Survey: Spreadsheet and EUC Risk Assessment
Published February 28, 2009 Polls 3 CommentsTags: risk assessment
Tags: risk assessment
Microsoft GRC Blog
- The Future is Now – a posting from Jeff Jinnett February 8, 2010 AnnaVAubry
- Regulatory Oversight & Compliance of Blogs and Social Networking - Sai Sireesh January 28, 2010 AnnaVAubry
- Analysis using "Pivot" - a preview by Jeff Jinnett January 18, 2010 AnnaVAubry
- Microsoft’s Compliance and Risk Process Management Pack and IT Compliance Library - an update from Sai Sireesh December 10, 2009 AnnaVAubry
- Visualization Challenge: Use of 3-D Virtual Environments to Portray GRC Issues - Jeff Jinnett December 7, 2009 AnnaVAubry
Eric Perry
Any comments on what “other business specific metrics” could define risk?
I work in internal audit within a bank, and we also use SOX significance as a risk criterion. If a spreadsheet or EUC affects a key GL account, or is part of the financial reporting process, or is impacted by regulatory or P&L reporting, then it is considered in scope for SOX, and automatically gets a High risk ranking. I hope this helps!
This poll begs a very good question, but what it does not consider is relational risk. I guess you could categorize this under your “other business specific metrics”. When considering spreadsheet risk, you need to not only look at the risk associated with a particular workbook, but also any linked or dependent workbooks. For example, if you have a Low risk workbook feeding data to formulas in a High risk workbook, then by definition the Low risk workbook should be ranked as High risk.