A new study finds that many companies are still using unsecure and inefficient entity management processes, leaving them vulnerable to compliance risk.

Entity management is the end-to-end organization and oversight of an entity’s and its subsidiaries’ most vital and sensitive corporate records—information and documents that are maintained, tracked, and viewed in a secure and centralized system of record to create a single source of truth across business units. Done right, entity management is the backbone of robust governance management.

Yet, many companies today continue to use inefficient, manual entity management processes, finds a new survey conducted by Compliance Week and governance software provider Diligent, which gauged the maturity of companies’ entity management practices. Of 158 respondents, 50 percent said they still manage entities with spreadsheets, versus 40 percent who said they use entity management software. On the plus side, nearly 3 in 4 respondents (72 percent) said they anticipate implementing entity management software over the next five years.

“In a nutshell, there are still a lot of manual processes being used,” says Akbar Hussain, governance and compliance specialist at Diligent. “People are not using entity management software as much as they should be.” That could be due to various factors, including the company’s size, the number of subsidiaries it has, the sophistication of its IT infrastructure, and more, he says.

According to the survey, the higher an organization’s revenue, the more mature its processes. Among respondents in organizations with annual revenues of $1 billion or higher, 40 percent said they manage entities with spreadsheets, compared to 51 percent who use entity management software.

Comparatively, among the 85 total respondents in organizations with annual revenues of less than $500 million, 58 percent said they still use spreadsheets for entity management, while 31 percent said they use entity management software. Seven percent of this group said they still manage corporate records in paper format, stored in filing cabinets.

Some respondents—commonly those in organizations with annual revenues of between $100 million and $500 million—indicated that they use hundreds of spreadsheets to manage entities. The concern here is that spreadsheets were not designed for entity management. Spreadsheets are a way to organize data, but data still needs to be checked, verified, and tested. “When you’re updating the spreadsheets, how much checking is involved? What review process have they gone through?” Hussain asks.

Spreadsheets vs. entity management software

The survey findings further revealed clear benefits among companies who use entity management software versus those who solely use spreadsheets. For example, users of entity management software gave an average 4.0 confidence rating (out of 5) pertaining to the “accuracy of entity information,” versus an average 3.6 confidence rating among those who just use spreadsheets.

Users of entity management software further indicated they’re also more likely to maintain their information “continuously,” while those who manage with spreadsheets are more likely to maintain their information monthly. How often entity information is maintained further contributes to the accuracy of it.

Users of entity management software also are more likely to manage regulatory compliance in a more streamlined, structured, and secure way. For example, this group gave an average 4.1 confidence rating (again, out of 5) regarding their ability to meet regulatory compliance policies and filing requirements, as well as an average 4.0 rating regarding keeping pace with the changing regulatory landscape. Relatedly, most (72 percent) said they’re more likely to manage compliance proactively, versus the majority of those who use spreadsheets who indicated they manage compliance reactively.

Users of entity management software also expressed a higher level of confidence that “the right people can access required entity information in real time,” with an average 4.1 rating versus an average 3.5 rating among those that solely use spreadsheets for entity management. When it comes to risk management, those who use entity management software gave an average 3.7 confidence rating that they’d be “able to spot an issue or risk in every entity or subsidiary,” compared to the average 3.3 confidence rating of those who use spreadsheets.

Entity management software creates efficiencies in other areas as well. Most survey respondents who use entity management software said they could “create an entity” within an hour versus users of spreadsheets, whose top answer was that it takes them “longer than a day.” This is surprising, Hussain says, because creating an entity can be done within minutes using the right tools.

Regarding data-sharing practices, 56 percent of respondents said they share entity-related information using secure file-sharing software, while 41 percent still use e-mail and 3 percent still use regular mail. When asked how confident they are in the security of their communication of entity-related information, those who use secure file-sharing software gave an average rating of 4.2, compared to an average rating of just 3.2 among those who use e-mail and regular mail.

While most respondents said they use permission-based access to entity data, some said they do not. “That may be suggestive of some issues,” Hussain says, such as not having the proper controls or the security in place to manage access to the data.

Pain points

All respondents, regardless of organization size, indicated that they share equally similar pain points. Most expressed data integrity as their top pain point, closely followed by inefficient processes, reporting, and compliance with rules and regulations.

All these pain points ultimately bleed into one another but resolving them starts with good governance management and robust internal controls. Depending on how weak or strong those processes are “will have an impact on the integrity of the information,” Hussain says.

How often the data is updated, where it’s coming from, where there is any compliance and legal review process—all these factors play a role in data integrity. Inefficient processes play a role here, as well. For example, “are they using too many systems, for instance? Is there no single source of truth?” Hussain asks.

Data integrity and inefficient processes tie into the quality of regulatory reporting, too. If governance processes are inefficient, if the data lacks integrity, then the quality of the reporting the organizations produces are going to be subpar as well. Based on the survey findings, overall, the more that organizations are able and willing to embrace digital transformation within their legal entity management process, the more robust and efficient their reporting, compliance, and risk management processes will be.