Spreadsheets and Access Databases Enterprise Control, Efficiency and Insight. Find It. Audit. Profit

Spreadsheets and Access Databases –

Enterprise Control, Efficiency and Insight

Find It. Audit. Profit

Users

IT

Exec

Management

Everybody has problems

with spreadsheets

Clients

Brand Protection

Loss of Reputation

Avoiding major losses

Compliance / Audit concerns

Data Integrity

Operational Risk / Losses

Fraud

Sustainable Controls

Reporting Overheads

Business Information

Client Relations

Tactical and Strategic Needs

Accuracy of work / fewer errors

Manually Intensive Analysis

Productivity

Lean IT

Low Support Costs

Prompt,

There are really two distinct groups of problems



‘Bad’ spreadsheets

– This has traditionally been the focus of Eusprig

– Poor logic, poor layout, sensitive content, lack of security

– Where resources permit this is solved through audit, testing,

rewriting etc.

– Good for Day 1 but this does not solve the problem on Day 2, 3....



Good spreadsheets that go ‘bad’ during usage

– This is one of the biggest problems for business

– Could audit and test the spreadsheet after every use but this

would be prohibitively expensive and slow

– Need to automate the process to provide continuous validation

(can be called continuous audit) against a wide range of business

rules

Mindset

For this presentation:



Forget about spreadsheets as ‘models’



Think about them as IT applications:

– used repeatedly (hourly, daily, monthly etc.)

– used by people who didn’t write them and often don’t

have the skills to write/understand them

– don’t say it shouldn’t be a spreadsheet – get real, it is

– primarily data processing, but functionality changes

common (that’s why it is a spreadsheet)

Spreadsheet application usage – common operations

The role of spreadsheets and systems in supporting the

information supply chain.

Operations

Decision Makers

Manual approach

Issues:

• How do you know

what to check?

• How can you possibly

check

thousands/millions of

cells?

• Relies on

diligence/integrity of

individuals = many

wasted hours

Alert

Automated

Operations

Decision Makers

Failed Passed Repair / Approve Internal e.g. Executives External e.g. Clients Validate Productivity

Automated Operations

Issues:

• Validation is more

than just change. It is

activity combined with

context

• Most activity is

business as normal

• Just having an audit

trail is pretty useless

• Can’t drown users in

information. Must work

from exception

reports/alerts

• How do you know you

are tracking ALL of the

right spreadsheets?

Assess Discover Alert Test & Secure Register

Identify

Decision Makers

Failed Passed Internal e.g. Executives External e.g. Clients Validate

Automated

Operations

Expanding control

Issues:

• How do you keep track & document of all this data/operations?

• How do you confirm that required processes are actually occurring?

Repair / Approve

Assess Discover Alert Test & Secure Register

Identify

Operations

Decision Makers

Failed Passed Internal e.g. Executives External e.g. Clients Validate

Knowing what is going on

Productivity

Summary

Reporting

Repair / Approve

Assess Discover Alert Test & Secure Register

Identify

Operations

Decision Makers

Failed Passed Internal e.g. Executives External e.g. Clients Validate Retire

Reaping more benefits

Productivity

Summary

Reporting

Discover

Assess

Register

Id

en

ti

fy

Validate

Alert

Update/Approve

Report

Op

er

ati

o

n

s

Productivity

EUC control stages

Secure

Opportunity

Locate critical EUCs

Understand risk of each EUC

Nominate EUC for management

Apply appropriate security settings

Confirm that EUC continues to meet integrity tests

Notify relevant users of integrity breaks

Repair or approve integrity breaks

Provide enterprise reporting on activity and workflow

Accelerate/eliminate manual processes

Discover

Assess

Register

Id

en

ti

fy

Validate

Alert

Update/Approve

Report

Op

er

ati

o

n

s

Productivity

Secure















































Watched General Super













Opportunity







Example User

Mappings / Roles

ClusterSeven Stack

User Stack

Central Systems Stack

Downstream systems Integrity Managers

ClusterSeven Architecture

Exception reports, alerts

Enterprise Software e.g. BI/CMS

Cluster

Seven

Database

Cluster

Seven

Engine

Examples of validation issues within a spreadsheet

Good activity

Potentially bad activity

Live data feeds (e.g. foreign

exchange values) are updated

Live data feeds fail to update

Protected data and protection

settings are unchanged

Protected data and protection

settings are changed

Formulas remain unchanged

Formulas changed or overwritten

No error cells created

Error cells created

No changes to VBA and VBA objects

Changes to VBA or VBA objects

No changes to links

Changes to links

Cell values stay within business

tolerances

Values move outside business

tolerances

Fraud Validation

+239,058.45

-

250,000.00

One value…two answers

Real Value

Intelligent validation – the key to reducing

Operational Risk

This display shows all apparent

changes

Automated validation shows the only

change that counts

Examples of validation issues beyond the

spreadsheet



Data validation against external system-held parameters



Data reconciliation against parameters held in other

spreadsheets



_{Process validation (e.g. Sign off for critical changes)}



Trend validation across multiple versions of the spreadsheet

Multiple access points for validation within a unified architecture

Central

Database

Excel Ribbon/

Command Bar

Dashboards

Management

Reports

Email

Thank you and Questions

For more information

[email protected]

[email protected]

www.clusterseven.com