The Hidden Costs of Relying on SharePoint for Quality Management Audits

Matthew Lamont • September 5, 2025

Introduction

For any organisation committed to excellence, the quality management audit is a critical test of process integrity and discipline. While the thought of an audit can be daunting, its success often hinges on one foundational pillar: rigorous document control. This isn't just about having files in folders; it's about demonstrating a complete, traceable, and verifiable history of every procedure, record, and change.


Without this control, an organisation walks into an audit unprepared, risking findings that can lead to severe consequences. Failing an audit is more than just a mark on a report. It can result in the loss of crucial certifications (like ISO 9001), operational shutdowns, damaged customer trust, and a significant hit to both your reputation and bottom line.


In this article we take a deep-dive into the popularity and risks of SharePoint as a platform for managing version-controlled documents, such as quality documents. We contrast those risks with the capabilities of M-Files as a document management platform designed specifically with compliance and audits in mind.

SharePoint: The Go-To Solution for Quality Documents (But with Hidden Costs)

It is incredibly common for organisations to turn to SharePoint as their de facto system for managing quality documents, and its popularity is easy to understand. As a core component of the ubiquitous Microsoft 365 suite, SharePoint is often seen as a "free" and readily available tool already embedded within the company's IT infrastructure.


Ready access to SharePoint eliminates the need for a separate procurement process and additional software costs. Furthermore, its interface is familiar to most office workers, reducing the training-to-adoption curve. For basic document storage, sharing, and simple collaboration, SharePoint is a powerful and convenient platform, making it the default choice for businesses starting their quality management journey or those looking to consolidate their tools within a single ecosystem.


While SharePoint seems like a cost-effective solution, inherent risks for quality management lie in its lack of purpose-built compliance features, making it prone to critical errors in version control and traceability. The hidden costs quickly accumulate, not from the software itself, but from the extensive IT resources needed to customise and validate it, the manual effort required to bridge its gaps, and the significant financial fallout that can result if these workarounds fail during an audit.

Audit Risks and Solutions

Here are five examples of how reliance on SharePoint for quality management audits can result in adverse audit findings, and how M-Files helps avoid them in the first place

1. Incorrect document versions in use

A classic audit fail is finding that staff are using outdated procedures or specifications. This points to a breakdown in version control.


How it happens in SharePoint: A user downloads a procedure to their desktop, edits it, and emails it around. Meanwhile, another user updates the "official" version on SharePoint. Soon, multiple versions exist, and it's unclear which is correct. The system doesn't inherently prevent users from working on local, uncontrolled copies. Unless very meticulous permissions have been manually applied.


Example audit finding: The 'Equipment Calibration Procedure' (SOP-QA-012) in use on the production floor was identified as Revision 3.1. The document management system indicates the current approved version is 4.0. The system lacks effective controls to ensure superseded documents are removed from circulation and only the current version is accessible at points of use.


How M-Files overcomes this: M-Files operates on a single source of truth principle. There are no duplicate files. Every document has one instance, and all edits create a new version of that single document. When a document is approved, it automatically becomes the "latest approved version" available to users. M-Files also offers parallel working and published copies of version-controlled documents. Working copies are only available to authorised admins. This makes it virtually impossible for an outdated version to remain in circulation, explicitly preventing findings like the one above.

2. Incomplete or missing audit trails

Auditors must be able to see the entire lifecycle of a document: who created it, who changed it, who approved it, and when.


How it happens in SharePoint: While SharePoint has audit logs, they can be difficult to configure and parse for a specific document's history. It may not clearly show who simply viewed a document versus who approved a major change, making it hard to reconstruct a clear, chronological history.


Example audit finding: A critical change to the 'Material Acceptance Criteria' (SPEC-RM-004) was approved on July 15, 2025. However, the system log could not provide a verifiable, sequential record of which users viewed, edited, and commented on the document prior to the final approval, breaking the chain of custody.


How M-Files overcomes this: M-Files automatically creates a comprehensive audit trail for every object. Every single interaction—viewing, editing, approving, sending a link—is logged with a user and a timestamp. M-Files generates an unchangeable, easily readable history that proves the document followed its prescribed lifecycle, satisfying the most stringent traceability requirements. This provides a complete and easily reportable history of a document's lifecycle, demonstrating transparency and control to auditors.

4. Inconsistent review and approval processes

When approval workflows aren't enforced by the system, steps can get missed, leading to uncontrolled documents.


How it happens in SharePoint: Workflows can be built, but they often rely on a separate tool (like Power Automate) and can be complex. They often require significant customisation and technical expertise to set up and maintain. As a result, companies often fall back on manual processes like email chains for approvals. These are untraceable within the document system and prone to human error—like forgetting to include the Quality Manager.


Example audit finding: The 'New Supplier Onboarding Form' for 'ACME Inc.' was found to be in an 'Approved' state but was missing the required electronic signature from the Head of Procurement. The approval process appears to be managed ad-hoc, lacking systematic enforcement to ensure all required approvals are obtained before a document becomes effective.


