Professional Documents
Culture Documents
Compliance Management Best Practices: When Will You Outgrow Excel & Spreadsheets?
Compliance Management Best Practices: When Will You Outgrow Excel & Spreadsheets?
Management
Best Practices
WHEN WILL YOU OUTGROW
EXCEL & SPREADSHEETS?
www.reciprocitylabs.com
1
CHAPTER 1
Excel:
The First
Compliance Tool
2
CHAPTER 1: Excel: The First Compliance Tool
When companies first determine they need a formal compliance program, many
are unclear if they need a compliance tool to track and manage their program. And
those that determine they do need a tool often wrestle with the myriad of choices
available in the market—many of which are expensive and time consuming to
implement. Not surprisingly, many organizations turn to Microsoft Excel as their
compliance tool when first undertaking a GRC program.
3
CHAPTER 1: Excel: The First Compliance Tool
ADVANTAGES AND
DISADVANTAGES OF EXCEL
Chances are you will be able to track Compliance mapping enables you
your compliance progress within Excel to match controls that are similar or
for an initial audit. However, during a identical and apply process or policy
second year audit, things could get a to both controls. For example, if one
bit messy. Once you add a second or control asks for a firewall, then that
third audit domain, you will need to use control should be common across all
multiple sheets within Excel. domains requiring a firewall.
4
CHAPTER 1: Excel: The First Compliance Tool
5
CHAPTER 1: Excel: The First Compliance Tool
What are the signs that using Excel has become totally impractical?
And how do you know when you’ve outgrown Excel? As we noted
earlier, in year one when you initially embark on your compliance
journey, Excel will suffice. However, when you add a second domain
in year two, you will likely reach the maximum useful life for an Excel-
based model.
6
CHAPTER 1: Excel: The First Compliance Tool
CHALLENGES OF EXCEL
7
CHAPTER 1: Excel: The First Compliance Tool
8
CHAPTER 2
How to Avoid
Common
Compliance
Pitfalls
9
CHAPTER 2: How to Avoid Common Compliance Pitfalls
Follow our best practices and avoid these pitfalls and you’ll have a
smoother compliance journey—and a much better chance of passing
your audit.
Your first audit may lead you to believe that you will provide
one piece of evidence for each control. This may be true,
but evidence usually applies to more than one control. For
example, your IT Security Policy very likely applies to many
controls. Every evidence gap carries a potential domino effect.
Fail one evidence request and you may fail more than one
control. Not only do you need to keep track of the evidence
and the controls it impacts, you also need to understand how
the evidence maps to the controls it impacts.
10
CHAPTER 2: How to Avoid Common Compliance Pitfalls
11
Conclusion
Management of a risk and compliance program is a journey, not
a “big bang.” Ultimately the compliance management process
you put in place and the systems you use need to be flexible and
resilient to business change—while still providing visibility into
your real risk profile.
12
About Reciprocity
Reciprocity provides ZenGRC to the world’s leading
companies. Our cloud-based solution with fast, easy
deployment, unified controls management, and a
centralized dashboard offers simple, streamlined
compliance and risk management, including self-audits,
without the hassle and confusion of spreadsheets.
www.reciprocitylabs.com/resources
engage@reciprocitylabs.com
(877) 440-7971 13