| One of the biggest threats to compliance isn’t your | | | | are three times as likely as experts to make mistakes. |
| employees or hackers, but a trusted tool: the | | | | Few companies, however, test for spreadsheet errors |
| spreadsheet. It is unstructured, untracked, and | | | | or outright fraud, preferring instead to eyeball |
| unsecured. Learn to recognize top spreadsheet risks | | | | results—often with predictable consequences. For |
| and what you can do to reduce them. | | | | example, one software developer may use two |
| Compliance experts estimate that 80 percent of | | | | 15,000-cell Excel spreadsheets to project the market |
| enterprises use spreadsheets to support critical | | | | for its products, with figures rounded to whole |
| business functions. For example, in one Deloitte survey | | | | numbers. Yet another user may inadvertently round |
| of 800 financial professionals, 88 percent said their | | | | the modifier for inflation down say from 1.06 to 1, |
| firms "use spreadsheets of material importance in | | | | consequently resulting in a market undervaluation. Such |
| financial reporting." At the same time, however, | | | | an error would obviously qualify as a material |
| research suggests the typical spreadsheet has a 2 to | | | | weakness. |
| 5 percent error rate. | | | | 3: Manage Spreadsheet Changes |
| As a result, spreadsheets are one of the biggest | | | | One solution: don’t prohibit spreadsheet use, but |
| compliance risks facing regulated companies. Indeed, | | | | rather identify which spreadsheets handle critical |
| despite their prevalent use, the life of the average | | | | business functions, and then implement controls to |
| spreadsheet is unstructured, untracked, insecure, and | | | | ensure their integrity and accuracy, and especially to |
| potentially just inaccurate. Learn how to pre-emptively | | | | prevent fraud. For starters, apply change management |
| control challenges that can run afoul of | | | | controls to spreadsheets, including sign-offs, a record |
| Sarbanes-Oxley (SOX), Basel II, or numerous other | | | | of all changes and the rationale for every change, plus |
| laws which regulate the integrity of financial processes. | | | | rollback capabilities. Each spreadsheet’s business |
| Bet on auditors wanting to see all spreadsheets | | | | logic must also be thoroughly vetted, as with any |
| relating to your company’s financial reporting | | | | application which handles complex business functions. |
| practices. Will your rows and columns pass compliance | | | | 4: Beware the Orphans |
| muster? To help mitigate the regulatory risks posed by | | | | When auditing spreadsheets, pay particular attention to |
| spreadsheets, consider these 10 tips. | | | | the orphans: spreadsheets of unknown provenance |
| 1: Acknowledge Spreadsheets’ Programming | | | | which today still drive critical business processes. As |
| Power | | | | Arthur C. Clarke wrote, "any sufficiently advanced |
| One issue with spreadsheets is they’re simply so | | | | technology is indistinguishable from magic," and as |
| powerful. The spreadsheet problem is largely due to | | | | anyone who’s ever inherited a spreadsheet knows, |
| the fact that we’ve given a programming language | | | | some operate if not by magic, then at least through |
| to a non-IT user without any development | | | | unintuitive logic that might take a lifetime to unravel. |
| environment-type oversight or safeguards. | | | | Certainly, the average business user can’t be |
| They’ve become the programmer, tester and the | | | | expected to accurately keep a 50-tab Excel |
| user - so you’ve just lost all objectivity. Who’s | | | | workbook current. |
| going to detect the errors in that spreadsheet? | | | | 5: Consider Versioning Software |
| 2: Expect Errors | | | | The poster child of the spreadsheet world is Microsoft |
| The average spreadsheet contains a substantial | | | | Excel. Until recently, however, software to manage |
| number of errors Human error research indicates that | | | | Excel in regulated environments was scant. Beginning |
| for things about as complex as creating a | | | | with Excel 2007, though, Microsoft itself began offering |
| spreadsheet formula, the error rate floor is about 2 | | | | businesses a way to enforce change management, |
| percent to 5 percent. The reason: people tend to take | | | | audit controls, and versioning for Excel spreadsheets. |
| shortcuts when doing math, and these shortcuts often | | | | Together with SharePoint Server 2007, companies |
| produce errors. Regarding automation, please see tip | | | | can even manage spreadsheets centrally and offer |
| number eight. On a related note, spreadsheet novices | | | | role-based access to HTML versions of spreadsheets. |