Enhancing operational flexibility with spreadsheet risk management
Excel spreadsheets remain a popular ‘go-to’ tool for supporting a whole range of business processes. Their power, flexibility, and widespread availability mean that users often address pressing business problems, even while the corporate applications that will take their place are being developed, tested, and approved.
Once deployed, these spreadsheets can become part of business-as-usual, forming key, but uncontrolled, parts of vital processes. Errors in spreadsheets, unplanned changes, and broken data links can expose a business to multiple operational, commercial, legal, reputational, or regulatory risks.
Effective spreadsheet risk management allows organizations to make use of their users’ favorite application, while still having the same control, transparency, and auditability found in their corporate IT systems.
Using automation to enhance spreadsheet risk management
Business flexibility – the ability to respond swiftly to both opportunities and threats – is valued by all organizations. Spreadsheets are typically used for flexible short-term fixes, but often remain in use for far longer than originally envisaged. Eventually, they can become integral to key business processes, covering shareholder reporting, supply chain management, risk management, financial management, asset management, and more.
While spreadsheets are excellent for consolidating and manipulating data, calculating results and exporting them smoothly, the lack of controls creates a challenge to standards of transparency, suitability, and governance that managers, stakeholders, and regulators now expect.
The lack of clear ownership of files, the absence of any change control and approval processes, the inability to identify missing data, broken links to other applications, and other issues? These problems can go undetected, and swiftly impact the business. Even if issues don’t develop, the use of unmonitored spreadsheets is sure to be scrutinized by internal and external auditors and by regulators where necessary.
Automating their management provides an effective way of improving governance to the same level as corporate IT applications. This empowers a framework for fully supporting these applications, while also helping eventually migrate their functionality into fully controlled corporate IT applications.
Three steps to managing spreadsheet risk
While spreadsheets are hugely valuable, mitigating their risks is key, and involves three steps:
1 • Find the spreadsheets
Scan the entire enterprise, or a subset of systems, to identify spreadsheets that are part of core business processes.
Deep scan capabilities allow you to identify specific terms that form part of these processes. This allows you to sift a small number of spreadsheets from the thousands of others that are not directly relevant to core business applications.
2 • Create an inventory of critical spreadsheets
Once key spreadsheets, have been identified, they can be given a place in a centralized inventory that provides transparency into files that are key to the core processes, flagging their owner, their location in the business, and their significance. This allows people to make normal use of their spreadsheets without disruption, while still providing full visibility for management.
3 • Proactively monitor and review your critical business spreadsheets
With the core critical spreadsheet estate established and managed, monitor them for changes as they’re used or updated. These may include adding additional cells, adding new worksheets, integrating additional data sources or links, or creating new calculations. Errors can also be quickly identified, and the history of any changes is visible for full review and auditability.
These steps bring the same level of control found in enterprise systems. While continuing to allow users to use their favorite, most flexible desktop application.
Mitratech offers a range of powerful, proven, flexible solutions for spreadsheet risk management and other compliance demands, enabling comprehensive and cost-effective oversight and control. Here’s what they deliver:
A policy management solution like Mitratech’s PolicyHub saves time and improves efficiency, and help delivers effective Volcker Rule policy management by improving operational efficiency and removing the complexities of policy & procedure management, so you can build an ethical and defensible compliance program.
Compliance & Obligations Management
A compliance and obligations management solution, like Mitratech’s CMO offering, uses a simple, intuitive interface to let employees and auditors be proactive in incident and audit management, including Volcker Rule obligations, controls, investigations, and non-conformance reporting. Easily report incidents, understand your obligations, and continuously improve your compliance performance.
EUC/Shadow IT Management
An automated tool like ClusterSeven lets you proactively discover, monitor, review, and audit changes made to End User Application spreadsheets and other “Shadow IT” data assets hidden across your enterprise. Gain a centralized view of enterprise-wide critical spreadsheet use, assess and prioritize critical spreadsheets, and provide transparency for management and auditors about your most important files.