Why Excel is no GRC Solution

First of all, let me tell you I’m a passionate Excel user. Often, I come across organizations that are of the opinion that Excel is their GRC solution. Everybody can have their own opinion about it, that's why I announce mine today.

If Excel is your GRC solution, then:

• You have no digitized process management
• You have no access protection (or in the worst case no access anymore if the file is encrypted)
• There is no real-time linking between controls, risks, measures etc. 
• There is no interfacing with other data sources 
• In the worst case, the know-how is lost with the next termination
• You have minimal credibility with proof requirements
• There are no automatic reminders for overdue measures, for example
• Data integrity is at risk with each modification/entry

Bottom line: Excel is no digital Corporate Governance Strategy although Excel is digital.

How many times I was told “yes, of course we do risk management” and then it turned out the respective Excel file was last touched over 20 months ago.

Taking an analogy to communication: using Excel for GRC is like using a fax machine for communication nowadays. Are you using a fax machine?

The only thing you gain from Excel is flexibility. That is why we implemented Excel exports for every key information set in our solution. And for the more comprehensive analysis we provide a BI interface.