Your SlideShare is downloading. ×
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply



Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Spreadsheet Compliance 101 What you need to know Date Garth Landers Director of Compliance Solutions
  • 2. About Mobius  Technological innovation since 1981  Market leadership in software for managing high- volume repositories of diverse documents, reports and images  Millions of users and nearly 1,400 organizations worldwide... including more than 60% of Fortune 100 2
  • 3. Agenda The Spreadsheet Problem Best Practices Solutions Case Studies Q&A 3
  • 4. The Spreadsheet Problem
  • 5. Polling Question #1 What percentage of all spreadsheets (in general) do you think contain errors? 0 – 25% 25 - 50% 50 - 75% 75 – 100% 5
  • 6. Financial Spreadsheets: Background  Common spreadsheet applications  Microsoft Excel®  Lotus 1-2-3®  Originally used for simple functions  Logging information  Tracking transactions  Totaling sequences of numbers  Evolved into a sophisticated business tool  Financial reporting  Operational decision making  Complex analytical instrument 6
  • 7. Spreadsheets are good for what they were intended Spreadsheets were designed to be ―analytical scratchpads‖ not ―complex applications‖ 7
  • 8. Spreadsheet Usage Categories  Financial  Determine financial statement transactional amounts or balances  Directly populated into the company’s books and records  Operational  Tracking of workflow information (e.g., raw material usage, unpaid invoices, open accounts receivable)  Replaces manual records  Analytical  Used to support management decision making 8
  • 9. Spreadsheets are ubiquitous The electronic spreadsheet may be ubiquitous— Microsoft estimates there are 400 million users of its Office product worldwide, which includes the now-dominant Excel spreadsheet along with Word and other desktop applications. Dan Bricklin co-creator of Visicalc, the first spreadsheet software program 9
  • 10. Spreadsheets are the most widely used financial tool in the world! No plans but Use now Plan No interest Where does your company stand on the following technologies? interested Spreadsheets 100% — — — Basic budgeting, planning forecasting 66% 17% 13% 4% ERP (finance modules) 34% 14% 26% 27% E-payments, E-billing 34% 18% 34% 15% Treasury systems 29% 8% 29% 34% Tax systems 25% 10% 27% 38% E-procurement 19% 19% 37% 25% Portals (finance-oriented) 13% 16% 37% 34% Dashboards 13% 19% 31% 37% Compliance software 11% 15% 35% 40% Risk-management software 10% 5% 45% 40% Advanced BI, CPM, BPM 8% 20% 50% 22% Enterprise spend management 6% 6% 36% 53% Price-optimization software 6% 7% 31% 57% Note: Percentage may not total 100, due to rounding. Source: Spreadsheet Hell Spreadsheet Hell 10
  • 11. How do you rate electronic spreadsheets in the following areas? Excellent Good Neutral Fair Poor Accuracy 51% 37% 7% 4% 2% Ease of use 50% 44% 6% 0% 1% Capabilities/power 46% 49% 5% 1% 0% Labor saving 29% 47% 13% 9% 3% potential Integration with 10% 46% 23% 15% 7% other systems 11
  • 12. Spreadsheet Risk Indicators  Complex spreadsheet with multifarious calculations  Large number of possible input, logic and interface errors  Numerous spreadsheets/worksheets  Numerous spreadsheet users  Inadequate or missing spreadsheet documentation  Spreadsheet used for critical business decision making  Frequent and/or extensive spreadsheet changes or modifications 12  Spreadsheet with large amounts of data
  • 13. Common Spreadsheet Errors  Input errors  Flawed data entry  Inaccurate cell referencing  ―Cut-and-paste‖ errors  Logic errors  Incorrect formulas  Interface errors  Faulty import/export of data  Other errors  Improperly linked spreadsheets  Erroneous cell ranges 13
  • 14. Possible Consequences: Anecdotal Evidence Financial reporting errors The ―out-of-balance‖ balance sheets Flawed operational decision making Once is good, twice is not Inaccurate analytical analysis The obsolete inventory that wasn’t 14
  • 15. Spreadsheet roll-ups Such pressure was strong at Mentor Graphics, a $675 million provider of engineering software. A few years ago, the company's annual planning process required rolling up data from 1,200 Excel spreadsheets — one for each cost center. "On average, it was a six-to-eight-week process each year just to get that worked out.― Roll ups are one important example of error prone risk laden spreadsheet centric processes. 15
  • 16. Real life spreadsheet accidents A $400M insurance company disclosed that its earnings statements for the first six months of this year contained an error and investors should not rely on them.... But in calculating the amortization for the first and second quarters of this year, the company put the wrong year in the spreadsheet used to calculate amortization  A spreadsheet error at Fidelity’s Magellan fund was deemed a significant factor in a $1 billion financial statement error in the classification of securities. The error resulted from a flawed change control process—an unapproved change to a formula within the spreadsheet and other control deficiencies, including lack of technical and user documentation, insufficient testing and inadequate backup and recovery procedures. 16 Source: Journal News Nov 4, 2004
