Process, governance and spreadsheets

Written By:
Content Copyright © 2011 Bloor. All Rights Reserved.
Also posted on: The IM Blog

Talk to almost anybody about information, data or corporate governance and they will tell you that governance is primarily about people and processes. For example, in data governance it’s not so much about data quality per se but about the processes that you have in place for ensuring data quality. The same thing applies to compliance. Indeed, in many instances compliance is more about process than data. Sarbanes-Oxley, for example, is about tracking the processes that manipulate and transform your data. Even data protection laws are as much about the process of securing your data as they are about the physical act of encryption (say).

Given all of this, why do so many companies talk about governance as if it was about data and information? Obviously the answer is that they do not have the necessary capabilities to handle said governance—no understanding of the processes involved. This is particularly true within the area of spreadsheet management. In this space, there is a lot of focus on detecting and correcting errors, in estimating risks so that you can identify critical spreadsheets, and in controlling or tracking changes to spreadsheets. Historically, however, there has been little understanding of the processes involved in using spreadsheets.

The good news is that this is starting to change. Ormetis, for example, captures spreadsheet processes and allows them to be re-used. It is not, however, a full spreadsheet-management application. But Apparity is. With the exception that it does not do error detection and correction (no great loss: you can download suitable tools for a few hundred dollars) and that it will not trawl your network to find your spreadsheets for you (ditto: you probably know where the important ones are anyway) Apparity offers a complete spreadsheet management solution. But, unlike its competitors, it is process-based.

It is important to understand what this means. For example, suppose that you go through a process of consolidating various spreadsheets at the end of the month. There are multiple steps in such a process and many spreadsheets may be involved, which may include linked spreadsheets that are not directly involved in this particular process. There may also be sign-offs required. All of this is captured by Apparity and next month the process is now automated for you.

There are a couple of other ways that Apparity is different, both with respect to security. To begin with, when you open a spreadsheet you have the option to lock all linked spreadsheets—ensuring that a user understands and can control the impact of any changes being made. Secondly, unlike other spreadsheet management products, Apparity is able to impose controls on how users are able to distribute spreadsheets. Typically, users are able to subvert their shared drive security by copying spreadsheets to their laptops, taking it away and then emailing them to all and sundry. Apparity eliminates this risk this by encrypting any spreadsheets sent through email—thus ensuring only those individuals with the right permissions are able to work on or view the spreadsheet.

I have been preaching for years that data governance and spreadsheet management are part of the same spectrum but they are not treated as such by most vendors. Now that spreadsheets are starting to be process-based, hopefully that will change.