Compliance in practice: “Believe my Excel sheet”

June 18, 2019
KPMG

In many companies it’s standard practice: sending a flood of e-mails and Excels to the various business units for the periodic audit. Departments fill in the questionnaires, mail them back and the head office goes through them. But how does an organisation know if it is compliant today, when all the information is scattered and unclear?

Companies must be able to demonstrate that they comply with all applicable laws and regulations and the company’s policy on risks and mitigation controls, but when it comes to auditing and recording the information, the choice of system is up to them. And, believe it or not, the good old Excel spreadsheet is still a favourite in many organisations. When an auditor appears, Excel spreadsheets seem to pop up everywhere.

Prone to Error

Obviously, this isn’t the most efficient way to monitor compliance. But this inefficiency would be permissible providing all the information given is correct. And that, right there, is the problem. A manual method isn’t just inefficient and labour-intensive, it’s error-prone and, moreover, never up-to-date.

A few years ago, we had the opportunity to implement our Sofy Suite GRC solution at an investment company, originally British but operating internationally with over 800 hotels and 4000 coffee shops. The company also carried out audits in Excel. Like many other companies, this had been the method of choice for years, and the most pragmatic.

The company realised that, in times of stricter monitoring and digitisation this was no longer the ideal method. But was very reluctant to implement a large software package with all the trimmings. Understandable. A new system, especially for an organisation of that size, costs a lot of time and money.

Hands free for risks

With Sofy, things were very different. We didn’t ask: “how much do you want to invest?”, but “when do you want it?” In less than four weeks, the UK investment company switched from a paper audit system to Control Management, an app on our Sofy platform that automatically dispatches tasks and provides real-time insight into each entity’s level of compliance.

The switch not only saved the organisation a substantial investment. Now, the quality of the internal audits has improved, and the company always has insight into its current compliance status. Now, they don’t invest time sifting through and merging Excel sheets. Instead, they focus on reducing the risks—which is what GRC is all about.

Emiel van Kampen, Consultant Enterprise Analytics KPMG Sofy Suite