Although commonly used as a GRC tool, spreadsheets use can garner significant risks (and costs) if not properly monitored and controlled. In a recent blog post by Michael Rasmussen of The GRC Pundit, he looks at real life examples of organizations looking to get away from negative impacts of using spreadsheets for GRC. Not only are spreadsheets time consuming, manual and at risk of errors, Michael explains that:
Spreadsheets, left uncontrolled, make for ineffective, inefficient, and unagile GRC processes and have some serious integrity issues that violate principles of GRC. They are very useful tools. I use them everyday in my business, but for managing GRC information they—left to themselves—do not meet par.
Here are six reasons spreadsheets fail for GRC, as given by the GRC Pundit, Michael Rasmussen:
- No inherent audit trail—without the use of external tools you cannot be certain that specific information was gathered authentically.
- Easy to manipulate—as per the first point, spreadsheets can be manipulated without any record of changes.
- No structure of required workflow and task management—managing multiple spreadsheets can quickly become unmanageable and end up filed away in a junk folder.
- No consistency—version control and formatting is hard to manage in spreadsheets.
- Difficult to compile—cutting and pasting spreadsheets is not a good use of man-hours.
- Compilation errors–manually compiling leaves room for human error, maybe not intentional, but inevitable.
To read more about why spreadsheets fail for GRC, visit The GRC Pundit Blog here.
Published with permission from ACL Services