Reducing spreadsheet-based audit and compliance risks
In the fifth blog looking at how modern analytics can reduce spreadsheet risk and inefficiency, we will look at the impact that spreadsheets have on managing governance, risk, and compliance.
In our earlier blogs on the role of spreadsheets in budgeting and planning, financial consolidation, analytics, and information sharing, security was a common concern and a great source of risk. When it comes to using spreadsheets to manage access to systems and financial controls, the weaknesses of a spreadsheet-based approach to governance, risk, and compliance (GRC) can put the organization's safety at risk.
Unfortunately, spreadsheets are commonly used to support GRC activities in organizations whenever there is a need to manage multiple systems. When there is no common GRC platform, the spreadsheet becomes the lowest common denominator to handling this data.
A classic example is managing the segregation of duties (SOD), where using spreadsheets involves lengthy manual processes to collect and compile data from multiple systems and a lot of manual checking backward and forwards between auditors with the potential to introduce mistakes along the way through formula errors and faulty data copying. Multiply this by an organization composed of multiple divisions and legal entities, spread across various locations or even continents, and you suddenly see an exponential rise in complexity.
All this introduces delays to a process that must be timely and auditable. Rushing the process inevitably leads to mistakes, and failing audits often lead to fines for the organization and disruption to business operations.
A modern analytics platform incorporating an open GRC component will support multiple systems and contain out-of-the-box functionality specifically designed to manage GRC activity, unlike the generic spreadsheet, which must be customized to the process and specializes in nothing. Modern GRC software will automatically track and alert you to compliance violations and automatically monitor issues in posted transactions.
Read more about retiring spreadsheets from your governance, risk, and compliance activities and four other ways of reducing spreadsheet-created risks and inefficiencies in your organization in our best practice guide today and register for the webinar on February 25 where you will hear from Infor customer ORS MEDCO on how they improved their financial consolidation process with d/EPM.