Socwise logo
Ivett Dobay
03/20/2025

Beyond Excel: ERSTE Bank’s Journey to Automated Risk & Compliance with Archer GRC

Ivett Dobay
ERSTE Bank transformed its risk management by implementing Archer GRC, replacing Excel spreadsheets with automated workflows and real-time reporting, ensuring efficiency, security, and compliance in the financial sector.

By implementing the Archer GRC system for large enterprises, ERSTE Bank aimed to improve the management of discrepancies, findings and associated risks from information security reviews, technical audits and other sources, and to renew the recording of information security events.

The new system will allow for structured and process-oriented management of information security findings, the introduction of automated workflows and the production of up-to-date, automated reports, reducing administrative burden and the potential for human error.

Initial situation and problems

Before the launch, the data was kept in a large Excel spreadsheet, which presented several challenges:

  • Restricted access: the table was managed by a maximum of one or two people, limiting collaborative work and up-to-date data. These spreadsheets usually make it impossible or difficult to work in parallel.
  • Data management difficulties: handling thousands of records became increasingly difficult, and Excel was not able to handle multidimensional data relationships efficiently. In large enterprise environments, Excel spreadsheets used for this purpose typically reach their limits.
  • Reporting problems: the manual production of the various middle and senior management statements was time-consuming and, without manual updating, reports in Excel would sometimes be based on outdated or incomplete data.
  • Lack of workflow: approval processes were done by email, which did not ensure proper traceability.

Implementation of the Archer system

ERSTE Bank has introduced the "Issues Management" use case of Archer, which is the entry level module of the system and the base for further use cases. The project progressed along the following main steps:

  1. Preliminary analysis: the experts reviewed the bank's policies, processes and the header of the Excel template spreadsheet to ensure that Archer's field structure would fit well with existing records and processes.
  2. Requirement specification: the types, the layout of fields to be used in Archer, the workflow steps, and the capabilities and needs for automated reporting were defined.
  3. Development and testing: thanks to Archer's workflow module, new workflows and features were created in the development environment, followed by several iterative testing phases.
  4. Data cleaning and migration: the previous Excel data was cleaned to match the columns of the spreadsheet to the custom fields created in the system, then the data was bulk loaded into the appropriate fields in Archer. This was a critical step as loading the data correctly ensured accurate reporting and workflow processes.
  5. Automating reporting: the project has created the possibility to replace the manual Excel reporting system with Archer's automated reporting functionality.

Results and benefits

  • Automated workflows: processes are captured and organized into controlled approval steps, eliminating email and manual confirmations.
  • Centralized access to data: all information is available at a single location in Archer, ensuring the application of the need-to-know principle, as well as unified data management and collaboration across the organization. Data can be easily and efficiently modified, by any authorized colleagues without the need of an intermediary.
  • Real-time reporting: up-to-date records of incidents and audit findings allow you to monitor the current status on an ongoing basis.

Industrial environment and regulation

For companies in the financial sector, information security and risk management regulations require strict compliance.

For ERSTE Bank, the introduction of Archer will support compliance with the Digital Operational Resilience Act (DORA), an EU regulation for the sector. Archer can record and track, among other things:

  • Information security risks
  • Internal audit findings
  • Results of legality checks and eligibility verification
  • Results of vulnerability and penetration tests
  • Risk analysis of third parties and suppliers
  • Other safety compliance tests

In the financial sector, these compliance requirements and standards are essential, so the introduction of Archer has not only increased efficiency, but also helped to comply with regulations.

Conclusion

The implementation of Archer at ERSTE Bank is a prime example of how an Excel-based solution can be replaced by an enterprise-wide GRC system. The project has successfully automated the management of audit findings and incidents, minimizing manual administration, increasing transparency and helping to ensure regulatory compliance. Archer has not only met the current needs, but its scalability ensures that it will meet the regulatory and business needs of the financial institution in the long term.

crossmenu
SOCWISE
Datenschutz-Übersicht

Diese Website verwendet Cookies, damit wir dir die bestmögliche Benutzererfahrung bieten können. Cookie-Informationen werden in deinem Browser gespeichert und führen Funktionen aus, wie das Wiedererkennen von dir, wenn du auf unsere Website zurückkehrst, und hilft unserem Team zu verstehen, welche Abschnitte der Website für dich am interessantesten und nützlichsten sind.