hydra and policies

Uncontrolled Spreadsheets, Documents, and Emails, Oh My!

Business is complex. Exponential change in regulations, globalization, distributed operations, processes, competitive velocity, business relationships, and legal matters encumbers organizations of all sizes across industries. Like battling the multi-headed Hydra in Greek mythology, redundant, manual, and document-centric internal control management approaches are ineffective. As the Hydra grows more heads of regulation, legal matters, operational risks, and complexity, scattered silos of documents become overwhelmed and exhausted and start losing the battle. This approach increases inefficiencies and the risk that serious matters go unnoticed. Redundant and inefficient processes lead to overwhelming complexity that slows the business, when the business environment requires greater agility.

Use of end user computing applications (EUC) such as spreadsheets, emails, and other document types has revolutionized how technology creates value for organizations. However, this brings a significant challenge to govern and control information and technology in a distributed and dynamic environment. Organizations are facing increased pressures from regulators and auditors to ensure that they have adequate controls over EUC applications, particularly spreadsheets used in accounting and finance processes. This specifically has caught the attention of the Public Company Accounting Oversight Board (PCAOB) and external auditors. This scrutiny is leading to new SOX failings for companies that previously had no such failings. Enhanced audits are exposing the role of spreadsheets in context of Internal Control over Financial Reporting (ICFR) and the fact that spreadsheets are often open to manual manipulation.

The reasons spreadsheets fail without controls are . . .

The rest of this blog post can be found as a guest blog at ClusterSeven:

READ MORE

GRC 20/20 is also presenting a webinar on this topic, The Spreadsheet and SOX: the Never Ending Battle:

REGISTER

More detail can also be found in GRC 20/20’s latest Strategy Perspective, Gaining Control Over End User Computing: Increased Pressure to Control Spreadsheets and Documents:

ACCESS RESEARCH

 

 

No comments yet.

Leave a Reply