot tables and charts to the worksheets so they provide a degree of interrogation and reporting. Another need is identified, whether it be in the form of more inputs, different fields, or wider reporting requirements. And so we add more sophisticated requirements and layers of complexity.

Where Excel starts to run out of steam

There are a number of shortcomings when it comes to how Excel can handle the type of processes required to manage compliance obligations well. The ability to share the information can become problematic.

Excel workbooks are able to be shared, to a certain extent. Place an excel file on a shared directory, or use Excel Online through OneDrive, and various people can have access to the file. This access can be full, or restricted to view only, meaning some safeguards can be in place. When information needs to be gathered from lots of sources and from different people, Excel doesn’t exactly…’excel’… especially when the different people need different outputs from the data in order to do their jobs.

Problems also develop when it comes to having a single source of truth. Over time, even with the best document control intentions, it seems that spreadsheets become stored on local drives, updated to meet the particular needs of a task and developed using the level of Excel fluency of the latest user. When it becomes time critical to get the latest data, too often the information is out of date or spread across multiple sources. And then the ‘holder of the spreadsheet’ is on holiday, or worse still, they left the company a few weeks or months earlier.

There are a few other measures that are commonly sought in a smart compliance tool that Excel just isn’t set up to handle. So let’s take a look at what it is that makes a tool more suitable to the management of these aspects in an organisation.

Using specialist software to manage compliance and risk

When designing databases or fully bespoke tools that help with the management of compliance obligations in any business, there is often a long list of ‘must-have’ features. In part, this comes from having a number of different stakeholders within an organisation, each with their own unique needs.

An Operations Manager is going to want to input and store a different data set to that of a Finance Manager. The reports and notifications they will each need are also quite different. And this variety of needs runs through the organisation. A Compliance Manager or in-house lawyer, will seek different information from the CEO or Board. Identifying, understanding and specifying each of these needs is a substantial task.

This is where cloud-based tools are in their element, especially when built from the ground up with compliance and risk at their core. So here is a high level list of the elements that you should be aiming for when it comes to using technology in managing this aspect of your business:

8 core elements of compliance and risk software solutions

  1. Shareable
    The tool needs to provide shareable and controllable access, whether that is for putting data in or for receiving email notifications and reports out. Access for the people who need it is key.
  2. Single source of truth
    Having the ability to access one source, and know it contains the latest information, provides for faster and more accurate decision making. This removes the reliance upon single individuals who control information.
  3. Time aware
    Being able to generate timeline views for tasks, key deliverables and upcoming milestones gives more control. In-built calendars, linked to email notifications and reminders, means that staff are highly aware of the time available to start and complete their activities.
  4. Location aware
    Not only do you want geospatial views of where your assets are, but you also want your business activities to respond to location specific legislation and regulation. Smart compliance and risk tools can easily keep track of differing state by state, or country by county requirements, as well as any company specific policies or requirements.
  5. Activity aware
    There are a wide range of activities carried out in any business which may be governed by regulations, standards or contractual requirements. With the ability to auto generate these tasks based on the prescribed requirements, not only is a significant amount of time saved, but you are also less likely to miss important steps.
  6. Integration of risk management
    People in your organisation have a range of activities that they need to undertake. A system which directly links the planning and delivery of those activities to your risk reduction, mitigation and elimination processes brings significant benefits.
  7. Tailored reporting templates 
    The information each person in an organisation needs differs based on their responsibilities. Using a combination of standard and custom reports, each person can quickly receive the information they need as a one-off or on a reporting cycle. This could be as simple as your upcoming tasks, or your team’s overdue activities, through to the organisation wide progress toward a complex project outcome.
  8. Audit trail 
    The ability to know who entered what information, and when they entered it, is a cornerstone to having a system that shows transparency and accuracy.

Contact the Totum team today for more information and a free demonstration.