Authors
Miguel Ferreira & Joost Visser
Abstract
We present a pragmatic method for management of risks that arise due to spreadsheet use in large organizations.
We combine peer-review, tool-assisted evaluation and other pre-existing approaches into a single organization-wide approach that reduces spreadsheet risk without overly restricting spreadsheet use. The method was developed in the course of several spreadsheet evaluation assignments for a corporate customer.
Our method addresses a number of issues pertinent to spreadsheet risks that were raised by the Sarbanes-Oxley act.
Sample
The core of this approach is a lightweight auditing process for spreadsheet changes. The user asks a colleague to conduct a review and makes a formal statement.
If the reviewer finds the change to be correct and to not introduce additional risks, then he formally states that, and the user proceeds with use of the spreadsheet.
If the reviewer does not feel confident about the correctness of the change or the impact it might have, then he will decline to share the responsibility for it. The user may then ask for a tool-assisted evaluation of the spreadsheet.
Publication
2012, EuSpRIG, July
Full article
Governance of spreadsheets through spreadsheet change reviews
