Spreadsheet Governance in 7 Simple Steps
As well as spreadsheet comparisons, Auditors Assistant is the best tool available to run a simple, solid spreadsheet governance environment in your company. This short guide explains how to quickly and easily set up and run an enterprise level spreadsheet governance and compliance system.
Why Auditors Assistant?
Auditors Assistant is the ultimate light-touch spreadsheet governance system. Rather than relying on rigid, oppressive spreadsheet control or monitoring, Auditors Assistant relies on self-regulation, backed up with appropriate management control & approval. Spreadsheet owners may still adapt their files to meet new market conditions, but the risk of material error associated with each change is monitored, and should this exceed a pre-determined limit, a defined series of documentation, tests or approvals are required.
Important: Please read this first.
This guide and instructions are by necessity, generic and simplified. Potential clients are strongly advised to undertake a full cost & risk analysis before undertaking a spreadsheet governance implementation. SharePoint users please contact us for details of our fully automated Excel governance system. We offer a fully project managed consultancy service to assist in any or all aspects of preparation, implementation and running of spreadsheet governance.
1. Establishing scope
There are often hundreds or even thousands of spreadsheets in a typical organization. Whilst Auditors Assistant enables simple and comprehensive monitoring of large numbers of files, it is pragmatic to limit spreadsheet governance to the most important files. The definition of a key spreadsheet will vary according to individual circumstances, however a good starting point are a) those spreadsheets that have the ability to directly affect a substantial profit or loss making decision, or b) have a direct influence on a key financial or regulatory report or c) A direct source or link to one of the above. Define your required scope in terms of a definition, and not as a list of spreadsheets.
2. Creating an inventory of key spreadsheets
Once the spreadsheet definition has been specified, it should be communicated to the appropriate managers with the request to list the names and locations of all spreadsheets that meet the definition. The resultant list will form the basis of the spreadsheet inventory, which (in non-SharePoint implementations) will be the key source of information and governance control.
3. Assigning Responsibilities
Every workbook should be allocated a single named owner who is ultimately responsible for its results. Each workbook or set of workbooks should also be allocated one or more approvers, who will be responsible for signing off any significant changes or test results.
4. Setting a start point
In a perfect implementation, every spreadsheet would be fully audited and its results approved immediately prior to installation. The reality is that most or all the spreadsheets in scope will have never been fully audited, or will have changed since last approved. Given that a full audit of a single spreadsheet can take anything up to 10 days or more, the pragmatic reality is to use the latest available file as the base starting point for any spreadsheet that has not been audit approved in the previous 12 months. As governance continues, there should be a stated aim to fully audit all spreadsheets on the inventory within a given time period.
5. Establishing a governance routine
Discuss with the owners a suitable schedule for testing the workbooks and the name(s) of the people responsible for undertaking the tests. The testers can be users, administrator or the owners themselves. The schedule should reflect the importance of the spreadsheet, the likelihood of unexpected change, and the consequences of a spreadsheet error. The schedule should also dictate at what point the change ‘risk’ designated by the DiffXL Risk Report should trigger deeper investigation such as a cell level report, re-testing and/or re-approval of the workbook. The users should be comfortable with the process of running the reports, recording results, invoking any approval requests and any additional process requirements for your specific spreadsheet audit purposes.
6. Following up high risk changes (Non-SharePoint implementations)
One individual should be responsible for the spreadsheet inventory. On a regular basis the inventory should be checked for completeness of testing, and to ensure that any required testing / re-approval has taken place. If required, an inventory template, including automated Excel compliance reports & management charts is available form us on request.
7. Keeping control
Spreadsheets are dynamic entities. At regular intervals, the inventory should be checked for completeness and accuracy. New workbooks may need to be included and/or some workbooks may no longer be considered of significant importance to be in the inventory. At least once a year it is advised that the content of the inventory be reviewed, and that a VBA / Hidden difference checks be performed on all workbooks.