…optimise your it investments spreadsheet management maturity model philip howard research...

Download …optimise your IT investments Spreadsheet Management Maturity Model Philip Howard Research Director – Bloor Research

Post on 18-Dec-2015

212 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • Slide 1
  • optimise your IT investments Spreadsheet Management Maturity Model Philip Howard Research Director Bloor Research
  • Slide 2
  • telling the Information Management story Confidential Bloor Research 2009 telling the right story Confidential Bloor Research 2010 Why spreadsheet governance is important Prevent errors that can impact financial and operational accuracy Prevent fraud Reduce disk space and associated costs Ensure compliance Improve business process efficiency Prevent fines Prevent reputational damage Improve decision making Reduce audit fees Enables various IT processes
  • Slide 3
  • telling the Information Management story Confidential Bloor Research 2009 telling the right story Confidential Bloor Research 2010 Maturity Models To identify where you are today To identify where you want to get to To identify the steps between NB: not all organisations want to get to the same end point
  • Slide 4
  • telling the Information Management story Confidential Bloor Research 2009 telling the right story Confidential Bloor Research 2010 Spreadsheet MMM Not just about spreadsheets Any end-user computing (EUC) resources such as Access databases, Crystal Reports, PowerPoint presentations and so on Differs from other maturity models in that there are both personnel and corporate maturity levels
  • Slide 5
  • telling the Information Management story Confidential Bloor Research 2009 telling the right story Confidential Bloor Research 2010 Personnel maturity Inexperienced users Enthusiastic users Experienced users Trained users Tend to be self-taught Junior personnel develop expertise Junior personnel become senior Formal training and best practices
  • Slide 6
  • telling the Information Management story Confidential Bloor Research 2009 telling the right story Confidential Bloor Research 2010 Maturity Stage 1 Organisations do not understand extent of reliance on EUCs Users are self-taught and do not make use of external resources Transition to stage 2 typically because of a significant event such as a significant/material error, financial restatement, fraud, auditor scrutiny or forthcoming compliance audit Inexperienced users1. Denial
  • Slide 7
  • telling the Information Management story Confidential Bloor Research 2009 telling the right story Confidential Bloor Research 2010 Maturity Stage 2 Manual governance based on access, change and version control, which may cause change management issues No accuracy testing May be custom macros for basic controls and auditingnot easy to support and unsustainable in long run May include risk assessment Transition to stage 3 because manual controls breaking down, experienced staff get promoted or because of compliance requirements. Inexperienced users1. Denial Enthusiastic users2. Manual
  • Slide 8
  • telling the Information Management story Confidential Bloor Research 2009 telling the right story Confidential Bloor Research 2010 Maturity Stage 3 Use of formal remediation tools and methodologies either via audit forms or via diagnostic software May include end user training on spreadsheet compliance (e.g. for SOX) Transition to stage 4 often as result of auditor or consultant recommendation Inexperienced users1. Denial Enthusiastic users2. Manual 3. RemedialExperienced users
  • Slide 9
  • telling the Information Management story Confidential Bloor Research 2009 telling the right story Confidential Bloor Research 2010 Maturity Stage 4 Identification of critical spreadsheet assets May adopt use of automated discovery, inventory management and risk assessment software Ideally, should come before stage 3 but most companies only discover risks due to links and dependencies after remediation has started Stages 3 and 4 often help to build business case for more advanced stages Inexperienced users1. Denial Enthusiastic users2. Manual 3. Remedial 4. Recognised Experienced users
  • Slide 10
  • telling the Information Management story Confidential Bloor Research 2009 telling the right story Confidential Bloor Research 2010 Maturity Stage 5 Can capture and/or have eliminated errors and ad hoc processes Logic and formula errors indentified and fixed Controlled development processes and end users trained in development best practices Process controls to detect and/or prevent errors Inexperienced users1. Denial Enthusiastic users2. Manual 3. Remedial 4. Recognised Experienced users Trained users5. Captured
  • Slide 11
  • telling the Information Management story Confidential Bloor Research 2009 telling the right story Confidential Bloor Research 2010 Maturity Stage 6 Formal development, control and risk mitigation processes Segregation of duties, change request management, test and signoff on changes and new models, routine review and approval processes May be issues with existing processes. Balance between collaboration and control may vary by department or, indeed, spreadsheet Inexperienced users1. Denial Enthusiastic users2. Manual 3. Remedial 4. Recognised Experienced users Trained users5. Captured Trained users6. Formalised
  • Slide 12
  • telling the Information Management story Confidential Bloor Research 2009 telling the right story Confidential Bloor Research 2010 Maturity Stage 7 Automated monitoring and/or control environment Management reporting on EUC control process This stage involves cultural shift: about implementing better business processes not just collecting data about spreadsheets Inexperienced users1. Denial Enthusiastic users2. Manual 3. Remedial 4. Recognised Experienced users Trained users5. Captured Trained users6. Formalised Trained users7. Managed
  • Slide 13
  • telling the Information Management story Confidential Bloor Research 2009 telling the right story Confidential Bloor Research 2010 Maturity Stage 8 Spreadsheet processes and alerts part of broader GRC framework Automated integration of spreadsheet data with central applications to eliminate error-prone practices Inexperienced users1. Denial Enthusiastic users2. Manual 3. Remedial 4. Recognised Experienced users Trained users5. Captured Trained users6. Formalised Trained users7. Managed Trained users8. Integrated
  • Slide 14
  • telling the Information Management story Confidential Bloor Research 2009 telling the right story Confidential Bloor Research 2010 Conclusion Spreadsheet management is iterative and evolving Spreadsheet management is ongoing Spreadsheet management is integral to governance, risk and compliance Spreadsheet management should be treated as a part of data governance Spreadsheet management is a part of optimising business processes A maturity model helps you to understand where you are and where youre going
  • Slide 15
  • telling the Information Management story Confidential Bloor Research 2009 telling the right story Confidential Bloor Research 2010