Excel audit trails versus a real audit log
A bank ran an internal audit last year. The auditor asked who had changed a particular customer classification three weeks earlier. The file was on SharePoint with version history enabled. Twelve people had been editing it that week. SharePoint records save events, not change events.
The lookup took three days and three people. They eventually narrowed it down using the version history, the conditional formatting that happened to flag changed cells, and a chain of email replies on the file. The auditor accepted the answer but flagged the process as a finding. The remediation memo took another week.
That story is the tax most companies pay quietly, without putting a number on it.
What an audit trail actually needs
The auditor's question always has the same shape. Who changed what, when, and why. The unit of work is one specific cell value at one specific point in time, changed by one specific person, for one specific reason.
| Property | Excel + SharePoint | Real audit log |
|---|---|---|
| Per-cell attribution | Inferred from a diff | Recorded directly |
| Timestamp | Save event | Change event |
| Reason | Optional, often blank | Required |
| Old / new value | Available via diff | Stored explicitly |
| Bulk paste | One save event | One event per row |
| Survives file rename | No | N/A |
Reconstruction is not the same as recording.
The three failure modes you cannot fix in Excel
The offline edit. Someone takes the file home, edits on their laptop, uploads on Monday. The version history shows one save event with thousands of differences. Nothing distinguishes the deliberate change from the incidental ones.
The bulk paste. Someone pastes a thousand rows from an export. The version history shows one save event with one giant block of change. The one row that mattered is buried.
The file copy. Someone duplicates the file, edits the copy, deletes the original, renames the copy to the original name. The version history starts over. The previous history is gone.
A real audit log does not have these failure modes because the data does not live in a file. It lives in a row. Every write records the user, the time, the before, the after, and (where required) the reason. Offline editing does not exist as a concept. gridmap's per-row audit works this way, and the log is queryable directly, including soft-deleted rows that can be restored.
Why this matters more for regulated work
For banks, insurers, listed companies, anyone holding a SOC report or ISO 27001 certification, the value of a recorded audit trail is not productivity. It is whether your control framework passes. Spreadsheet audit trails are increasingly flagged as inadequate, especially for anything tied to financial reporting. The remediation usually means moving the data out of Excel into something more accountable, which is the work you would have done anyway.
For everyone else, the value is the three days that bank wasted, multiplied by however often your team gets asked about the past.
If "who changed this value, when, and why" cannot be answered in two clicks, the spreadsheet will not survive a hostile question.