Identity Theft is the fastest growing crime in the US according to the FBI
 

Top 10 Compliance Spreadsheet Risks and How to Avoid Them – PART 2

Written by OSAblog on Thursday, June 11th, 2009

6: Evaluate Granular Controls

According to Forrester however, such content management approaches are giving way to more granular controls which audit spreadsheets at the cell level, can lock the underlying logic, and even roll back specific cell changes. “Many vendors are starting to move toward a fine-grained control approach, where everything that is done in a spreadsheet—data, formulas, and macros—at the cell level can be managed by centralized policies,” he says. With the new approach, “the focus is on adhering to policies rather than relying on repository management and library services to limit access, track versions, and provide check-in/checkout.” Such approaches can help transform spreadsheets into more full-featured and compliance-friendly enterprise applications.

 

 

7: Enforce Policies and Procedures

Any spreadsheet management product will require companies to specify policies and procedures for appropriate spreadsheet use. When determining what’s appropriate, again study critical business processes, and consider prohibiting spreadsheets from managing any complex or critical financial calculations. For example, using spreadsheets to test monthly cash flow projections could be acceptable, while calculating your company’s daily foreign exchange exposure might be prohibited, to avoid running afoul of Basel II or Financial Accounting Standard rules.

8: Automate Critical Business Processes

Evaluate the effectiveness of current spreadsheets. In particular, for any spreadsheet handling a critical business process, beyond assessing change management or auditing controls make sure there’s proper segmentation of data, logic, and presentation—otherwise automate and institutionalize it.

In general, using enterprise applications or add-on controls to automate financial business processes will lead to more cost-efficient and effective compliance. At the end of the day, from governance, risk, and compliance standpoint, statistics will show that the more you automate the more reliability you’ll have from the data.

9: Monitor Centralized Application Adoption

The presence of centralized ERP or budgeting software which can track and audit corporate financials, however, is no guarantee that spreadsheets aren’t still being inappropriately used to underpin critical decisions.

For example, one SOX auditor relays a story about a company that installed Applix TM1—server-based budgeting software—to automatically collate and formulate budget figures across the organization. Despite having a centralized tool to handle budget calculations, however, accountants in each business division still used Excel spreadsheets to perform their calculations, and then copied the information into TM1. Yet these spreadsheets offered no audit trail, accountability, or rationale for budget assumptions. Furthermore, accountants often manually reconciled multiple spreadsheets to create final budget figures, increasing the likelihood of errors.

Hence, simply building centralized tools for ensuring the accuracy of financial information isn’t enough. Companies must also ensure such tools are easy enough to use and full-featured enough that users will willingly give up their spreadsheets.

10: Balance Enterprise Applications and Spreadsheets

In many organizations, however, users simply aren’t going to surrender their spreadsheets. “One major reason why users are unwilling to eliminate spreadsheets and embed calculations into enterprise applications is that business methodologies—such as pricing, cost allocations, hierarchies, and others—change much too quickly for IT to respond with updates,” says Forrester’s Evelson.

As a result, in many companies, the answer to the spreadsheet problem is simply better command and control: set spreadsheet polices and procedures, and then enforce them, by carefully managing —perhaps down to the column level—any spreadsheets entwined with critical business applications. In other words, a little oversight and tough love can help companies enforce the authenticity and reliability of their regulated financial information, while providing users with the spreadsheets they rely on to get their jobs done.

James Tanner is an analyst at Orthus limited (http://www.orthus.com). Orthus is a leading provider of information risk professional services, helping orgnisations globally to measure, minimise and manage the information risks they face. Orthus provide end to end services for clients to comprehensivly address risk in their environments including Insider Threats (http://www.orthus.com/itm_overview.htm) addressing issues including data leakage, sabotage and fraud; External Threats including penetration testing, virtualisation security, vulnerability management and Secure Software Development Life-Cycle; Supply Chain Threats including securing cloud services and data processed by third parties; and Legal and Regulatory challenges including Payment Card Industry (PCI) Data Security Standard (DSS).

Article Source:http://www.articlesbase.com/security-articles/top-10-compliance-spreadsheet-risks-and-how-to-avoid-them-part-2-961094.html

Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • NewsVine
  • Reddit
  • StumbleUpon
  • Google Bookmarks
  • Yahoo! Buzz
  • Twitter
  • Technorati
  • Live
  • LinkedIn
  • MySpace
  • E-mail this story to a friend!
  • RSS
  • Turn this article into a PDF!

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

  • Share/Bookmark

If you enjoyed this post, make sure you subscribe to my RSS feed!

Blog Traffic Exchange Related Posts
  • Information Security Guidelines Information Security Policy Guidelines in your organization By Ki Grinsing In 1858, a telegram of 98 words from Queen Victoria to President James Buchanan of the United States opened a new era in global communication. The queen's message of congratulation took 16½ hours to transmit through the new transatlantic telegraph......
  • Information Security and Business Management: The History and Reality of Misconceptions, recommend, new approach Daniil M. Utin, MS, Mikhail A. Utin, Ph.D. Information Security and Business Management: The History and Reality of Misconceptions Preamble. We published an article in Information Security Journal: A Global Perspective, 17:1 – 6, 2008 “General Misconceptions about Information security Lead to Insecure World” [1]. We would like to return......
  • Security in E-Business Security in E-Business: An Introduction           A central issue in the commercial use of the Internet is security. Surveys state that the economic success of electronic business applications is inhibited because the Internet lacks appropriate security measures. One way to increase the trust of consumers in electronic business applications is......
  • Data Security In Todays Computing In today's computing world, data safety and security became a major concern for companies, both large and small. We at connected-computers.com have recognized this problem many years ago and major steps were taken to address this issue please visit Computer repairs nyc. Data safety: all companies produce large amount of......
  • Importance of IT Support Services for Large Business Since the IT networks have grown to be more business focused, reducing and minimizing the network downtime has become exceptionally important for large businesses in order to stay productive. When we talk about large business, we also talk about large number of employees, large client list, and large flow of......
Blog Traffic Exchange Related Websites
  • Telephone Systems UK Telecommunication Buoys up the BusinessesIn today's click 'n' flick era, telecommunication acts as a vital communication conduit for all businesses, whether big or small. Advancements in technology for an evolving business climate necessitate effective telecommunication resources for optimal communications. Swift and seamless communication is the key to success, and......
  • Facing the Information Security Hole in 2009 Facing the Information Security Hole in 2009: The unacknowledged threat to our homeland and financial security Every few days there is yet another breach of information security. And each breach seems to be The Biggest Ever, until the next one is announced. It is now widely acknowledged by security......
  • What Does an Automotive Service Manager Do? The automotive service manager is the person that is responsible for the supervision of the service department for an auto dealer. They act as go-between for the customer, mechanic, and an auto dealer. The major part of their duties includes customer satisfaction and customer relations. They are ultimately the......
  • VOIP Network Coverage of the VOIP Companies One of the legitimate concerns of the existing and intending subscribers of VOIP phone services is - would there be enough network coverage to justify the switching over to VOIP system as the phone communication is through Internet.It is a fact that VOIP phone system is a sophisticated alternative......
  • Myths About Semantic Technology, Part II - The Business Myths Loraine Lawson asked: By now, you've no doubt heard about the promising implications of the semantic Web and semantic technology. But, until recently, much of what was written about semantics described it as a near artificial intelligence, with huge implications for the Web, but precious little to add to business IT.......
 

Leave a Comment

CommentLuv Enabled

« Do You Have Spyware on Your Computer? | Home | Top 7 Steps to Remove Spyware from your Computer »