If, in 1990, Microsoft Office was ground-breaking, it's because the world was a radically different place.
Desktop computers, fax machines, and dot matrix printers were cutting-edge technologies. The internet was three years away
. And while corporate scandals and bad governance weren't unheard of
, the compliance workload was smaller by orders of magnitude.
Thirty years on, organizations are spending $181 billion a year
on compliance programs and still struggling to stay on top of the workload
If that weren't enough, the Covid-19 pandemic has forced unprecedented numbers of people
to work remotely. This has created new risks, brought about more — and increasingly rapid — regulatory change, and made ensuring compliant conduct more challenging than ever before.
As GRC expert Michael Rasmussen notes
, in this complex, interconnected, and constantly shifting environment, "...you need a singular point of communication… an easy way for staff to access policies and procedures… [and] the right audit trail system.."
Word, Excel, and SharePoint aren't designed to meet these needs. An inherently manual workflow
While Excel and SharePoint can track policies and help you keep them organized, the process isn't automatic. Somebody has to populate and maintain spreadsheets and SharePoint sites.
Leaving aside Excel's limits
and the potential for human error — 88% of spreadsheets
have at least one critical mistake — this can quickly become a full-time job.
More to the point, it's still up to compliance staff to monitor regulations, read and digest them, and identify which policies are impacted by new rules and how they must revise them.
That was a tall order in 2018, when regulated firms had to deal with 200 international regulatory updates
a day alongside sweeping changes like GDPR.
It's all the more challenging now that the workload has exploded — between March and April 2020 there were 3,000 regulatory updates — and the vast majority of staff are working from home. A series of bottlenecks
Needless to say, drafting or updating a policy is only the start. Policies have to go through several rounds of reviews and approvals before they're finalized and disseminated.
Because people usually work on Word documents asynchronously — that is, they save them locally and forward them via email — the review and approval process can create bottlenecks.
Sending a document for feedback one stakeholder at a time significantly lengthens the process.
But the alternative — sending a document out to all stakeholders simultaneously — means receiving back several copies of the same document with different track changes you then have to collate.
Again, this significantly lengthens the process and makes it more tedious and laborious, which increases the likelihood of critical mistakes.
Meanwhile, your firm has outdated policies that could be putting you at risk. Which version is the right one?
If Word, Excel, and SharePoint aren't designed for automation and collaboration, what's worse is that all the hard work can be undone through versioning issues.
Ultimately, the whole point of policy management is to document standards of behavior, so staff know how they're expected to conduct themselves. But because tracking, drafting, and approvals are manual and asynchronous it can become difficult to track down the latest policy. Or to track down any policy at all.
It's shockingly common for organizations to have more than one policy covering the same issue, and for these policies to contradict each other. Again, this state of affairs could be creating all sorts of risks — security, regulatory, and even reputational.