No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Spreadsheets Aren’t Infrastructure: Saving Data Compliance with Automation

Mitigating Compliance Risk by Adopting a More Modern Solution to GRC Data Management

by Joe Stanganelli and Alia Luria
May 21, 2019
in Compliance, Data Privacy
view of spreadsheet on desktop PC

In the advent of automated GRC tools, data-compliance professionals are shooting themselves in the feet by over-relying on old-fashioned spreadsheets. Joe Stanganelli and Alia Luria discuss a better way to manage GRC data.

Terry Ray, a senior vice president at cybersecurity-software firm Imperva, is fond of saying that even when organizations are able to identify where their data is, they still fall short when it comes to identifying where their data isn’t. This truism has become the state of compliance-tracking data.

Data compliance teams still overwhelmingly rely upon rudimentary, locally stored spreadsheets for critical policy and tracking functions. This represents a significant security, privacy and compliance risk. Unlike with cloud-based compliance-tracking software, manually tracking governance, risk and compliance (GRC) with locally stored electronic spreadsheets may mean having several spreadsheet files representing countless typically undocumented or poorly documented versions floating around a large or midsize enterprise. And without compliance-management SaaS tools, this data hygiene problem compounds itself as people are left to share compliance-related spreadsheets via insecure channels like email (or, worse, USB drives).

More problematically for compliance, poor data hygiene may mean a failure in maintaining a single version of the truth – if one can even fairly call it “truth.”

Decentralized GRC Data

All of this goes to the problems of data decentralization. Data becomes “dirtier” as it continues to decentralize. In this decentralization process, therefore, organizations don’t so much maintain truthful data as they curate an indeterminate set of closely related lies.

All of those spreadsheet files represent different versions that represent different degrees of up-to-date-ness or accuracy. Changes to one version do not automatically mean changes to other versions. This spells disaster for the company’s audit trail; an outsider or newcomer accessing one of these spreadsheets may not necessarily know if it’s accurate – or if it’s out of date, a discarded draft or how to reconcile it with other spreadsheets. They may not even be able to determine basic chain-of-evidence information like who accessed what when and who made what changes when. (Having basic metadata for when the spreadsheet was written to the system or last opened won’t necessarily cut it.)

In recent years, generalist cloud providers have been pressured to up their compliance game for banking regulations. (In this author’s humble opinion, the regulatory burden faced by the financial services industry is far more complex than those of the data regulatory frameworks governing any other sector.) While general-purpose cloud storage and app solutions can help centralize data compliance – assuming the enterprise allows employees to use these general free or low-cost cloud tools (many don’t) – many tasks remain manual on these platforms. Even a few SaaS solutions specific to data compliance wind up being not a lot more than a dedicated spreadsheet in the cloud.

The fundamental problem with spreadsheets, therefore, is their lack of automation.

GRC the Hard Way

To err is human. At scale, everybody forgets or overlooks or neglects something here or there – and in the realm of regulatory compliance, human error is a very real risk factor.

This is half of the reason we have software to track and manage compliance and a bunch of other things for us to begin with. Specialized software for compliance tracking can catch mistakes and oversights, track dates and other information and even identify and call attention to compliance requirements for parts of a business that might otherwise be missed.

The other half of the reason for automated compliance-management software is it can make otherwise daunting compliance tasks easier (and, hopefully, cheaper). To manage and track all of the necessary items and to-dos manually can be all too much for human compliance officers to feasibly handle while maintaining their sanity – especially in smaller firms, which often have a compliance department of one. In addition to actually easing the workload, some automated compliance software tools can automatically “share the wealth” outside of the company’s compliance team by looping in and delegating data collection, mitigation controls and other GRC/IRM-related functions to other departments. This is especially helpful for third-party management and client management.

To wit, compliance automation is about compliance democratization.

GRC Usability and Collaboration

There are a lot of spreadsheet-phobes out there – some of whom are very vocal. Even those who like using spreadsheets and are good at it don’t always like having to review and interpret others’ spreadsheets.

In this way, automated compliance tools – good ones, with a broadly usable and accessible user interface regardless of whether or not the user works in GRC – can be a golden ticket. For every compliance-tracking factor we can think of, good compliance UX (user experience) is critical to good compliance. If senior management, procurement teams, IT departments and others can’t readily keep track of and navigate their way around the company’s spreadsheet(s), that spells compliance risk.

To be clear, the solution isn’t about entirely eliminating spreadsheets from the compliance and auditing process wholesale. It’s about eliminating the need for them as the entire infrastructure of the compliance-management process – and making that infrastructure more manageable, more secure and more accessible with more automation and less manual data management. Today, compliance is a team sport.


Tags: AutomationCloud ComplianceData Governance
Previous Post

Skillsoft Unveils Policy Management, Attestation and Certification Tool to Simplify Compliance Workflows

Next Post

The FCPA and Risk Sporting Events: A Primer on Compliance

Joe Stanganelli and Alia Luria

Joe Stanganelli and Alia Luria

Joe Stanganelli is Managing Director at research and consulting firm Blackwood King LC. In addition to being an attorney and consultant, he has spent several years analyzing and writing about business and technology trends. Follow him on Twitter at @JoeStanganelli.
Alia Luria is Co-Founder, CTO and Head of Product at InFront Compliance, Inc. As a privacy and technology attorney and former software developer, Alia merges her development experience and legal acumen to simplify compliance with a flexible, module-based software platform that helps companies connect to vendors, verify their compliance with company requirements and automates the recertification of vendors for companies. Alia is responsible for architecting the software features and functionality as well as lending regulatory expertise to the substantive modules and a host of other operations matters.

Related Posts

data breach

Sobering Reality: Drizly Order Indicates Officers May Face Personal Liability for Data Breaches

by Baker Donelson
February 1, 2023

The FTC says Drizly’s CEO James Cory Rellas was alerted to a potential security loophole two years before a data...

minidata_b

Honey, I Shrunk the Data: How to Keep Customer Info on a Need-to-Know Basis

by Parker Poe
November 30, 2022

It may be tempting to hoard the data you have gathered on your customers, but an increasing number of regulations...

doj outside sculpture_n

Monaco Memo 2.0: Companies Should Start Preparing Now for Future DOJ Investigations

by Miller & Chevalier
November 2, 2022

Following up on her watershed 2021 memo, Deputy Attorney General Lisa Monaco’s latest missive highlights a pair of issues that...

doj data enforcement

The DOJ Doubles Down on Data, Raising the Stakes for Proactive Information Governance

by FTI Consulting
October 19, 2022

As the DOJ signals that proactive compliance measures focused on data and analytics will be central to the agency’s future...

Next Post
Man holding soccer ball in crook of his arm

The FCPA and Risk Sporting Events: A Primer on Compliance

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT