Authors
Compassoft
Abstract
In recent years, spreadsheets have become one of the cornerstones of financial analysis and financial record-keeping for enterprises worldwide. These essential applications are used for the majority of companies' critical operational decisions, and almost every line item for external reporting traces its origins to a single cell on some spreadsheet. Enterprises now have spreadsheets residing in thousands, even hundreds of thousands, of locations — network servers, desktop and notebook computers — both within and outside the enterprise’s control.
And far too many of these spreadsheets are riddled with errors — errors that can introduce unacceptable levels of financial, operational, security and regulatory compliance risk.
Many key enterprise stakeholders are already well aware of the risks presented by out-of-control spreadsheets. Senior executives, external auditors, finance departments, risk managers and even boards of directors are seeking effective ways to manage and control spreadsheets and other critical end-user applications residing on, or connected to, enterprise networks. The need to eliminate errors in the spreadsheets used for external reporting and strategic operational decisions has taken on new urgency, as a result of heightened regulatory and corporate compliance and security requirements. But many other enterprises are still trying to ignore the problem — until a highly publicized data breach or a failed audit brings them back to reality.
There's no question that managing and controlling spreadsheets and their risks is a difficult, even overwhelming, task. But new advances in automation technologies — together with established and newly identified best practices — can offer enterprises comprehensive management and control, while simultaneously reducing their costs. The key to effective spreadsheet management: using automation to apply the appropriate, and appropriately prioritized, policies and controls to every spreadsheet in use across the enterprise.
Compassoft, the recognized industry leader in this field, has worked with more than 180 companies, as well as with all of the "big four" accounting firms, in developing enterprise spreadsheet management strategies and technologies. This white paper draws on Compassoft's extensive and wide-ranging experience — and new automation technologies introduced in the summer of 2007 — to present a best-practices framework for comprehensive, sustainable and cost-effective management of enterprise spreadsheets and the mission-critical risks they carry with them.
Sample
Five-step framework to manage and control spreadsheets:
- Set control policy. Put controls in place that are appropriate for specific spreadsheets and spreadsheet uses, based on business priorities and/or specific spreadsheet data.
- Continuous inventory and risk measurement. Maintain an up-to-date central inventory of all the spreadsheets in use across the enterprise — identifying new and changed spreadsheets as the changes take place — as a basis for understanding the spreadsheets that exist and the information they contain, and for controlling the risks they present.
- Risk prioritization and policy enforcement. Use an advanced rules-based automation framework to compare spreadsheet properties and content against established control policies, categorize and prioritize spreadsheets by risk level based on these policies, then create processes to document and manage spreadsheets accordingly.
- Analysis, remediation and documentation. Forensically analyze high-risk spreadsheets in order to understand and document in detail their structure, data flow, hidden information and other factors and identify errors and potential sources of fraud.
- Management (securing and monitoring). Implement a framework that considers both the physical aspects of the spreadsheets (access and version control) and content-level management (continuous control monitoring, functional-level control, change management and documentation).
Publication
2007, White paper
