Easy Maintenance of a Spreadsheet Inventory for Risk and CompliancePrint Version
GRC (Governance Risk and Compliance) policies commonly require that departments maintain an inventory of their important spreadsheets and other user developed applications (UDAs). These inventories are usually stored centrally in a controls management environment such as the Protiviti GRC Portal, SAP GRC, IBM Open Pages, MetricStream, Thomson Reuters (Paisley), Bwise, EMC RSA, Software AG or an internal solution using MS SharePoint or similar.
These inventories are usually prepared manually. This creates a number of challenges since manual inventories are:
- Expensive, infrequent, arduous and error-prone.
- Incomplete because they are limited by the knowledge/contacts of those to whom the duty is assigned.
- Inconsistent with different types of information held in multiple formats and locations
- Difficult to validate
And even if these challenges can be solved, reality shows that these lists:
- Do not include ‘hidden’ dependencies such as linked files
- Are rapidly out of date due to business changes.
ClusterSeven inventory management solves all these problems. Users simply register their spreadsheets via a simple Excel menu. Cumbersome manual tasks are immediately replaced with automated processes including the:
- Collection of, and changes to key file metadata (e.g. owner, location, risk)
- Exposure of ‘hidden’ file dependencies
- Scheduled reporting to each department on their inventory
- Enterprise reporting to support regulatory and audit filings e.g. number of files within the scope of the Sarbanes-Oxley (SOX) Act.
With additional benefits available including:
- Automated storage of new file versions
- Automated confirmation that file updates are occurring in accordance with business expectations (e.g. a daily P&L file)
- Scheduled risk checks
- Integrated reporting to over-arching GRC systems
And from here it is easy to increase the level of business insight and control by tracking the key data trends and structural changes within the spreadsheet.
- For more information on the benefits of GRC integration Cllck here
“Once in-scope spreadsheets have been identified, they should be documented in an inventory.”Improving Spreadsheet Audits in Six Steps, Deloitte
“The ﬁrst step is to inventory all spreadsheets within the organization that are used to support signiﬁcant ﬁnancial processes.”The Use of Spreadsheets: Considerations for Section 4040 of the Sarbanes Oxley Act PWC
“Create an inventory of all spreadsheets involved in the financial reporting process.”Spreadsheet Risk Management FAQs, Protiviti
“Manual inventory processes can be extremely time intensive, taking up to two or three months to complete in some cases. During that time additional UDAs will have been added and deleted making the effort even more challenging.”GTAG - Considerations in Performing User Developed Application Audits, IIA