End User Computing (EUC) or end User Developed Application (UDA) systems like spreadsheets used to be ideal ad-hoc solutions for data processing and financial reporting. But those days are long gone.
Today, due to regulations like the:
- Sarbanes-Oxley (SOX) Act,
- Dodd-Frank Act,
- IFRS (International Financial Reporting Standards),
- E.U. Data Protection Directive,
- Basel II,
- NAIC Model Audit Rules,
- FAS 157,
- yes, there’s more … and counting
a company can be bogged down when it tries to comply with such regulations while maintaining spreadsheet-reliant financial and information systems.
In an age where regulatory compliance have become part of the norm, companies need to enforce more stringent control measures like version control, access control, testing, reconciliation, and many others, in order to pass audits and to ensure that their spreadsheets are giving them only accurate and reliable information.
Now, the problem is, these control measures aren’t exactly tailor-made for a spreadsheet environment. While yes, it is possible to set up a spreadsheet and EUC control environment that utilises best practices, this is a potentially expensive, laborious, and time-consuming exercise, and even then, the system will still not be as foolproof or efficient as the regulations call for.
Testing and reconciliation alone can cost a significant amount of time and money to be effective:
- It requires multiple testers who need to test spreadsheets down to the cell level.
- Testers will have to deal with terribly disorganized and complicated spreadsheet systems that typically involve single cells being fed information by other cells in other sheets, which in turn may be found in other workbooks, or in another folder.
- Each month, an organisation may have new spreadsheets with new links, new macros, new formulas, new locations, and hence new objects to test.
- Spreadsheets rarely come with any kind of supporting documentation and version control, further hampering the verification process.
- Because Windows won’t allow you to open two Excel files with the same name simultaneously and because a succession of monthly-revised spreadsheets separated by mere folders but still bearing the same name is common in spreadsheet systems, it would be difficult to compare one spreadsheet with any of its older versions.
But testing and reconciliation are just two of the many activities that make regulatory compliance terribly tedious for a spreadsheet-reliant organisation. Therefore, the sheer intricacy of spreadsheet systems make examining and maintaining them next to impossible.
On the other hand, you can’t afford not to take these regulations seriously. Non-compliance with regulatory mandates can have dire consequences, not the least of which is the loss of investor confidence. And when investors start to doubt the management’s capability, customers will start to walk away too. Now that is a loss your competitors will only be too happy to gain.
Learn more about our server application solutions and discover a better way to comply with regulations.
More Spreadsheet Blogs
amazon.co.uk
amazon.com
CONTACT US
- We seek to understand your technology and business challenges
- We tailor a demonstration of our platform and solutions to align to your specific needs
- We answer any questions and make recommendations based on your feedback for "how to walk before you run"
- (+353)(0)1-443-3807 - IRL
- (+44)(0)20-7193-9751 - UK
- How SOA can help Transformation - 17th October 2016
- The Connection between Big Data and MDM - 9th June 2016
- Technology and process improvement - 7th June 2016
[…] Contact ← Business Continuity Planning Spreadsheet Woes – Burden in SOX Compliance and Other Regulations → […]
[…] SOX Compliance […]
[…] to old month-end practices while striving to achieve regulation compliance can either cost a company more (if they add manpower) or simply bog it down (if they don’t). […]
[…] regulations like the Sarbanes-Oxley Act, Dodd-Frank Act, and Solvency II can only be effective if end users are able to carry out the […]
[…] impacting regulatory compliance. And we’re not only talking about one or two regulations. Serbanes-Oxley (SOX), Dodd-Frank, Basel II, Solvency II, EU Data Protection Directive, and FAS 157 are just some of the […]
[…] can be a big problem. Two of your main SOX compliance obligations as a CEO or CIO is to assume responsibility in establishing internal controls over […]
[…] Read why spreadsheets post a burden when complying with SOX and other regulations. […]
[…] Comply with regulations – Regulations like SOX require you to establish adequate internal controls to achieve compliance. Other regulations call […]
[…] SOX Compliance […]
[…] SOX Compliance […]
[…] whitepaper by Raymond Panko entitled “Spreadsheets and Sarbanes-Oxley: Regulations, Risks, and Control Frameworks” mentioned that 94% of audited real world operational […]