Identity Theft is the fastest growing crime in the US according to the FBI
 

Top 10 Compliance Spreadsheet Risks and How to Avoid Them – PART 2

Written by OSAblog on Thursday, June 11th, 2009

6: Evaluate Granular Controls

According to Forrester however, such content management approaches are giving way to more granular controls which audit spreadsheets at the cell level, can lock the underlying logic, and even roll back specific cell changes. “Many vendors are starting to move toward a fine-grained control approach, where everything that is done in a spreadsheet—data, formulas, and macros—at the cell level can be managed by centralized policies,” he says. With the new approach, “the focus is on adhering to policies rather than relying on repository management and library services to limit access, track versions, and provide check-in/checkout.” Such approaches can help transform spreadsheets into more full-featured and compliance-friendly enterprise applications.

 

 

7: Enforce Policies and Procedures

Any spreadsheet management product will require companies to specify policies and procedures for appropriate spreadsheet use. When determining what’s appropriate, again study critical business processes, and consider prohibiting spreadsheets from managing any complex or critical financial calculations. For example, using spreadsheets to test monthly cash flow projections could be acceptable, while calculating your company’s daily foreign exchange exposure might be prohibited, to avoid running afoul of Basel II or Financial Accounting Standard rules.

8: Automate Critical Business Processes

Evaluate the effectiveness of current spreadsheets. In particular, for any spreadsheet handling a critical business process, beyond assessing change management or auditing controls make sure there’s proper segmentation of data, logic, and presentation—otherwise automate and institutionalize it.

In general, using enterprise applications or add-on controls to automate financial business processes will lead to more cost-efficient and effective compliance. At the end of the day, from governance, risk, and compliance standpoint, statistics will show that the more you automate the more reliability you’ll have from the data.

9: Monitor Centralized Application Adoption

The presence of centralized ERP or budgeting software which can track and audit corporate financials, however, is no guarantee that spreadsheets aren’t still being inappropriately used to underpin critical decisions.

For example, one SOX auditor relays a story about a company that installed Applix TM1—server-based budgeting software—to automatically collate and formulate budget figures across the organization. Despite having a centralized tool to handle budget calculations, however, accountants in each business division still used Excel spreadsheets to perform their calculations, and then copied the information into TM1. Yet these spreadsheets offered no audit trail, accountability, or rationale for budget assumptions. Furthermore, accountants often manually reconciled multiple spreadsheets to create final budget figures, increasing the likelihood of errors.

Hence, simply building centralized tools for ensuring the accuracy of financial information isn’t enough. Companies must also ensure such tools are easy enough to use and full-featured enough that users will willingly give up their spreadsheets.

10: Balance Enterprise Applications and Spreadsheets

In many organizations, however, users simply aren’t going to surrender their spreadsheets. “One major reason why users are unwilling to eliminate spreadsheets and embed calculations into enterprise applications is that business methodologies—such as pricing, cost allocations, hierarchies, and others—change much too quickly for IT to respond with updates,” says Forrester’s Evelson.

As a result, in many companies, the answer to the spreadsheet problem is simply better command and control: set spreadsheet polices and procedures, and then enforce them, by carefully managing —perhaps down to the column level—any spreadsheets entwined with critical business applications. In other words, a little oversight and tough love can help companies enforce the authenticity and reliability of their regulated financial information, while providing users with the spreadsheets they rely on to get their jobs done.

James Tanner is an analyst at Orthus limited (http://www.orthus.com). Orthus is a leading provider of information risk professional services, helping orgnisations globally to measure, minimise and manage the information risks they face. Orthus provide end to end services for clients to comprehensivly address risk in their environments including Insider Threats (http://www.orthus.com/itm_overview.htm) addressing issues including data leakage, sabotage and fraud; External Threats including penetration testing, virtualisation security, vulnerability management and Secure Software Development Life-Cycle; Supply Chain Threats including securing cloud services and data processed by third parties; and Legal and Regulatory challenges including Payment Card Industry (PCI) Data Security Standard (DSS).

Article Source:http://www.articlesbase.com/security-articles/top-10-compliance-spreadsheet-risks-and-how-to-avoid-them-part-2-961094.html

Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • NewsVine
  • Reddit
  • StumbleUpon
  • Google Bookmarks
  • Yahoo! Buzz
  • Twitter
  • Technorati
  • Live
  • LinkedIn
  • MySpace
  • E-mail this story to a friend!
  • RSS
  • Turn this article into a PDF!

Welcome back! You may want to subscribe to my RSS feed. Thanks for visiting!

  • Share/Bookmark

If you enjoyed this post, make sure you subscribe to my RSS feed!

Blog Traffic Exchange Related Posts
  • 5 Ways to Protect Your Business from Network Vulnerabilities Network vulnerabilities, intrusions and downtime can seriously threaten the livelihood of a business, costing thousands (if not millions) of dollars in revenue and productivity. The more you know your network, the easier it is to guarantee uptime and optimal performance. Here are 5 Ways to Protect Your Business from Network......
  • Seeking Out The Right Niche Is Significant In Internet Trading A niche is a different way of naming the form of business. To make your niche in the cyberspace-trading field, you need to emphasize on the wants of the clients and what they desire or feel they want. Do not just reckon about generating income on the internet because that's......
  • Data security solutions 'Take an information-centric view of security' On one side digitization of information is providing quicker access and easy sharing using the information technology (IT) platform, while on the other side, it further demands great control and management of information.   Today, the rising incidents of unauthorized information access, data thefts......
  • Access Control: Who Has Access To Registrant Data? As a busy event planner – in seemingly endless contact with venues, catering companies, and the oh-so-demanding event sponsor – can you afford to spend time developing registration spreadsheets, keeping track of each registrant’s information, recording travel and hotel details, and taking and processing credit card info? For most event......
  • Computer Security Computer security means a security which is used in computer and network. When some unauthorized person works on our computer than computer security is used in detecting that person and preventing that person from using it. In order to be safe as we use computer in day today life computer......
Blog Traffic Exchange Related Websites
  • 7 Signs Of An Entrepreneur Do you have the right personality type to successfully run your own business? It takes an entrepreneurial fire in your belly to start a business and make it succeed. Not everyone has it. How do you know if you have what it takes to start a business? There's really no......
  • timesMoney Management During Tough Financial Times Personal money management can absolutely be a challenge, especially when you are tight on cash. Payday never seems to come in time, and your pockets probably feel empty long before the bills have all being paid up. Here are some basic but essential tips for money management that can help......
  • Get Every One Of Your Google Ads For Free For A Change Ads on Google facilitate businesses of all sizes to faucet into the Google advertising network with Adwords. This advertising service is the below-girding of Google and a significant supply of their income. By catering to the wants of corporations of each size and budget, they have targeted an extremely adwords.......
  • WordPress Fans:Your Data Base Plugins Overworked, UnderPaid and usually Overlooked, Sounds familiar? That is your WordPress Data Base! According to Wiki: "Databases consist of software-based "containers" that are structured to collect and store information so users can retrieve, add, update or remove such information in an automatic fashion. Database programs are designed for users so......
  • TomTom GO 740 LiveGPS Review: TomTom GO 740 Live [/caption] The good: The TomTom GO 740 Live is the manufacturer's first connected-GPS device, offering up-to-the-minute traffic data, weather forecasts, fuel prices, and Local Search powered by Google. Map Share and IQ Routes technologies allow map data to be updated more frequently. Bluetooth hands-free calling and voice command help the......
 

Leave a Comment

CommentLuv Enabled

« Do You Have Spyware on Your Computer? | Home | Top 7 Steps to Remove Spyware from your Computer »