  • 17. More errors … with a little fraud thrown in  TransAlta took a $24 million charge to earnings after a spreadsheet error—a simple mistake in cutting and pasting resulted in an erroneous bid for the purchase of hedging contracts at a higher price than it wanted to pay.  A trader at a bank was able to perpetrate fraud through manipulation of spreadsheet models used by the bank’s risk control staff. …instead a spreadsheet was relied upon that obtained information from the trader’s personal computer which included figures for transactions that were not real. Because of inadequate controls over the spreadsheet, this fraud continued for months Source: Price Waterhouse Coopers The Use of Spreadsheets: Considerations for Section 404 of the Sarbanes-Oxley Act July 2004 17
  • 18. Find more errors at  18
  • 19. Best Practices
  • 20. Discovery Services Determine project scope Define spreadsheet population Document spreadsheet input, logic and interface Review existing control structure and environment Perform risk and complexity assessment of spreadsheets 20
  • 21. Discovery questions (Illustrative) Are consolidation and reporting activities performed on spreadsheets? How are manual entries (as opposed to prepopulated) identified and approved? How much time is spent compiling data and the financial statements versus analyzing the data? How many top-level adjustments are made in the spreadsheet consolidation/rollup process? What procedures are in place by the company to detect and prevent spreadsheet fraud? Are spreadsheets backed up periodically to ensure significant reports and information is maintained? Does the company have a retention policy for electronic information specifically spreadsheets? What controls are in place over record retention to avoid tampering with the spreadsheet data? Are there flags in place to alert key resources of specific transactions taking place in the company? 21 Does the company review its spreadsheet transactions for unusual entries?
  • 22. Spreadsheet inventory exercises Evaluate enterprise spreadsheets for: Impact on key internal controls Direct effect on financial statement transactions Effect on financial disclosure information Evaluate complexity for the selected spreadsheets: Low complexity: Simple add/subtract formulas Moderate complexity: Multiplication/division High complexity: Advanced formulas, macros 22
  • 23. Program design/documentation Generating a spreadsheet inventory and risk based assessment of each spreadsheet Integrating the approach into your current QA processes and validation practices Project planning and resourcing Spreadsheet creation and macro development Maintaining compliance and ongoing procedural controls 23
  • 24. Typical Spreadsheet Documentation Activities  Documentation for control purposes and risk analysis of external links outside managed systems  Documentation for control purposes and risk analysis of macros (use to automate some operations local to a given spreadsheet, use to automate linking to other spreadsheets, use to automate interaface to external systems or databases).  Analysis and documentation for control purposes of 3rd party system Oracle Financials, SQL databases, etc.) integrated with, spreadsheets .  Inventory of directory structures of where spreadsheets are located with a complete inventory of files in each folder. 24
  • 25. Implementation Evaluate spreadsheet compliance and control Perform detailed code reviews (logic and analytical review) Meet with spreadsheet owners/stakeholders Implement review procedures Record spreadsheet compliance and control testing results Technical/Product services 25
  • 26. Reporting and ongoing maintenance Identify training needs Product training Change management issues On-going status results and milestones Management reporting addressing compliance and control testing Develop/publish/update spreadsheet policy and procedures manual 26
  • 27. How should the spreadsheet lifecycle be managed?  Make the process easy for preparers and reviewers Import spreadsheets quickly and easily Provide a familiar working environment  Ensure secure user access Enforce selective locking of spreadsheet cells  Provide change and version control Maintain a modification audit trail  Automate the review and approval process  Retain spreadsheets for defined periods 27
  • 28. ABS for Spreadsheet Compliance
  • 29. What is ABS? ABS is a corporate quality control solution guaranteeing that enterprise operational and business critical information and reporting is accurate, timely, consistent and reduces risk exposure at the lowest possible cost. 29
  • 30. ABS Features/Benefits Feature Benefits Item reconciliation Guarantees that critical enterprise information, such as financial data, is accurate and consistent Controls total balancing Reduces costs and improves productivity by accelerating the audit cycle with an automated verification process File verification Checks to protect you from potentially serious process-integrity problems such as running a billing statement run twice. Spreadsheet compliance Provides a system that enables and meets auditing standards for spreadsheet review and compliance. 30
