Identity Theft is the fastest growing crime in the US according to the FBI
 

Top 10 Compliance Spreadsheet Risks and How to Avoid Them – PART 1

Written by OSAblog on Friday, June 12th, 2009

One of the biggest threats to compliance isn’t your employees or hackers, but a trusted tool: the spreadsheet. It is unstructured, untracked, and unsecured.  Learn to recognize top spreadsheet risks and what you can do to reduce them.

Compliance experts estimate that 80 percent of enterprises use spreadsheets to support critical business functions. For example, in one Deloitte survey of 800 financial professionals, 88 percent said their firms “use spreadsheets of material importance in financial reporting.” At the same time, however, research suggests the typical spreadsheet has a 2 to 5 percent error rate.

As a result, spreadsheets are one of the biggest compliance risks facing regulated companies. Indeed, despite their prevalent use, the life of the average spreadsheet is unstructured, untracked, insecure, and potentially just inaccurate. Learn how to pre-emptively control challenges that can run afoul of Sarbanes-Oxley (SOX), Basel II, or numerous other laws which regulate the integrity of financial processes.

Bet on auditors wanting to see all spreadsheets relating to your company’s financial reporting practices. Will your rows and columns pass compliance muster? To help mitigate the regulatory risks posed by spreadsheets, consider these 10 tips.

1: Acknowledge Spreadsheets’ Programming Power

One issue with spreadsheets is they’re simply so powerful.  The spreadsheet problem is largely due to the fact that we’ve given a programming language to a non-IT user without any development environment-type oversight or safeguards.  They’ve become the programmer, tester and the user – so you’ve just lost all objectivity. Who’s going to detect the errors in that spreadsheet?

2: Expect Errors

The average spreadsheet contains a substantial number of errors Human error research indicates that for things about as complex as creating a spreadsheet formula, the error rate floor is about 2 percent to 5 percent. The reason: people tend to take shortcuts when doing math, and these shortcuts often produce errors. Regarding automation, please see tip number eight. On a related note, spreadsheet novices are three times as likely as experts to make mistakes.

Few companies, however, test for spreadsheet errors or outright fraud, preferring instead to eyeball results—often with predictable consequences. For example, one software developer may use two 15,000-cell Excel spreadsheets to project the market for its products, with figures rounded to whole numbers. Yet another user may inadvertently round the modifier for inflation down say from 1.06 to 1, consequently resulting in a market undervaluation. Such an error would obviously qualify as a material weakness.

3: Manage Spreadsheet Changes

One solution: don’t prohibit spreadsheet use, but rather identify which spreadsheets handle critical business functions, and then implement controls to ensure their integrity and accuracy, and especially to prevent fraud. For starters, apply change management controls to spreadsheets, including sign-offs, a record of all changes and the rationale for every change, plus rollback capabilities. Each spreadsheet’s business logic must also be thoroughly vetted, as with any application which handles complex business functions.

4: Beware the Orphans

When auditing spreadsheets, pay particular attention to the orphans: spreadsheets of unknown provenance which today still drive critical business processes. As Arthur C. Clarke wrote, “any sufficiently advanced technology is indistinguishable from magic,” and as anyone who’s ever inherited a spreadsheet knows, some operate if not by magic, then at least through unintuitive logic that might take a lifetime to unravel.

Certainly, the average business user can’t be expected to accurately keep a 50-tab Excel workbook current.

5: Consider Versioning Software

The poster child of the spreadsheet world is Microsoft Excel. Until recently, however, software to manage Excel in regulated environments was scant. Beginning with Excel 2007, though, Microsoft itself began offering businesses a way to enforce change management, audit controls, and versioning for Excel spreadsheets. Together with SharePoint Server 2007, companies can even manage spreadsheets centrally and offer role-based access to HTML versions of spreadsheets.

James Tanner is an analyst at Orthus limited (http://www.orthus.com). Orthus is a leading provider of information risk professional services, helping orgnisations globally to measure, minimise and manage the information risks they face. Orthus provide end to end services for clients to comprehensivly address risk in their environments including Insider Threats (http://www.orthus.com/itm_overview.htm) addressing issues including data leakage, sabotage and fraud; External Threats including penetration testing, virtualisation security, vulnerability management and Secure Software Development Life-Cycle; Supply Chain Threats including securing cloud services and data processed by third parties; and Legal and Regulatory challenges including Payment Card Industry (PCI) Data Security Standard (DSS).

