7 dangers of document-based auditing

Dan Zitting

Dan Zitting

Chief Product & Strategy Officer, Galvanize

Auditors relying on word processing documents and spreadsheets can face a number of risks and administrative challenges. Learn why modern audit technology is the way to go.

In the 80s and 90s, large audit organizations moved away from hard copy audit files and working papers. One of the main reasons for this change was that it was proving difficult to share and collaborate on the physical files. Auditors began to use word processing documents and spreadsheets as their primary way to capture and document audit procedures, results, and evidence.

But this created a number of new issues:

1. Information in documents or spreadsheets becomes dark

When data gets trapped in documents, it effectively becomes what’s known as dark data: impossible to search, reference, analyze, export, report on, or access on mobile devices. Accessing data through all of these actions is required for large audit teams to deliver valuable insights and support decision-making.

2. Documents don’t protect data integrity

When audit process metadata (i.e., tick marks, review notes, auditor commentary—and, especially, inter-document links and references) gets embedded into document files, you face a significant data integrity risk. Documents are not able to enforce referential integrity. Since multiple users may access the data, the accuracy and consistency of that data may change over its life cycle.

3. Maintaining relationships to other information is impossible

Since documents are not databases, there is no way to create and maintain relationships between data in different files. Hyperlinking and other document-embedded features are then unreliable.

Systems that rely on deep document integration are prone to data loss when files are corrupted, edited in conflict by disparate users, or moved between locations that break references and relationships. This also causes slow performance, as documents simply can’t perform at the level of database-driven systems.

4. Exporting and archiving outside the documents is impossible

Hyperlinking information inside and between documents—referred to as deep linking— necessitates document-embedded metadata, with references stored in the software system. Since a link from inside one document to another depends on this externally-stored reference, not only do the relationships between documents break, but it is also impossible to archive or export an audit project outside the software without breaking those links.

5. Rolling audits forward manually

When primary audit documentation is captured in documents, it’s impossible (or very dangerous) to update programmatically. When you use documents to roll an audit forward, you need to update them manually to avoid erratic behavior. This takes up valuable time from your team.

6. Software version conflicts and difficult upgrades

As Microsoft Office or other document-editing software applications are updated and file formats change, integration dependencies often break the compatibility of the audit software. This leads to situations where, for example, a new Office version forces an upgrade of the audit software or changes the embedded metadata (again causing data integrity risks). Even in the best case, upgrades require rigorous testing, which causes lengthy delays in upgrade implementations.

7. Demanding administrative duties

Creating and managing document-embedded metadata requires legacy audit systems that include a locally-installed application or complex web browser plugin. Because they are hosted individually on local machines, these applications create significant administrative burdens for IT, including high-maintenance installation rollouts and upgrades, and compatibility issues.

Have you come across any of these challenges in your working environment? Ready to put a stop to the risks of document-based auditing? We’ll show you how.

White paper

The 7 Dangers of Document-Based Auditing

This white paper highlights:

  • The dangers of document-based auditing.
  • Some of the benefits that can be realized by using purpose-built software
  • What’s needed for making a successful transition over.

Download white paper

Related Articles


Galvanize is now part of Diligent.

To stay up to date on the latest product offerings, research and GRC resources please visit or to login to your Galvanize products please visit www.diligent.com

Visit Diligent Login