Home ASC 606 Part Three: Excel is Not Secure

Part Three: Excel is Not Secure

0
SHARE

Posted by KristenLawson on May 18, 2018 12:00:00 PM

Find me on: LinkedIn

 

In January, we posted a blog outlining five important reasons why excel spreadsheets were not to be trusted for implementation of the ASC 606 guidelines. Then in March, we struck again, and posted Part Two of the series; the prevalence of errors in Excel Spreadsheets. This month, we’ll refocus your attention on the idea that “Excel is Not Secure”.

ICYMI: “Security risks are…very high for finance and accounting departments that rely on excel spreadsheets to manage ASC 606. Spreadsheets are (not only) a static resource with limited transparency into tracking transaction changes…(but also) unable to provide a detailed history of changes made to a range of multiple transactions, let alone individual transactions, ultimately making auditing a company’s revenue in a spreadsheet a daunting and lengthy task. To make matters worse, most companies don’t password protect their spreadsheets, making businesses even more susceptible to cracks…”

Unfortunately, even if you password protect your spreadsheets to prevent silly errors, Microsoft warns against using the feature for security measures directly on their website: “You should not assume that just because you protect a workbook or worksheet with a password that it is secure – you should always think twice before distributing Excel workbooks…” And, “Worksheet level protection is not intended as a security feature. It simply prevents users from modifying locked cells within the worksheet.”

Think critically about this – is relying on that unprotected, error-prone spreadsheet file with all your confidential financial data really a good idea?

Truth be told: I rely on spreadsheets to handle complicated calculations and data systematization as much as the next accountant. But I’m not naive enough to believe that Excel Spreadsheets are a safe and trustworthy place to hold my confidential information, let alone use them as my sole resource. You should not be handling sensitive and confidential revenue data on spreadsheets, or relying solely on their output to report to your stakeholders.

The ease of sharing a free Excel spreadsheet is just not worth the inherent security risk or time wasted keeping that Excel secure. Properly tracking who has the spreadsheet, who edited the spreadsheet, where the edits occurred in the spreadsheet – it’s a nightmare. How many versions of the same Excel do you have? Do you know who edited each one and when? Do you know when it was changed, how, and why? Did those changes involve changes to your bottom line? You shouldn’t have to be tracking that. It’s not your job. You should be focused on the analytics in the financials. You should be focused on managing the revenue– not the spreadsheet.

You also have to trust that the revenue you’re managing is correct, and if someone came in and edited that spreadsheet at all, how could you possibly rely on it without an audit trail of the changes? You don’t know, what you don’t know. So how can you know?

Invest in a product that houses a complete set of internal controls, as well as a comprehensive record of every change that occurs – manual or system-induced. “A few simple changes, such as individual logins and approval processes increase security protocols tenfold and maintain the integrity of confidential revenue date. Furthermore, revenue recognition software can break down very specific [and complex] accounting functions including the time value of money, allocations, and multi-currency foreign exchange conversions by customer, order, or product group levels for an easily auditable data history.”

Your auditor can likely attest (pun intended) that having a solid audit trail of your financial information is absolutely critical. Regardless of the new ASC 606 guidance, auditors still need to understand where data is coming from, and the controls in place to ensure the integrity of that data. The new guidance places additional constraints on auditors, as they will now need to familiarize themselves with new revenue systems and sign off on the processes and data that you are now providing. How can you help support a smooth and painless audit? AUDIT TRAILS AND CONTROLS. Which, by the way, is not one of Excels’ priorities. It is, however, one of ours.

Now, if your revenue management or finance team is any more than one person (and chances are you’re not running that business alone), you may run into reluctance getting the entire team out of their comfort zone and into a new solution. However, complying with ASC 606 is a huge change in itself.

Making the necessary changes to your internal systems not only mitigates security risks associated with managing human and technological resources, but it also creates efficiencies business wide. Not to sound redundant but… you should be focused on managing the revenue – not the spreadsheet.

 

SOFTRAX offers superior experience, knowledge, products, and services to address your company’s ASC 606 needs.  We encourage you to visit http://www.softrax.com/about/contact-us to learn more about SOFTRAX and the value we can provide for your company’s ASC 606 adoption.

Topics: Revenue RecognitionRevenue ManagementRevenue SoftwareEliminate SpreadsheetsASC 606Rev RecIFRS15,GAAPBlog