Article Source:http://www.articlesbase.com/security-articles/top-10-compliance-spreadsheet-risks-and-how-to-avoid-them-part-1-961082.html

Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • NewsVine
  • Reddit
  • StumbleUpon
  • Google Bookmarks
  • Yahoo! Buzz
  • Twitter
  • Technorati
  • Live
  • LinkedIn
  • MySpace
  • E-mail this story to a friend!
  • RSS
  • Turn this article into a PDF!

Welcome back! You may want to subscribe to my RSS feed. Thanks for visiting!

  • Share/Bookmark

If you enjoyed this post, make sure you subscribe to my RSS feed!

Blog Traffic Exchange Related Posts
  • Protect Your PC From The Conficker Virus In the history of the use of the Internet, users all over the globe have faced tremendous attacks that has wrecked their businesses and rendered them financially bankrupt. To forestall the reoccurence of such experiences and aid internet users and computer users alike to accomplish their purpose for using......
  • Spyware – Understanding and Addressing The Risks - Part Two Mitigating the Risk The main technologies available to mitigate against the risks associated with “Spyware” within the enterprise environment are discussed below. Mitigation techniques are two-tiered or two-part – at the gateway and at the desktop level. Desktop Protection At the desktop or client there are notably three technologies available......
  • Computer Security: Protecting Your Data Computer Security has become increasingly important as more and more companies rely on software to run their business. This article will provide you information about computer security and how you can use it to protect your data. Whether you’re a business owner, an executive, or an IT manager, the following......
  • Do Businesses Need Antivirus Protection? Antivirus software and services are designed to help keep your computer safe. Businesses, large and small, are at particular risk. Most businesses have some sort of accounting records stored somewhere on their computers. This is typical to help keep track of payments made, payments owed, and to help determine the......
  • Network Auditing Protects Your Business from Cyber Attacks Network Security has become increasingly important as companies both large and small are attacked by cyber criminals.  This article will provide you information about network auditing and how you can use it to protect your business.  Whether you’re a business owner, an executive, or an IT manager, the following information......
Blog Traffic Exchange Related Websites
  • Looking For Opportunities to Work at Home? Looking For Opportunities to Work at Home? By Ryan C Wilson Actually, you could work anywhere you have an internet hookup which adds to the diversity of the lifestyle you could live and it might vary tremendously. This further adds to the tremendous appeal found with looking for a job......
  • lemonadeThe Truth About Lemonade Sipping a perfect portion of lemonade is capable of doing a whole lot more than simply cooling and relaxing you on a warm summer day. The truth is that lemonade may be capable of protecting your lungs against what is a truly serious condition known as adult asthma. People that......
  • Email Archiving for Dummies: e-mail archiving software Email Archiving BasicsEmail archiving is a stand-alone IT application that integrates with an enterprise email server, such a Microsoft Exchange or Lotus Domino. In addition to simply accumulating email messages, these applications index and provide quick, searchable access to archived messages independent of the users of the system using a......
  • Zultys, Lambert of Switzerland Debut Microsoft Dynamics CRM Integration Software connector modules available immediate for all MS-CRM versions including 'Titan' SAINT-PREX/FRIBOURG, Switzerland or SUNNYVALE, California -- Lambert Consulting, a IT company that successfully combines the strength and expertise of its team with the experience acquired in infrastructure management and their knowledge and practices in management or business solutions,......
  • Subscribe with BloglinesMore Phishing Phun: Even Experienced Web Users are Becoming Victims You would think that by now almost every user of the Internet would know not to click on links in emails supposedly from financial institutions -– especially a bank that you have never heard of or have never done any business –- and enter your username or password. But as......
 

Leave a Comment

CommentLuv Enabled

« Top 7 Steps to Remove Spyware from your Computer | Home | HomeAntivirus2009 – Don’t Waste Your Money »