1 / 15

Spreadsheet Management Maturity Model

Spreadsheet Management Maturity Model. Philip Howard Research Director – Bloor Research. Why spreadsheet governance is important. Prevent errors that can impact financial and operational accuracy Prevent fraud Reduce disk space and associated costs Ensure compliance

missy
Download Presentation

Spreadsheet Management Maturity Model

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Spreadsheet Management Maturity Model Philip Howard Research Director – Bloor Research

  2. Why spreadsheet governance is important • Prevent errors that can impact financial and operational accuracy • Prevent fraud • Reduce disk space and associated costs • Ensure compliance • Improve business process efficiency • Prevent fines • Prevent reputational damage • Improve decision making • Reduce audit fees • Enables various IT processes

  3. Maturity Models • To identify where you are today • To identify where you want to get to • To identify the steps between • NB: not all organisations want to get to the same end point

  4. Spreadsheet MMM • Not just about spreadsheets • Any end-user computing (EUC) resources such as Access databases, Crystal Reports, PowerPoint presentations and so on • Differs from other maturity models in that there are both personnel and corporate maturity levels

  5. Personnel maturity Inexperienced users Tend to be self-taught Enthusiastic users Junior personnel develop expertise Experienced users Junior personnel become senior Trained users Formal training and best practices

  6. Maturity Stage 1 Inexperienced users 1. Denial • Organisations do not understand extent of reliance on EUCs • Users are self-taught and do not make use of external resources • Transition to stage 2 typically because of a significant event such as a significant/material error, financial restatement, fraud, auditor scrutiny or forthcoming compliance audit

  7. Maturity Stage 2 Inexperienced users 1. Denial Enthusiastic users 2. Manual • Manual governance based on access, change and version control, which may cause change management issues • No accuracy testing • May be custom macros for basic controls and auditing—not easy to support and unsustainable in long run • May include risk assessment • Transition to stage 3 because manual controls breaking down, experienced staff get promoted or because of compliance requirements.

  8. Maturity Stage 3 Inexperienced users 1. Denial Enthusiastic users 2. Manual Experienced users 3. Remedial • Use of formal remediation tools and methodologies either via audit forms or via diagnostic software • May include end user training on spreadsheet compliance (e.g. for SOX) • Transition to stage 4 often as result of auditor or consultant recommendation

  9. Maturity Stage 4 Inexperienced users 1. Denial Enthusiastic users 2. Manual Experienced users 3. Remedial Experienced users 4. Recognised • Identification of critical spreadsheet assets • May adopt use of automated discovery, inventory management and risk assessment software • Ideally, should come before stage 3 but most companies only discover risks due to links and dependencies after remediation has started • Stages 3 and 4 often help to build business case for more advanced stages

  10. Maturity Stage 5 Inexperienced users 1. Denial Enthusiastic users 2. Manual Experienced users 3. Remedial Experienced users 4. Recognised Trained users 5. Captured • Can capture and/or have eliminated errors and ad hoc processes • Logic and formula errors indentified and fixed • Controlled development processes and end users trained in development best practices • Process controls to detect and/or prevent errors

  11. Maturity Stage 6 Inexperienced users 1. Denial Enthusiastic users 2. Manual Experienced users 3. Remedial Experienced users 4. Recognised Trained users 5. Captured Trained users 6. Formalised • Formal development, control and risk mitigation processes • Segregation of duties, change request management, test and signoff on changes and new models, routine review and approval processes • May be issues with existing processes. Balance between collaboration and control may vary by department or, indeed, spreadsheet

  12. Maturity Stage 7 Inexperienced users 1. Denial Enthusiastic users 2. Manual Experienced users 3. Remedial Experienced users 4. Recognised Trained users 5. Captured Trained users 6. Formalised Trained users 7. Managed • Automated monitoring and/or control environment • Management reporting on EUC control process • This stage involves cultural shift: about implementing better business processes not just collecting data about spreadsheets

  13. Maturity Stage 8 Inexperienced users 1. Denial Enthusiastic users 2. Manual Experienced users 3. Remedial Experienced users 4. Recognised Trained users 5. Captured Trained users 6. Formalised Trained users 7. Managed Trained users 8. Integrated • Spreadsheet processes and alerts part of broader GRC framework • Automated integration of spreadsheet data with central applications to eliminate error-prone practices

  14. Conclusion • Spreadsheet management is iterative and evolving • Spreadsheet management is ongoing • Spreadsheet management is integral to governance, risk and compliance • Spreadsheet management should be treated as a part of data governance • Spreadsheet management is a part of optimising business processes • A maturity model helps you to understand where you are and where you’re going

More Related