There are probably only a handful of organizations on the planet that don't have at least one instance of Microsoft Office on their network.
When it first launched in 1990 there was nothing else like it.
No software was faster, bundled so many features together, and was so reasonably priced. So, by the time real alternatives began hitting the market, it was too late. Word, Excel, and complementary products like SharePoint had become as ubiquitous a part of office life as cubicles or water coolers.
Because everybody, regardless of their level of IT literacy, has access to and a reasonable working knowledge of Microsoft Office, using it to create, edit, and manage policies feels like the most natural thing in the world.
The practical realities of modern compliance, and the landscape in which regulated firms operate today, means relying on these technologies is doing more harm than good.
Here are three reasons why Word, Excel, and SharePoint are making your policy management problems worse instead of solving them.
If, in 1990, Microsoft Office was ground-breaking, it's because the world was a radically different place.
Desktop computers, fax machines, and dot matrix printers were cutting-edge technologies. The internet was three years away. And while corporate scandals and bad governance weren't unheard of, the compliance workload was smaller by orders of magnitude.
Thirty years on, organizations are spending $181 billion a year on compliance programs and still struggling to stay on top of the workload.
If that weren't enough, the Covid-19 pandemic has forced unprecedented numbers of people to work remotely. This has created new risks, brought about more — and increasingly rapid — regulatory change, and made ensuring compliant conduct more challenging than ever before.
As GRC expert Michael Rasmussen notes, in this complex, interconnected, and constantly shifting environment, "...you need a singular point of communication… an easy way for staff to access policies and procedures… [and] the right audit trail system.."
Word, Excel, and SharePoint aren't designed to meet these needs.
While Excel and SharePoint can track policies and help you keep them organized, the process isn't automatic. Somebody has to populate and maintain spreadsheets and SharePoint sites.
Leaving aside Excel's limits and the potential for human error — 88% of spreadsheets have at least one critical mistake — this can quickly become a full-time job.
More to the point, it's still up to compliance staff to monitor regulations, read and digest them, and identify which policies are impacted by new rules and how they must revise them.
That was a tall order in 2018, when regulated firms had to deal with 200 international regulatory updates a day alongside sweeping changes like GDPR.
It's all the more challenging now that the workload has exploded — between March and April 2020 there were 3,000 regulatory updates — and the vast majority of staff are working from home.
Needless to say, drafting or updating a policy is only the start. Policies have to go through several rounds of reviews and approvals before they're finalized and disseminated.
Because people usually work on Word documents asynchronously — that is, they save them locally and forward them via email — the review and approval process can create bottlenecks.
Sending a document for feedback one stakeholder at a time significantly lengthens the process.
But the alternative — sending a document out to all stakeholders simultaneously — means receiving back several copies of the same document with different track changes you then have to collate.
Again, this significantly lengthens the process and makes it more tedious and laborious, which increases the likelihood of critical mistakes.
Meanwhile, your firm has outdated policies that could be putting you at risk.
If Word, Excel, and SharePoint aren't designed for automation and collaboration, what's worse is that all the hard work can be undone through versioning issues.
Ultimately, the whole point of policy management is to document standards of behavior, so staff know how they're expected to conduct themselves. But because tracking, drafting, and approvals are manual and asynchronous it can become difficult to track down the latest policy. Or to track down any policy at all.
It's shockingly common for organizations to have more than one policy covering the same issue, and for these policies to contradict each other. Again, this state of affairs could be creating all sorts of risks — security, regulatory, and even reputational.
In 2000, researchers from Columbia and Stanford conducted an experiment in which they gave shoppers a choice between two market stalls: one that had 24 different types of jams and another that had only six types.
The stall with more options drew the bigger crowd. But it was the smaller stall that made more sales.
It's an apt metaphor for SharePoint.
For many organizations, one of its biggest selling points — aside from the fact that it works seamlessly with Word and Excel — is that it can be configured to do pretty much anything.
But the draw of endless possibilities quickly loses its shine once you realize how much time, effort, and money are required to get it set up in a way that meets your requirements.
Large organizations often employ as many as five SharePoint consultants, with the best ones commanding six-figure salaries.
And that's not factoring in the lengthy implementation period, the need for user training, or the cost of bolt-ons you might require so your SharePoint site can meet your specifications.
But the kicker is that, because it's designed to have a high degree of configurability, SharePoint's features lack the specificity that would simplify, automate, and make policy management more efficient and effective.
When you really get down to it, SharePoint is a 'check in, check out' system.
It's great at storing all your documents in one place. But if it's not properly managed and maintained it can quickly become a document dump.
More importantly, the high value work — automating and simplifying your processes, capturing key pieces of data, versioning, audit trails, staff training, and attestation — all has to happen outside the system.
And that's what you have to standardize if you want your policy management process to be smarter, more effective, and more agile.
So, while SharePoint can indeed be effective as a central repository for your policies and also as a tool for dissemination, it can't help speed up your workflow or create efficiencies. If anything, the hefty setup and maintenance requirements risk adding more work to your compliance team's already lengthy to-do list.
With new rules and updates coming thick and fast, regulators' rising expectations, and the ever more dire consequences of getting it wrong, sticking with what's familiar — tools that have been on our office computers for over three decades — is no longer the safe option.
If anything, it's the riskier choice.
No serious organization would draft memos on a typewriter, fax documents, or store policies on floppy disks.
So why rely on tools that are equally outdated and unfit for purpose for a business-critical function like policy management?
What steps do you need to take to make your organization's policy management process more efficient, effective, and future-proof?
Read our FREE eBook, Smart, Connected Documents are the Future of Compliance, to learn more.