Poor spreadsheet modelling can be costly because of incorrect business decisions, errors and time required to implement change.
Most important for a business is to consider the "why" before the "what" and "how".
That is, "Why am I using a spreadsheet? Is this the proper tool?" If the answer is yes, then appropriate policies and procedures that align with the business' policies and procedures for commercial IT applications should apply.
Spreadsheet risk checklist.
This checklist provides a guide to the types of controls a business may like to consider when using spreadsheets:
- Document. Record all aspects of the spreadsheet as it aligns to the business objective and the spreadsheet's specific function.
- Access control. Limit access to appropriate users for viewing and amendment, preferable through password protection.
- Input control. Determine and control how input is entered into a spreadsheet, either by manual input or download.
- Testing. Regularly check logic and formally document all testing.
- Version control. Through the use of naming conventions and directory structures, ensure only current and approved versions are being used.
- Change control. Mantain a controlled process for requesting amendments, making amendments, testing, and version sign-off.
- Back up and archive. Regularly back up and archive old versions.
2007, In the black, Volume 77, Number 6, July, pages 48-51