A 360-degree approach to data governance.

• Author: Bach, Paul
• Position: Compliance

What's keeping today's financial executive awake at night? More and more, the answer is the fast-growing demands of regulatory compliance--especially in the U.S., the rigorous financial reporting requirements of the Sarbanes-Oxley Act--and the rising risks of failing to address those demands effectively.

Anyone who reads the business section of a daily newspaper is well aware of the risks of regulatory compliance failure. Consider just a few recent, highly publicized examples:

* A material understatement of the cost of goods sold by an online retailer, caused by a spreadsheet calculation error, resulted in the loss of 25 percent of the company's share value--and the CEO's job.

* A major power transmission provider was forced to take a $24 million charge because of what it described as "clerical errors" in spreadsheets.

* A major European bank lost $691 million because an employee manipulated the spreadsheets used to monitor his unit's activities.

* A mortgage lender took a "write-down" of $3 billion because of a change-control error in a key spreadsheet.

* A spreadsheet "cut-and-paste" error cost a Canadian energy trading company $24 million.

These incidents had very different causes, from deliberate criminal misconduct to simple human error. They also affected very different types of organizations: publicly traded companies operating in the U.S. (subject to Sarbanes-Oxley), foreign-based businesses and even a not-for-profit educational institution. But they all resulted in serious financial and reputational damage, and all for the same reason: Senior management failed to exercise effective governance over the data contained in their information technology (IT) systems.

Financial executives and other stakeholders--including corporate auditors and outside consultants--are understandably accustomed to thinking of the data they need as the data they are aware of. This includes the information that is found in corporate and departmental databases; document management systems; enterprise resource planning (ERP) and customer relationship management (CRM) systems; and accounting applications.

Virtually every major corporation today uses end-user computing (EUC) applications as part of its financial planning, modeling, schedules, consolidations and financial closings. Unlike the larger financial systems and technologies such as the ERP systems and primary database management systems (DBMS), EUC systems are generally less visible, highly distributed...