The Hidden Costs of Spreadsheets in Compliance and Risk Management

2 minute read

December 2015

While spreadsheets are a widely-accepted go-to for compliance and risk management activities, findings from Blue Hill Research present a number of considerations for the limitations they pose. Most of these issues are related to challenges supporting multi-stakeholder activities, manual processes, and difficulty in scaling and adapting to meet expansions in stakeholders, regulatory complexity, and changing business needs.

Blue Hill Research’s whitepaper identifies spreadsheet alternatives, particularly software-based governance, risk and compliance (GRC) solutions. While investing in software can initially seem like a costlier alternative to spreadsheets, Blue Hill explains that as organizations encounter increasingly complex and changing regulatory and business environments, the limitations posed by spreadsheets begin to generate costs in the form of the productivity of compliance and risk staff and risk exposures.

The report’s author, Principal Analyst David Houlihan, also noted the following feedback from the study’s participants, which included senior compliance and risk function owners: “Overall, research participants reported that while the implementation of GRC entails the additional expenses of software investment, its corresponding reduction in the costs generated by spreadsheet-based processes provided significant improvement in enterprise value.”

In conclusion, the Blue Hill Research report tracked comparisons of participants’ experiences both prior to and after GRC implementation with the following findings: (1) reductions in report generation time from a matter of days to hours, (2) increases in reporting frequency from monthly or quarterly to weekly, (3) 25% to 30% reductions in time required to execute compliance and risk activities, and (4) “near real-time” awareness of risk and compliance performance.

Click here to download “The Impact of GRC in Spreadsheet-Driven Compliance and Risk Management Environments.”

Related Articles

About Us

ProcessUnity is a leading provider of cloud-based applications for risk and compliance management. The company’s software as a service (SaaS) platform gives organizations the control to assess, measure, and mitigate risk and to ensure the optimal performance of key business processes. ProcessUnity’s flagship solution, ProcessUnity Vendor Risk Management, protects companies and their brands by reducing risks from third-party vendors and suppliers. ProcessUnity helps customers effectively and efficiently assess and monitor both new and existing vendors – from initial due diligence and onboarding through termination. Headquartered outside of Boston, Massachusetts, ProcessUnity is used by the world’s leading financial service firms and commercial enterprises. For more information, visit