Survey: Spreadsheet and EUC Risk Assessment
Published February 28, 2009 Polls 3 CommentsTags: risk assessment
Tags: risk assessment
Microsoft GRC Blog
- Jeff Jinnett: Worldwide Partner Conference – One Way Microsoft Supports Its GRC Partners June 14, 2011 Mimi S
- Jeff Jinnett: April, 2011 Update - GRC White Papers, Books, Webcasts and Blogs of Some Microsoft Partners April 14, 2011 Mimi S
- Emerging GRC patterns around Cloud April 13, 2011 Sai Sireesh
- Leading global bank adopts Microsoft partner FinArch for its Liquidity Risk Solutions March 16, 2011 Sai Sireesh
- Sai Sireesh Predicts Top 10 Risk and Compliance Initiatives in 2011 February 22, 2011 Mimi S
Eric Perry
Any comments on what “other business specific metrics” could define risk?
I work in internal audit within a bank, and we also use SOX significance as a risk criterion. If a spreadsheet or EUC affects a key GL account, or is part of the financial reporting process, or is impacted by regulatory or P&L reporting, then it is considered in scope for SOX, and automatically gets a High risk ranking. I hope this helps!
This poll begs a very good question, but what it does not consider is relational risk. I guess you could categorize this under your “other business specific metrics”. When considering spreadsheet risk, you need to not only look at the risk associated with a particular workbook, but also any linked or dependent workbooks. For example, if you have a Low risk workbook feeding data to formulas in a High risk workbook, then by definition the Low risk workbook should be ranked as High risk.