Compliance in practice: “Believe my Excel sheet”

In many companies it’s standard practice: sending a flood of e-mails and Excels to the various business units for the periodic audit. Departments fill in the questionnaires, mail them back and the head office goes through them. But how does an organisation know if it is compliant today, when all the information is scattered and unclear?


Companies must be able to demonstrate that they comply with all applicable laws and regulations and the company’s policy on risks and mitigation controls, but when it comes to auditing and recording the information, the choice of system is up to them. And, believe it or not, the good old Excel spreadsheet is still a favourite in many organisations. When an auditor appears, Excel spreadsheets seem to pop up everywhere.

Prone to Error

Obviously, this isn’t the most efficient way to monitor compliance. But this inefficiency would be permissible providing all the information given is correct. And that, right there, is the problem. A manual method isn’t just inefficient and labour-intensive, it’s error-prone and, moreover, never up-to-date.


A few years ago, we had the opportunity to implement our Sofy Suite GRC solution at an investment company, originally British but operating internationally with over 800 hotels and 4000 coffee shops. The company also carried out audits in Excel. Like many other companies, this had been the method of choice for years, and the most pragmatic.


The company realised that, in times of stricter monitoring and digitisation this was no longer the ideal method. But was very reluctant to implement a large software package with all the trimmings. Understandable. A new system, especially for an organisation of that size, costs a lot of time and money.

Hands free for risks

With Sofy, things were very different. We didn’t ask: “how much do you want to invest?”, but “when do you want it?” In less than four weeks, the UK investment company switched from a paper audit system to Control Management, an app on our Sofy platform that automatically dispatches tasks and provides real-time insight into each entity’s level of compliance.


The switch not only saved the organisation a substantial investment. Now, the quality of the internal audits has improved, and the company always has insight into its current compliance status. Now, they don’t invest time sifting through and merging Excel sheets. Instead, they focus on reducing the risks—which is what GRC is all about.


Emiel van Kampen, Consultant Enterprise Analytics KPMG Sofy Suite


Do you want to learn more? Or do you have any questions, let us know and contact us.

Start finding the value in your data

Request a free demo and one of our experts will take you on a little tour! During the demo, we will show you all the functionalities within the Sofy platform. Find out how Sofy can help you optimize your workflows and make better business choices!

© 2020 KPMG N.V., registered with the trade register in the Netherlands under number 34153857, is a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ('KPMG International'), a Swiss entity. All rights reserved. KPMG International Cooperative ('KPMG International') is a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.