Click to add optional icon or picture

Michel SaderEnterprise Technical Strategist@micleus

Spreadsheet Compliance and Management in Office and SharePoint 2013

The Scenario

End users creating complicated spreadsheets out there– Financial statements– Marketing plans

Important decision making processes based on spreadsheets

Not IT controlled, just end user thingsNo test, lots of risk and lack of control

The Issue

"Nothing within the technology environment has a greater chance of directly causing financial statements to be materially misstated than spreadsheets...... 

Furthermore, no technology is less-controlled than spreadsheets.” 

Source: Comments to CIO of top 5 global bank by Microsoft Executive

MICROSOFT CONFIDENTIAL – INTERNAL ONLY

Invisible Cells

Negative Formulas

Broken Link

Very Hidden Sheet

Plugged Formula

Do You Trust This Spreadsheet?

CFO’s Questions

Who is responsible?How many of these spreadsheets do we have, where are they, who has access to them?

Which ones contain error or fraud?How do we prevent this from happening again?

Addressing these questions is what the new features in Office 2013 are about…

Gartner is a registered trademark of Gartner, Inc. or its affiliates.

Resolution 4: Decide Which Information Will Matter

CEO Advisory: Chief Executive Information and Technology Resolutions, 2013 (1 February 2013) G00246797

MICROSOFT CONFIDENTIAL – INTERNAL ONLY

Office 2013 Spreadsheet Control tools help Mitigate Risk,

Improve Compliance, and Drive Productivity Gains

Logic Inspectio

n

Version

Control

Access

Control

Change

Control

Uncontrolled EUCs

Controlled EUCs

…

Steps To Mitigate Spreadsheet & EUC Risk

Microsoft Confidential.

Spreadsheet Compare (Office Professional Plus 2013 only)Compare spreadsheets side-by-side to identify and categorize their differences

Database Compare (Office Professional Plus 2013 only)Compare Access databases side-by-side

Spreadsheet Inquire (Office Professional Plus 2013 only, Excel add-in)Analyze, document, understand and diagnose spreadsheet

Discovery and Risk Assessment (SharePoint Server 2013 ECAL)Assess and categorize spreadsheets and databases based on relevance, materiality and business impact

Audit and Control Management Server (SharePoint Server 2013 ECAL)Non-intrusive auditing of changes made to Excel spreadsheets and Access databases

Spreadsheet Control Tools In Office 2013

MICROSOFT CONFIDENTIAL – INTERNAL ONLY

Inventory Risk Assessment Control Optimization Reporting

Reporting Services / BI Tools

Discovery and Risk

Assessment

Audit and Control

Management

Server

Spreadsheet

Compare / Database Compare

Spreadsheet Inquire

Best Practices, Domain Expertise, World Class Support

Microsoft System

MICROSOFT CONFIDENTIAL – INTERNAL ONLY

demoSpreadsheet Compliance and Management in Office and SharePoint 2013

ACM Helps to Renew EAs

Imagine your Company in the headlines

Is Excel the most

dangerous piece of

software in the world?

Feb 11, 2013

“After subtracting the old rate from the new

rate, the spreadsheet divided by their sum

instead of their average, as the modeler had

intended. This error likely had the effect of

muting volatility by a factor of two and of

lowering the VaR…”

The Importance of ExcelFebruary 9, 2013

I spent the past two days at a financial regulation

conference in Washington (where I saw more

BlackBerries than I have seen in years—can’t

lawyers and lobbyists afford decent phones?). In his

remarks on the final panel, Frank Partnoy

mentioned something I missed when it came out a

few weeks ago: the role of Microsoft Excel in

the “London Whale” trading debacle.

As a consequence, Excel is everywhere you look

in the business world—especially in areas

where people are adding up numbers a lot,

like marketing, business development, sales,

and, yes, finance.

… the total costs per gigabyte reviewed were generally around $18,000 …

The main risk in the financial reporting procedures is that errors or deliberate action (fraud) prevents facts from adequately reflecting the company financial position and performance.Such decisions may incur serious damage, like financial loss, the imposition of sanctions by the banking supervisor or reputational harm.

Annual Report 2011

Security, Risk, and ValueHow do you organize the hours of your day?

Role Where Most Our Customers Are Today

Accountant 61%Protector 24%

Business Leader 15%

Role Where Most Our Customers Are

Today

Where Most Companies Would Like

To Be

Accountant 61% 28%Protector 24% 29%Business Leader 15% 43%

Cloud Computing for Finance: Evaluating Security, Risk, and Value Webinar - Intacct

Current Activities:• Send emails asking for information• Copy and paste information from several sources• Prepare reports to management

Aspired Activities:• Advice their peers on room for savings• New opportunity and risks• Brainstorming on what can be done to maximize the value for the company

State of Current Financial SolutionsEffectiveness Gap

Cloud Computing for Finance: Evaluating Security, Risk, and Value Webinar - Intacct

Be 100% Compliant with Office 2013

It lets you securely share information with your CPA firm advisors and auditors in real-time Reduces fees – they don’t need to come on-site to do their work Better advice – they can more easily be proactive since they have your most current

information Start elevating the conversations (from “we are missing these invoices” to “here are best

practices that we have seen in your industry”) and improve their pay for the buck transforming them in advisers.

Cloud Computing for Finance: Evaluating Security, Risk, and Value Webinar - Intacct

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

MICROSOFT CONFIDENTIAL – INTERNAL ONLY

Compare spreadsheets side-by-side to identify and categorize their differences

Spreadsheet Compare

MICROSOFT CONFIDENTIAL – INTERNAL ONLY

Analyze, document, understand and diagnose spreadsheets

Spreadsheet Inquire (Excel add-in)

MICROSOFT CONFIDENTIAL – INTERNAL ONLY

Track changes in spreadsheets and Access databases

Audit And Control Management Server (ACM)

MICROSOFT CONFIDENTIAL – INTERNAL ONLY

Discover and assess business critical Excel spreadsheets and Access databases

Discovery And Risk Assessment (Server)

MICROSOFT CONFIDENTIAL – INTERNAL ONLY

Alert Notifications

MICROSOFT CONFIDENTIAL – INTERNAL ONLY

• Open• Change• Save

User• Review changes using

• Audit Trail• Spreadsheet/Access Compare

Audit And Control Management Server Review & Approval

MICROSOFT CONFIDENTIAL – INTERNAL ONLY

File Shares

SharePoint

File Shares

EventCompare

New Version

Previous Version

Alerts

WorkflowArchive Version

(File Shares Only)

ACM Database

ContinuousDiscovery and Risk

Assessment

Audit Trail,Version History

in a Browser

Office users

ACM Server Architecture

MICROSOFT CONFIDENTIAL – INTERNAL ONLY

• Errors• Plugged formulas• Inconsistent formulas• Broken links• Invisible Cells• ….

Spreadsheet Inquire- Logic Inspection