Price Waterhouse Coopers: Spreadsheet Control Objectives

Print Version

PwC produced an early list of requirements to demonstrate spreadsheet control to meet the need for compliance with Sarbanes-Oxley legislation. The objectives defined during this intensive period of controls implementation have now become standard elements for later spreadsheet control projects initiated under regimes such as Fed/OCC Model Risk Management Guidance (published by OCC as Bulletin 2011-12 and by the Federal Reserve as FRB. SR 11-7), CCAR (Comprehensive Capital Analysis and Review), DFAST (Dodd Frank Act Stress Testing), PCAOB (Public Company Accounts Oversight Board), 2013 COSO Framework, UK PRA/FCA, BCBS (Basel Committes for Banking Supervision) PERDA/PERDARR (Principles for Effective Risk Data Aggregation and Regulatory Reporting), Solvency II and NAIC model audit rules.

The table below shows how ClusterSeven meets these objectives.

Control ClusterSeven Description

Change Control

All changes are highlighted and may be reported via dashboards, emails or reports. ClusterSeven can distinguish normal user activity (e.g. data sorts) to avoid excessive change reporting

Version Control

Automated version control for all files even when they are updated by folder and name e.g. /Jan/Report31.xls changing to /Feb/Report01.xls

Access Control

Access to the file may be prevented at the file level. ClusterSeven also reports on changes to Access Control Lists

Input Control

All inputs can be monitored against definable tolerance levels. These may be absolute thresholds or relative to previous values.

Security and Integrity of Data

Cells/ ranges/ sheets and files may be protected to restrict access and thereby protect the data and formulas embedded in spreadsheets. ClusterSeven can report specifically on changes to protection settings and protected content.

Documentation

Facilitates the preparation of documentation on the objectives and functions of the spreadsheet and ensures that it is maintained.

Development Lifecycle

The full software development lifecycle is supported.

Back Ups

Spreadsheet back up is automated as part of the Version Control process

Archiving

Files may be archived according to corporate retention policies in a protected segregated location

Logic Inspection

ClusterSeven automates independent logic analysis on bulk inventories or individual files for both cell- and VBA-based content

Segregation of Duties

Procedures such as ownership and multi-level sign-off are supported in ClusterSeven

Overall Analytics

A complete risk assessment may be automatically applied to bulk inventories or individual files to expose poor spreadsheet practices that may lead to error or fraud.

Print Version

Original PwC White Paper

The Benefits of EUC Management?

“Post transformation, we discussed with the FSA [the UK regulator] the benefits of ClusterSeven spreadsheet management in the area of product control. Their reaction was extremely positive. They’re very receptive to the steps that we’ve taken.”

Don Simpson, MD of Operations and Technology, MUSI

“Many compliance products claim to deliver permanent business efficiencies but come up short in the areas of governance and risk management. ClusterSeven thoroughly meets these demands while enabling financial institutions to cut costs and make the most of the systems they have, placing it in a unique position within the world of spreadsheet management.”

Neil Rowatt, founding partner of silverminute