The Risks of Tracking Compliance Manually

Lauren Mcmenemy

If there is still some doubt in your organization about the need to have a robust system or a technological solution in place to track corporate compliance, we humbly suggest you drag management into the 21st century. Those who take a laissez-faire approach to corporate compliance today risk running into regulatory trouble sooner rather than later.

Those organizations that cannot satisfactorily prove compliance ' that cannot produce a paper trail for auditors or provide suitable evidence to regulators regarding board operations or the general state of compliance ' face reputational damage, fines and losing their good standing, which can impact their ability to continue operating. Depending on the jurisdictions in which the structure has entities, directors could even face jail time for non-compliance.

Many who don't pay close enough attention to such needs often believe that it takes too long ' or takes important legal operations staff away from more pressing day-to-day matters ' in other words, that resources are better used elsewhere. However, tracking compliance does not have to be a burdensome task. Where it becomes burdensome and risky is when you don't make use of the available technology that is purpose-built to ease the management of governance, risk and compliance management.

Microsoft Excel, SharePoint and spreadsheets complicate compliance

It's easy for the IT team to deny a request for more technology when the organization already has access to something like Microsoft Excel, SharePoint, or other spreadsheets or central storage systems. After all, as far as they're concerned, they have supplied the software to help create logs and databases, and to store essential compliance-related information to manage the corporate record.

However, these applications are not built for the purpose of tracking corporate compliance, and any resulting tracker will be a hack job at best ' at worst, it could be riddled with errors. Research has found that companies spend an average of 18 hours each month modifying, consolidating, correcting and updating information in spreadsheets. Deloitte even notes that almost one-quarter of all spreadsheets contain errors.

Using Microsoft Excel for entity management is fraught with risk; it's too easy to introduce data errors or to accidentally reformat a formula. For example, around the time of the global financial crisis, Barclays Capital mistakenly purchased 179 Lehman Brothers' US assets after a reformatting error in an Excel spreadsheet. The spreadsheet contained nearly 1,000 rows with more than 24,000 individual cells and had to be reformatted and converted into a PDF document before being posted on the bankruptcy court's website by the end of the day. However, the junior associate doing the reformatting was unaware that the original document included hidden rows containing contracts marked with an 'n' to signify that they should not be part of the deal; these hidden rows had become visible when the employee globally resized the spreadsheet.

It's a simple error, but one that caused a lot of trouble for Barclays Capital. Now, imagine something similar happening with your corporate record ' perhaps a director's personal details mistakenly being revealed, or the wrong entities accidentally being included in a regulatory report. Imagine, even, that you were emailing that spreadsheet containing confidential corporate information, and the email was intercepted by a cybersecurity threat ' or that you use SharePoint to store your entity data, but a hacker manages to gain access to your network and can download it all.

The dark side of entity management: manual compliance and systems that are not fit for purpose

When using an application not purpose-built for entity management, you are inevitably settling for second best. You're also risking your GRC program. We've already covered the risk of human error, but the following are also some of the biggest risks of tracking compliance manually.

The risk of duplicate information causing confusion

When you're using a spreadsheet to track entity management, you risk duplicate documents and erroneous information seeping into the corporate record. Storing those spreadsheets on SharePoint and using a 'checking out' system does not mitigate this risk, nor does allowing co-authoring ' while checking out prevents other users from making any changes to the document until you check it back in, it doesn't stop bad data from creeping in once others work on the document.

The risk of poor accessibility

The thing with storing spreadsheets on the network or in SharePoint is that you need to be in the office, or logged in via a VPN, in order to access those documents. This can slow down compliance and entity management, as you'll need to wait for signatories or data owners to be back in the office before they can make necessary changes or sign-offs.

The risk of missed deadlines or error-ridden documents being filed

Download our free Microsoft Excel & Entity Management Kit to better understand why Excel can hurt your business.

Of course, all of this ' human error, duplicate information, poor accessibility ' can have a knock-on effect to the rest of the compliance program, and eventually lead to the risk of missing filing deadlines or, worse still, filing compliance information that is riddled with errors. Without good access to the corporate record for all relevant parties, and without a system to lock down information and mitigate the risk of duplication or errors, the resulting filings could cause more harm than good to the organization as a whole.

The alternative to tracking compliance manually: use an entity management system

So, how do you truly mitigate the risks of tracking compliance manually? How can you help to ensure the information you supply to regulators and auditors is robust, based on real-time and accurate entity data, and signed off on time by the appropriate stakeholders?

Enter: entity management software. By using technology to drive your compliance tracking, you can help to mitigate those risks of manual tracking. Switching from Excel, SharePoint or any other manual tracking application adds a layer of security and integrity to the corporate record. While SharePoint allows you to securely store and access files in a central repository, and while Excel is a flexible way to track entities, each has inherent flaws and requires endless customizations. On the other hand, entity management software is purpose-built for tracking compliance.

Integrating a system such as Diligent Compliance into your compliance workflow also brings the benefits of automation ' that is, automated compliance workflows that generate next steps or move the process along without any human intervention. Compliance calendars, reminders and workflows help you to surface the right information to the right people at the right time to complete routine business processes, all without relying on a human to press a button.

Get in touch and request a demo to see how Diligent Compliance can help to elevate your compliance program to the next level, and reduce the burden of reporting.

Related Insights
Lauren McMenemy

Experienced journalist Lauren McMenemy has been writing about compliance and governance for several years, and has covered finance, professional services, healthcare, technology, energy and entertainment.