GRC in Excel - why it´s a bad idea

Written by
Martin Bredahl
Reading time
2 min

Are your customers still working with GRC in Excel? Then you have probably already noticed some of the challenges with the tool, or else you're blissfully unaware. Whatever the case may be, you can hopefully benefit from this blog post where I share my personal experiences of working with GRC in Excel. Perhaps I can inspire you and your clients to find a better solution?

My first (and last) encounter with Excel

Let us begin from the beginning! 2019 marks the 10th anniversary of my time on the job market. My first job after university was in a medium-sized IT company, where I worked with VSOE – Vendor Specific Objective Evidence. In brief, VSOE is a method for revenue accounting, which is common amongst IT companies for reporting software sales.

In practice, this meant that myself and another newly graduated students would analyze thousands of lines of sales data in Excel, to ensure that relevant accounting rules were followed. The work we did was subsequently reviewed by external auditors.

The fact that we were assigned tasks important enough to be audited externally felt great and scary at the same time. Although the auditors would only take samples of the work we'd done, there were plenty of opportunities for errors to sneak in.

But how big were the risks that something could go wrong with the work we did? Well, pretty big if I'm going to be honest.

3 common risks of GRC work in Excel

  1. Manual mistakes

    The data we processed was imported from an external system into Excel, where with the help of formulas we would exclude the majority of the lines for examination. Problems arose when the data was offset by a column or two, or when a formula was flawed in a single cell. A small manual error could result in hours of extra work.

  2. Risk of duplication

    That we were two people working in the same Excel sheet, saved on two separate hard disks, meant that we needed to have frequent check-ins to ensure that we weren't analyzing the same lines and doing double work. Luckily we sat across from each other and were able to reference how far we had come. But despite regular check-ins, it did happen that we would analyze the same set of rows – mistakes that cost time and resources.

  3. Wasting time troubleshooting

    It could easily happen that something would go wrong during the course of our work, which led to us spending a lot of time troubleshooting and correcting mistakes. Sometimes the mistakes were small, where someone would accidentally enter a comma in a column. But other times they were bigger, such as when two separate sheets were combined and the finished analysis would get overwritten. A lot of working hours that could have been spent on more value-adding activities instead went to troubleshooting. 

What is the difference when compared to today?

How lucky we are to be able to work in a more efficient way today, you might think. But do we really? How does the GRC work look today, 10 years later? Concepts such as digitalization and automation are accepted and ought to have eliminated a lot of the time-wasting that I experienced almost a decade ago, right? Well, unfortunately, I don't think this is the case.

Today, many companies are still doing internal control, risk assessment and internal accounting in Word and Excel. In some cases, the work is done within a cloud-based solution, but the problem of manual input, mistake entry and time-consuming administration still persists.

What then is the takeaway from my experience of GRC work in Excel? As a newly graduated student, I was of course enormously grateful for my first job (especially seeing as I graduated in the midst of the financial crisis). But I must admit that dreams of higher-level work sometimes crept in, when finding a faulty cell in a 20,000-line Excel spreadsheet.

My advice to you? Find a better solution for your customers. There are better solutions that limit the risk of an incorrect entry, saving time while freeing up resources.

Those who are ready to move on from Excel should take a few minutes and read the guide "3 challenges of GRC work in Office 365 – and how to help your clients avoid them." Download by clicking the button below!

Download guide