How M-Files overcomes this: M-Files has powerful, built-in workflow automation. Review and approval workflows can be easily configured to ensure that documents are routed to the correct personnel in the proper sequence. Automated notifications and assignments keep the process moving, and the current status of any document is always visible. For example, you can design a workflow that says a controlled document cannot move to the "Approved" state until it has received electronic signatures from Engineering, Procurement, and Quality, in that specific order. The system enforces the process, ensuring no steps are ever missed, demonstrating to auditors a consistent and controlled process for managing document lifecycles.

5. Inadequate access controls

A major risk is having personnel access information they shouldn't, like draft specifications or confidential HR records.


How it happens in SharePoint: Permissions are typically managed by site and folder. This complex inheritance structure can potentially be broken or misconfigured, inadvertently giving a whole department access to a sensitive sub-folder. It is difficult to set permissions based on the document's actual status (e.g., "Draft" vs. "Approved").


Example audit finding: Documents in a 'Draft' and 'Obsolete' state were found to be accessible to all production floor staff via the main document library. The permission structure fails to adequately segregate documents based on their lifecycle state, creating a significant risk of manufacturing products using unapproved or outdated specifications.


How M-Files overcomes this: M-Files uses dynamic, metadata-based permissions. Access isn't about the folder; it's about the file's properties. You can set a simple rule: "Only members of the 'Management' group can see documents where 'Status' is 'Draft'," or "Users in the 'Production' group can only see documents where 'Status' is 'Approved'." This automatically hides obsolete and draft documents from those who shouldn't see them, preventing audit findings around inadequate access controls.

Conclusion: M-Files helps mitigate audit risk

The temptation to adopt SharePoint for quality document management is understandable. Included in most enterprise Microsoft subscriptions, at face value, SharePoint offers a low-cost solution for managing quality documents. But in reality this is often a false economy.


SharePoint was never designed as a compliance-focused system, and using it to manage quality documents introduces risks that can carry heavy financial consequences. Audit failures caused by missing version histories, uncontrolled document access, or inconsistent metadata can lead to fines, reputational damage, or even the suspension of critical certifications—outcomes that far outweigh any initial savings. Beyond the penalties themselves, businesses face costly disruptions: production slowdowns, lost tenders, and the expense of emergency remediation efforts to fix gaps uncovered during an audit. What appears to be a “cheap” solution quickly becomes an expensive liability.


By contrast, M-Files is purpose-built for compliance and audit readiness, ensuring robust version control, complete traceability, and automated document governance. Investing in M-Files protects organisations from the hidden costs of audit failures and delivers true long-term financial security, rather than the illusion of savings that SharePoint provides.


Better yet, as of July 2025 M-Files offers native storage of content within Microsoft 365 infrastructure. This strategic partnership between M-Files and Microsoft means that organisations already invested in Microsoft don't have to compromise on performance when it comes to functions like co-authoring in the familiar M365 desktop apps, and gaining insights from organisational content using Microsoft Copilot.


Contact the team at Innovative Content Management today to see how M-Files sets the standards for managing quality document managements, ensuring your organisation is truly audit-ready.

More Articles


By Rowena Lamont June 18, 2025
We hear similar frustrations time and time again: “ managing access to documents in our SharePoint is a nightmare! ”. People come to us all the time looking for answers because SharePoint admins are tearing their hair out trying to help team members with accessing documents they need to do their jobs effectively. The crux of the problem is that SharePoint is essentially a folder-based document management platform. As we have written about previously , be it in SharePoint or a local network drive, folders are rigid file management structures that cause headaches, regardless of how many times you tinker with your organisation’s folder structure. In this article, we use a case study to contrast document access permission approaches between SharePoint and M-Files. As you will see, the metadata-driven approach adopted by M-Files provides a supremely flexible framework that solves common SharePoint access problems, saving your admins time and your organisation money.
By Matthew Lamont June 4, 2025
Effective document management is crucial for successful project management, ensuring smooth operations and clear communication. Project document management involves organising, storing, and tracking all project-related documents. A good project document management solution makes essential information easily accessible to relevant personnel and external stakeholders to prevent costly delays. Proper project document management enhances collaboration, improves efficiency, and ensures compliance with regulatory requirements. Managing the sheer volume of documents in a project can be challenging with traditional methods. Information can be hard to find, leading to wasted time and duplicated efforts. Version control issues are rampant when documents aren't found or versions are tracked manually through ambiguous file naming, increasing the risk of team members making decisions based on outdated information. External collaboration often requires separate systems, adding more work and compounding issues with duplication, version control, and visibility.
Streamline aged care compliance: M-Files centralizes info, manages document version control
By Matthew Lamont April 27, 2025
Aged care and community care providers in Australia play a vital role supporting vulnerable individuals. However, the sector faces unique and complex challenges when it comes to managing documents and information. Dealing with sensitive personal health data and adhering to strict compliance requirements can often lead to administrative burdens that detract from the core mission of providing quality care.  In this post we explore some of the key information management challenges faced by the aged care and community care (ACCC) sector and show how M-Files can help ACCC providers enhance regulatory compliance and streamline their internal operations.

Share

IMPROVE YOUR WORKFLOW

Let's chat together

Contact us