Still Using Excel for Risk Management and / or Audit?

May 7, 2015

Most of us and especially the younger generation understand the power and benefits of technology and yet we often choose to ignore better ways of doing things and stick to the ways we have always done things. For example, Excel is still often the tool of choice and used in preference to or outside of an enterprise database-driven solution. There is a proliferation of Excel spreadsheets floating around all organisations.

So why is this the case when we know the many benefits of a GRC and Audit software solution?

  • Excel is pervasive in an organisation,
  • Most people have a reasonable understanding of how to use Excel so little change management is required and users are in their ‘comfort zone’,
  • Excel is ‘perceived’ to be free as it is already available as part of MS Office,
  • Excel is flexible and easy to use and yet pretty powerful: sorting, filtering, pivots, graphs etc.,
  • Excel allows us to work the way we want to work even if our data happens to be unstructured.

So what are some of the shortcomings of using Excel?

  • Data is not very well structured (inconsistent columns and naming conventions, free text, too many versions floating around),
  • Limited data validation (free text versus drop down boxes),
  • Duplication of data, quality of data, completeness of data, validity of data is compromised,
  • Multiple ‘versions of the truth’ with little or no version control,
  • Information is not automatically stored and consolidated in a single repository,
  • Security access to data is non-existent in many cases,
  • Excel is silo based and ignores interdependencies across business units and users etc.,
  • Excel spreadsheets can’t easily be shared / worked on at the same time,
  • It’s not possible to perform aggregated reporting without a lot of manual intervention,
  • It’s not possible to generate  trend reporting without a lot of manual intervention,
  • Excel is a static system as opposed to a ‘living’ system which sends out automated email notifications, reminders, escalations etc. based on system triggers,
  • Complex spreadsheets are ‘lost’ when the owner leaves / moves on and re-invented again by the new incumbent.

And what are some of the complaints when using a system, namely a GRC and Audit software solution?

  • The users at the ‘coal face’ are forced to work in a more structured way which can be frustrating and in some cases slow them down,
  • The user interface of a system is often hierarchical based whereas users are used to working with data in flat file format,
  • Visibility of related data can be limited in a system versus Excel’s flat file structure,
  • Quick and easy drag, drop and copy functionality across multiple cells which can be limited in a system versus Excel’s flat file structure,
  • User friendliness and usability of the user-interface,
  • Performance over a WAN, (if no offline functionality)
  • The user at the ‘cola face’ doesn’t see the ‘bigger picture’ e.g. quality data, centralised data, consolidated reporting at the click of a button, up-to-date living system versus static spreadsheets etc and just sees a system as slowing him / her down,
  • A system requires buy-in from the top and some degree of change management…. which can all be a bit painful for a business trying to continue with its day to day operations.

And now imagine if you combine the best of both worlds:
A user friendly GRC and Audit software system that allows users at the ‘coal-face’ to work the way they want to work and in many cases work faster (more data lookups) and more effectively than working in Excel whilst guaranteeing data quality, validity, completeness, report consolidation, data security performance and turning static data into a ‘living’ real-time system.

In the design of any system there are many conflicting trade-offs between flexibility, complexity, ease of use, structured versus non structured data, reportability etc.  At BarnOwl, we are totally committed to continually listening to our clients to come up with innovative ways to ensure that BarnOwl is an effective and efficient enabler of GRC whilst ensuring a positive user experience.

It is our mission at BarnOwl to design a GRC and Audit system which combines the best of both worlds. Something worth remembering when you find yourself using Word and Excel for almost everything is: “if the only tool in your tool box is a hammer everything starts looking like a nail” which can be compared in a business sense to: ‘If the only tool in your toolbox is Excel then everything to do with data and data analysis can and is done in Excel”… certainly not the best approach!

When GRC is implemented effectively and systematically the following business benefits are realised:

  • More effective strategic and operational planning: alignment of objectives and risks across the organisation
  • Greater confidence in decision making and achievement of operational and strategic objectives: accurate, relevant, reliable and up-to date risk information available at the click of a button.
  • Greater stakeholder confidence: transparency and sustainability capability
  • Ongoing sustainability of an organisation: proactive management of risk provides an early warning system minimising surprises and reputational damage which can lead to the destruction of value.
  • Competitive advantage: accurate information at the right time and place enables an organisation to take advantage of upside risks / opportunities and manage downside risk; risk management is not about avoiding risk but rather about having accurate information at hand to be able to take calculated risks in the pursuit of reward.
  • Regulatory compliance and director protection: evidence of a structured / formalised approach in decision making and being aware of the consequences of non-compliance in an ever increasingly complex environment.

BarnOwl is one of the few software solutions on the market which provides a single, fully integrated governance, risk management, compliance and audit solution. BarnOwl was designed by local and international risk management, internal control and internal audit specialists who ensure that best practice methodologies and frameworks are and continue to be supported by the solution. Based on universally accepted best-practice methodology, BarnOwl enables organisations to adopt and be compliant with frameworks such as COSO, CoCo, ISO 31000, King Codes III, AS/NZS 4360, Sarbanes-Oxley (SOX), Turnbull and the IRMSA Code of Practice. BarnOwl supports a risk and control based audit approach in line with international best practice (IIA, IPPF and the King III code). BarnOwl is an extremely user friendly system, easy to implement and supports online and offline usage across multiple sites. Furthermore, BarnOwl supports the integration of compliance content (eChecklists) supplied by 3rd party organisations.

BarnOwl has been in operation since 2001 and is implemented and used by over 200 blue chip companies and public sector departments both nationally and internationally.  In addition, BarnOwl is the preferred risk management solution for the South African public sector endorsed by the OAG (Office of the Accounting General). BarnOwl, being a locally developed, owned and supported GRC and Audit software solution, guarantees superior product support as well as on-going product development to meet local requirements.

By Jonathan Crisp: Director: BarnOwl GRC and Audit Software

For more information please see or contact Jonathan or Cheryl on +27 11 540 9100