Moralits specialists are experts in conducting, consulting and/or implementing automated audits via MS Excel ( https://moralits.com/homepage/automated-audits/). However….are these spreadsheets it-selves secure enough? e.g. see lots of reputational damage examples due to errors in key-Excel sheets….(see e.g. http://www.eusprig.org/horror-stories.htm) or just type “spreadsheet errors” in Google or Bing…..Amazing….
We studied existing material and developed methods to assess key spreadsheets on impact and likelihood scenarios. We classified our clients’ spreadsheets based on confidentiality, and integrity , in order to come to a set of security measures for key-spreadsheets
Some of the impact considerations are the following:
Some of the likelihood scenarios are the following:
If we classified the confidentiality and integrity rating on a scale of 1-3 , where low =1 and high = 3. The following overview can be an example:
Typical security measurements to consider are the following:
1. Access control: Storage centrally (dedicated drive or share)
2. Change control: Version control and justify on additional tab
3. Documentation: up to date to understand the business objective and specific functions of the spreadsheet
4. Testing: Formally test the spreadsheet by expericenced 3rd party which will confirm that the spreadsheet processing and related output is functioning as intended
5. Logic inspection: inspect the spreadsheets’ logic. Document this review formally (could be same 3rd party as mentioned above)
6. Input control: Reconcile data inputs to source documents
7. Security an integrity of data: “locking” or protecting sensitive cells, such as formulas and master data.