Identity Theft is the fastest growing crime in the US according to the FBI
 

Top 10 Compliance Spreadsheet Risks and How to Avoid Them – PART 2

Written by OSAblog on Thursday, June 11th, 2009

6: Evaluate Granular Controls

According to Forrester however, such content management approaches are giving way to more granular controls which audit spreadsheets at the cell level, can lock the underlying logic, and even roll back specific cell changes. “Many vendors are starting to move toward a fine-grained control approach, where everything that is done in a spreadsheet—data, formulas, and macros—at the cell level can be managed by centralized policies,” he says. With the new approach, “the focus is on adhering to policies rather than relying on repository management and library services to limit access, track versions, and provide check-in/checkout.” Such approaches can help transform spreadsheets into more full-featured and compliance-friendly enterprise applications.

 

 

7: Enforce Policies and Procedures

Any spreadsheet management product will require companies to specify policies and procedures for appropriate spreadsheet use. When determining what’s appropriate, again study critical business processes, and consider prohibiting spreadsheets from managing any complex or critical financial calculations. For example, using spreadsheets to test monthly cash flow projections could be acceptable, while calculating your company’s daily foreign exchange exposure might be prohibited, to avoid running afoul of Basel II or Financial Accounting Standard rules.

8: Automate Critical Business Processes

Evaluate the effectiveness of current spreadsheets. In particular, for any spreadsheet handling a critical business process, beyond assessing change management or auditing controls make sure there’s proper segmentation of data, logic, and presentation—otherwise automate and institutionalize it.

In general, using enterprise applications or add-on controls to automate financial business processes will lead to more cost-efficient and effective compliance. At the end of the day, from governance, risk, and compliance standpoint, statistics will show that the more you automate the more reliability you’ll have from the data.

9: Monitor Centralized Application Adoption

The presence of centralized ERP or budgeting software which can track and audit corporate financials, however, is no guarantee that spreadsheets aren’t still being inappropriately used to underpin critical decisions.

For example, one SOX auditor relays a story about a company that installed Applix TM1—server-based budgeting software—to automatically collate and formulate budget figures across the organization. Despite having a centralized tool to handle budget calculations, however, accountants in each business division still used Excel spreadsheets to perform their calculations, and then copied the information into TM1. Yet these spreadsheets offered no audit trail, accountability, or rationale for budget assumptions. Furthermore, accountants often manually reconciled multiple spreadsheets to create final budget figures, increasing the likelihood of errors.

Hence, simply building centralized tools for ensuring the accuracy of financial information isn’t enough. Companies must also ensure such tools are easy enough to use and full-featured enough that users will willingly give up their spreadsheets.

10: Balance Enterprise Applications and Spreadsheets

In many organizations, however, users simply aren’t going to surrender their spreadsheets. “One major reason why users are unwilling to eliminate spreadsheets and embed calculations into enterprise applications is that business methodologies—such as pricing, cost allocations, hierarchies, and others—change much too quickly for IT to respond with updates,” says Forrester’s Evelson.

As a result, in many companies, the answer to the spreadsheet problem is simply better command and control: set spreadsheet polices and procedures, and then enforce them, by carefully managing —perhaps down to the column level—any spreadsheets entwined with critical business applications. In other words, a little oversight and tough love can help companies enforce the authenticity and reliability of their regulated financial information, while providing users with the spreadsheets they rely on to get their jobs done.

James Tanner is an analyst at Orthus limited (http://www.orthus.com). Orthus is a leading provider of information risk professional services, helping orgnisations globally to measure, minimise and manage the information risks they face. Orthus provide end to end services for clients to comprehensivly address risk in their environments including Insider Threats (http://www.orthus.com/itm_overview.htm) addressing issues including data leakage, sabotage and fraud; External Threats including penetration testing, virtualisation security, vulnerability management and Secure Software Development Life-Cycle; Supply Chain Threats including securing cloud services and data processed by third parties; and Legal and Regulatory challenges including Payment Card Industry (PCI) Data Security Standard (DSS).

Article Source:http://www.articlesbase.com/security-articles/top-10-compliance-spreadsheet-risks-and-how-to-avoid-them-part-2-961094.html

Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • NewsVine
  • Reddit
  • StumbleUpon
  • Google Bookmarks
  • Yahoo! Buzz
  • Twitter
  • Technorati
  • Live
  • LinkedIn
  • MySpace
  • E-mail this story to a friend!
  • RSS
  • Turn this article into a PDF!

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

  • Share/Bookmark

If you enjoyed this post, make sure you subscribe to my RSS feed!

Blog Traffic Exchange Related Posts
  • Security in E-Business Security in E-Business: An Introduction           A central issue in the commercial use of the Internet is security. Surveys state that the economic success of electronic business applications is inhibited because the Internet lacks appropriate security measures. One way to increase the trust of consumers in electronic business applications is......
  • Seeking Out The Right Niche Is Significant In Internet Trading A niche is a different way of naming the form of business. To make your niche in the cyberspace-trading field, you need to emphasize on the wants of the clients and what they desire or feel they want. Do not just reckon about generating income on the internet because that's......
  • Discovering Dangerous Business Application Vulnerabilities Enterprise security consultants may spend their days at mid-size or large organizations; they may perform their assignments from anywhere in the world. Nevertheless, they possess a common assignment: to better manage the risks related to their organizational infrastructure. More and more, corporate Web application security plays a significant role to......
  • Importance of IT Support Services for Large Business Since the IT networks have grown to be more business focused, reducing and minimizing the network downtime has become exceptionally important for large businesses in order to stay productive. When we talk about large business, we also talk about large number of employees, large client list, and large flow of......
  • Access Control: Who Has Access To Registrant Data? As a busy event planner – in seemingly endless contact with venues, catering companies, and the oh-so-demanding event sponsor – can you afford to spend time developing registration spreadsheets, keeping track of each registrant’s information, recording travel and hotel details, and taking and processing credit card info? For most event......
Blog Traffic Exchange Related Websites
  • Voice Over IP - Communicate Effectively The expensive telephony services of yesteryears have given way to cheap long distance calls that are routed over the Internet. Also known as Voice over IP, or IP telephony, this intelligent way of communicating is making a lot of sense to a wide cross-section of people from across the......
  • Don't Get Your MBA Online There are a very great many people who would like to be successful in the business world. Some of them will just look upon success from a distance envying it and never being able to achieve it. Others will look for a shortcut to get there without doing the hard......
  • Journal du Directeura portfolio for managing your financial life online Today's post is from financial expert and Credit Karma CEO Ken Lin. Prior to Credit Karma, Ken built predictive targeting models based on credit data and profitability metrics for Partners First. At the time, Partners First was a top 25 Credit Issuer. 5 favorites – A Web portfolio for......
  • 8 Strategies For Improving Corporate Cell Phone Security Today's corporate cell phone users are accustomed to an enormous amount of functionality from their hand held wireless devices. A wide variety of features, coupled with broadband connectivity, allows for quick and easy access to email, file transfers, internet browsing, etc. - from almost any location.As the functionality of......
  • stockManaging Stocks in an Economic Crisis 2008 is showing all of the hallmarks of being a difficult year financially, and for this reason, having control over your cash flow is absolutely vital. Managing stocks in an economic crisis is one of the best possible defenses that you can take during the credit crunch. By monitoring the......
 

Leave a Comment

CommentLuv Enabled

« Do You Have Spyware on Your Computer? | Home | Top 7 Steps to Remove Spyware from your Computer »