2. Dan Parish Program Manager Microsoft Session Code: OFC 304

3. Regulatory compliance Affects almost all public companies Local, state, and federal requirements

4. The spreadsheet challenge Spreadsheets are easy to develop, flexible and powerful Spreadsheets support many critical business functions Often not thought of like a database or software program

5. It's all about the process Spreadsheet compliance cannot be achieved through technology alone Critical spreadsheets require sound development and usage practices

7. Getting started Before even getting to the plan, you need: Executive-level commitment IT and business users to be on the same page Appropriate resources --------------------------------------------

8. Evaluate your situation Inventory relevant spreadsheets Identify business-critical spreadsheets

9. Implement appropriate controls Identify at what level your controls should be Two main types of controls: Preventative Detective Examples Potential Risk Control Activity Unauthorized modification of historical data may damage the audit trail. Convert spreadsheets from previous reporting periods to a read-only format and security archive them for later retrieval. Entered data is incomplete or disagrees with the source, which results in output and reporting errors. Use “check cells” to validate data accuracy and the completeness of an entry.

10. Develop a long-term spreadsheet development and maintenance methodology Spreadsheet development shares many characteristics with software development Error rates are similar Benefits of a sound development lifecycle are similar Define Requirements DesignImplementTest and VerifyDeploy Maintain and Document

11. Define requirements Create detailed description of spreadsheet’s business purpose Scope and define boundaries Validate with users that spreadsheet will meet business needs

12. Design Maps a detailed plan for implementing business requirements End result is a spreadsheet ‘blueprint’ Well designed spreadsheets include: Separation of input, output, and calculation cells Lockable and/or protected cells that should not be modified A standard organizational method Standard naming conventions throughout Named ranges to reduce errors and increase readability Simple formulas Extensive documentation

13. Implement Based on the requirements and design already created Should simply be assembling the pieces described in the blueprint Testing and verification should occur throughout the implementation process

14. Test and verify Like all software, spreadsheets will contain errors Ways to test spreadsheets include: Targeted audits Test case verification Scenario testing Code inspection Should be done by people other than creator

15. Deploy When deploying, control activities must be determined and applied Other activities may include: A formal transition to a production environment Back up of source files Storage in a secure location with file access management Sign-off from development, test, and business users A formal approach to versioning and documented release criteria and management Creation of a detailed user manual Training courses

16. Maintain and document Critical to ensure long term usefulness of a spreadsheet All changes after deployment must be tested, verified, and documented Documentation of spreadsheets should include: A detailed description of the spreadsheet’s purpose Change log including who and what Embedded comments to explain input, output, and calculation cells Description of the naming conventions used Legend to explain formatting in the spreadsheet User manual complete with examples Contact information for person responsible

18. A compliance solution using the 2007 Microsoft Office System

19. Developing robust spreadsheet models Cell styles Lock important cells Using Excel Tables to reduce errors Defined Names Formula auditing tools

20. Preventing unauthorized access Office SharePoint Server 2007 permissions Sharing spreadsheets using Excel Services Controlling what users can see The View Item right Information Rights Management (IRM) In Office Excel 2007 In Office SharePoint Server 2007 Workbook encryption

21. Managing and monitoring changes Enterprise Content Management (ECM) in Office SharePoint Server 2007 Content types Versioning Auditing Workflow

22. Retaining and archiving spreadsheets Office SharePoint Server 2007 Record Repository Vault capabilities Information management policies Hold Record collection interface Record routing Extensibility

23. Building a compliance solution using the 2007 Microsoft Office System

25. Wrap up Spreadsheets are commonly a critical resource in companies, yet aren’t treated as such It is important for companies to develop a spreadsheet compliance framework with rigorous process controls The 2007 Microsoft Office system can help companies have greater success implementing and enforcing spreadsheet policies

27. www.microsoft.com/teched Sessions On-Demand & Community http://microsoft.com/technet Resources for IT Professionals http://microsoft.com/msdn Resources for Developers www.microsoft.com/learning Microsoft Certification and Training Resources www.microsoft.com/learning Microsoft Certification & Training Resources Resources Required Slide Speakers, TechEd 2009 is not producing a DVD. Please announce that attendees can access session recordings at TechEd Online. Required Slide Speakers, TechEd 2009 is not producing a DVD. Please announce that attendees can access session recordings at TechEd Online.

28. Track Resources Excel Blog http://blogs.msdn.com/excel Compliance Whitepaper http://office.microsoft.com/en-us/excel/HA102132911033.aspx Required Slide Track PMs will supply the content for this slide, which will be inserted during the final scrub. Required Slide Track PMs will supply the content for this slide, which will be inserted during the final scrub.

29. Complete an evaluation on CommNet and enter to win! Required Slide

30. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. Required Slide