Posts Tagged 'reducing spreadsheet and EUC risk'

White Paper: Automating Spreadsheet Controls for Solvency II Model Compliance

Published May 18, 2011 Best Practices , Regulatory Mandates , Solvency II Leave a Comment
Tags: , , , , , ,

Abstract
Spreadsheets, Access databases and other user-developed applications (UDAs) are front and center to Solvency II model development, providing flexibility and ample opportunities to optimize capital requirements. Absent the proper governance framework, these UDAs can be subject to a variety of unacceptable risks, including calculation errors due to faulty programming logic, non-compliance with the intent of the directive, and even fraudulent activity. This white paper examines the newly published governance mandates for Solvency II models, and offers a proven technology solution and best practices to help insurers and reinsurers in the European Union improve compliance while mitigating risk and driving significant process improvement.

Target Audience
CFOs, controllers, CIOs, COOs, CEOs, Chief Actuaries, VP IT Security & Risk, Certified Fraud Examiners, auditors, risk and compliance executives, spreadsheet developers, Solvency II project teams.

>>Download White Paper

Basel III & Spreadsheets – The Perfect Storm?

Published December 16, 2010 Basel III , Breaking News , Regulatory Mandates Leave a Comment
Tags: , ,

The Bank for International Settlements (BIS) in Basel, Switzerland today announced the final rules for Basel III, a new global regulatory framework for banks. Building on the foundation of Basel II and similar to Solvency II in terms of focus on ensuring capital adequacy, Basel III also creates the perfect storm in terms of spreadsheet and end-user computing (EUC) risk. That is, banks leveraging spreadsheets, Access databases and other EUCs for computing the new capital requirements, risk-weighted assets, and liquidity (among other complex computations) are likely not prepared to satisfy auditor and regulator governance requirements mandates unless they have a controlled environment in place. Such EUCs are prone to input and logic errors, honest mistakes, fraud and almost impossible to manage (absent the proper controls) given the autonomy of users who can make changes to them.

To this end, Prodiance has been working with a number of global financial institutions to help them assess what is needed for effective spreadsheet and EUC governance for Basel II/III and Solvency II and how to implement best practices and leverage technology to help mitigate the risk of material errors while improving compliance with these new directives. You can read the press release from the BIS here or download a PDF of the final Basel III Accord. For more information on Prodiance ERM products and services, please visit our web site and stay tuned for further details on how Prodiance ERM technology, best practices, domain expertise and professional services offerings aligns with Basel III mandates.

If you have any anecdotes or comments on the new Basel III Accord, I’d love to hear from you. Finally, if your organization does not yet have a policy on End-User Computing in place, I would be happy to send you our template. Just drop me an email or leave a comment!

Happy holidays and safe travels!

The Spreadsheet Risk Continuum

Published January 14, 2010 Best Practices , Breaking News , Press Articles Leave a Comment
Tags: , , , , , , , , ,

After more than 5 years of helping some of the world’s most successful global organizations reduce their risk and exposure due to uncontrolled spreadsheets, Access databases and other end-user computing (EUC) applications, it has become very clear that reducing the risk is as much about technology as it is about cultural change. Almost every company today is dealing with issues surrounding spreadsheet and EUC risk, all with varying levels of maturity. The way I see it, reducing the risk efficiently requires a few key ingredients for success, including: adopting a formal policy on End-user Computing, defining internal controls for critical spreadsheets and EUCs, incorporating best practices, and implementing new Spreadsheet Control technology. As these ingredients are put in place, the organization’s risk level eventually decreases along the Spreadsheet Risk Continuum.

Policies & Controls
In a previous post, I discussed the merits and basics of adopting a formal EUC policy. I have also discussed the latest auditor guidance on spreadsheet controls from the famous white paper published in 2004 by PwC. There about 10 key controls to consider, including: access control, version control, change control, backup and archival, input control, documentation, segregation of duties, logic inspection/analytics, development lifecycle and data integrity.

Best Practices
There are many best practices, but I will mention a few here. The first requires following a formal process when implementing Spreadsheet Control. At Prodiance, we have developed a methodology we call the Spreadsheet Management Lifecycle, which involves inventory, risk assessment, control, remediation and reporting. In addition, it is important to have users properly trained on how to efficiently develop spreadsheets. This can result in models that have have less margin for error because they are developed properly and are well documented.

Technology
The final stage in the Spreadsheet Risk Continuum involves implementing a technology solution to help make the earlier stages sustainable. Without technology, the tasks and controls  in the earlier stages become one-off projects, requiring end users to do extra work to follow policies. This manual approach often breaks down over time. So my point in all of this is the following:

To efficiently mitigate spreadsheet and EUC risk within an organization, there is a Spreadsheet Risk Continuum leading to success which requires a cultural change (e.g. policies, controls, best practices) and adoption of new technology.

What are your thoughts on this assertion?

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 22 other followers

Follow Prodiance on Twitter

Prodiance on Twitter

Follow

Get every new post delivered to your Inbox.