  • 31. ABS for Spreadsheet Compliance  Enhances reporting accuracy Reduces risk of errors and financial re- statements  Improves compliance process through better spreadsheet control Greater data integrity and accountability  Improves productivity of financial reporting cycle  Reduces auditing and certification costs 31
  • 32. Makes the process easy for preparers and reviewers A single spreadsheet, or any number, can be imported in a single operation An entire folder and/or sub-folders) can be imported in one operation User interface is the familiar Excel environment 32
  • 33. Ensures secure user access Provides folder- and document-level security Enforces selective locking of spreadsheet cells Ensures final/approved spreadsheets are not subject to change and modification unless authorized. 33
  • 34. Automated Audit Trail and Version Management enhance visibility and accountability.  Tracking information is organized under four tabs:  Current Cycle  Import History  All Cycles  Spreadsheets 34
  • 35. Provides change and version control All modifications are automatically recorded and summarized for efficient review 35
  • 36. Automates the review-and-approval process  A new spreadsheet run has ―pending‖ status  After one or more users review the run, it has ―reviewed‖ status  After a user approves or rejects the run, it has ―approved‖ or ―rejected‖ status  The run retains this setting even if additional users review it 36
  • 37. Automates the review-and-approval process  Final dialogue box summarizes the attributes of the run, including any previous reviews and messages and provides approval/rejection status 37
  • 38. Retain spreadsheets for definite periods Provides records retention management for finite or indefinite periods Integrates with other content types such as emails, MS Word documents. Provides access and retrieval in the case of an audit 38
  • 39. ABS for Spreadsheet Compliance Enhances reporting accuracy Improves sustainable compliance process through better spreadsheet control Improves productivity of financial reporting cycle Reduces auditing and certification costs 39
  • 40. Polling Question #2 Do you have controls around your spreadsheets? If so, are they automated or manual? Automated Manual No controls 40
  • 41. Case Study: Mobius Management Systems Inc.
  • 42. Mobius took stock of its spreadsheets, looking at quantity, complexity and other factors.  Our spreadsheet environment  All spreadsheets used by Finance and Administration group were inventoried  Spreadsheets were evaluated for: Impact on key internal controls Direct effect on financial statement transactions Effect on financial disclosure information  Complexity was evaluated for the selected spreadsheets: Low complexity: Simple add/subtract formulas Moderate complexity: Multiplication/division High complexity: Advanced formulas, macros 42
  • 43. A system was needed to control access and establish a process for file review  Restricted access directories were set up for selected spreadsheets:  Preparers had read/write access  Reviewer had read access only  All moderately complex and highly complex spreadsheets required reviewer to re-calculate formulas:  For spreadsheet containing 5 or fewer formulas, all formulas were tested  For spreadsheets containing more than 5 formulas, 5 plus 20% of formulas over 5 were tested  A separate checklist for spreadsheets was used by the reviewer to indicate review was completed 43
  • 44. But the new system wasn’t flawless… Problems Time-consuming task for reviewer to find formulas to test Possibility of changes after reviewer re- calculated formulas Manual checklist used for reviewer sign-off 44
  • 45. ABS for Spreadsheet Compliance was the answer Restricted-access directories easily created and maintained Cycle restrictions imposed – only a reviewer can advance a cycle (an accounting period). Reviewers can see all changes from one cycle to the next, saving time with re- calculations of formulas 45
  • 46. Our automated solution cut down on the risk of human error and lost data.  Once a cycle is closed, approved copy of spreadsheet cannot be changed, unless reviewer opens previous cycle Eliminates the possibility of the preparer making a change after spreadsheet is reviewed  Approved spreadsheets are automatically archived  Reviewer sign-off automatically recorded Eliminates manual sign-off checklist 46
  • 47. ABS for Spreadsheet Compliance simplifies and streamlines our processes Speeds financial reporting cycle Frees up reviewers’ time for other projects Improves the accuracy of key financial data Reduces manual interaction thereby reducing chance of error Enhances ―peace of mind‖ related to compliance 47
  • 48. References  The Use of Spreadsheets: Considerations for Section 404 of the Sarbanes-Oxley Act July 2004  Excellent discussion of the use of Excel in financial reporting  Compliance Week  Monthly list of audit problems   Numerous articles on spreadsheets  Public Company Accounting Oversight Board  Auditing and accounting standards organization, SOX guidelines  European Spreadsheet Risks Interest Group  Dr. Ray Panko’s Spreadsheet Research site (Univ of Hawaii)  48
  • 49. Questions ? 49
  • 50. Thank You for Participating! For more information about Mobius, visit For answers to additional questions, contact 50