Just by looking at the news and seeing the recent demise of one of the biggest construction companies in the UK, it has become apparent the potential dangers of poorly managed spreadsheets. Carillion is just one of many examples where there are multiple departments using hundreds of spreadsheets that have no resemblance of quality control or security standards.
When looking at the size of global organisations and the multitude of staff that work together to complete projects to strict deadlines, it can sometimes be a complete afterthought to consider project security as a priority.
Poorly structured spreadsheets can also lead to a loss of productivity and increased audit costs, further damaging the bottom line.
When it comes to spreadsheet security, arguably the most important step is to ensure that senior management buy into the need for a robust spreadsheet risk management framework, and that they define and effectively communicate their spreadsheet risk management policy.
A best practice spreadsheet development standard would clearly outline the conventions and standards that each spreadsheet needs to adhere to. It would also help to consider what necessary steps internal IT departments would need to take to ensure correct and secure delivery of projects, by sticking to a proper quality assurance process.
The fact is that human error would always be a factor when it comes to document and project management. The purpose of proper testing is to identify issues and get them resolved before models are sent to live environments.
Spreadsheets that are part of as critical business process should have detailed documentation. This should include a technical specification and user notes.
In summary, organisations regardless of size need to have a few things covered in order to ensure maximum security and avoid unnecessary risk. By having a formal framework sponsored by senior management, this would pave the way for having a structured process of security and testing for all spreadsheets.