Regulation and the Integrity of Spreadsheets in the Information Supply Chain

TL;DR

This paper discusses the regulatory importance of spreadsheet integrity in information supply chains, highlighting compliance challenges and solutions for monitoring and maintaining spreadsheet accuracy and security.

Contribution

It analyzes the role of spreadsheets in regulatory compliance, compares manual and automated integrity solutions, and introduces monitoring tools like ClusterSeven for risk management.

Findings

Spreadsheets are critical links in information supply chains.

Automated monitoring solutions can reduce compliance costs.

Monitoring tools help identify operational risks in spreadsheets.

Abstract

Spreadsheets provide many of the key links between information systems, closing the gap between business needs and the capability of central systems. Recent regulations have brought these vulnerable parts of information supply chains into focus. The risk they present to the organisation depends on the role that they fulfil, with generic differences between their use as modeling tools and as operational applications. Four sections of the Sarbanes-Oxley Act (SOX) are particularly relevant to the use of spreadsheets. Compliance with each of these sections is dependent on maintaining the integrity of those spreadsheets acting as operational applications. This can be achieved manually but at high cost. There are a range of commercially available off-the-shelf solutions that can reduce this cost. These may be divided into those that assist in the debugging of logic and more recently the arrival of solutions that monitor the change and user activity taking place in business-critical spreadsheets. ClusterSeven provides one of these monitoring solutions, highlighting areas of operational risk whilst also establishing a database of information to deliver new business intelligence.