This series of articles will give you an overview of how to manage spreadsheet risk. These articles are written by Myles Arnott from Excel Audit
- Part 1: An Introduction to managing spreadsheet risk
- Part 2: How companies can manage their spreadsheet risk
- Part 3: Excel’s auditing functions
- Part 4: Using external software packages to manage your spreadsheet risk
In the first article in this series we highlighted the risks that poorly managed spreadsheet solutions can introduce to a business. In this article we will demonstrate how companies can manage this risk.
A formal governance framework
The first, and arguably most important step is to ensure that the senior management team buy into the need for a robust spreadsheet risk management framework, and that they define and effectively communicate their spreadsheet risk management policy.
Spreadsheets identified and catalogued
It is impossible to know the level of spreadsheet risk in an organization without first identifying and then risk assessing all of the spreadsheets. It is therefore necessary to create a catalog of all of the spreadsheets and then to gather the key information about each spreadsheet to enable a risk assessment to be carried out.
The two key factors for determining the spreadsheet risk are the probability of there being an error and the impact that that error could have.
Risk = Probability of an error X impact if an error were to occur
The probability of error is related to the complexity of the spreadsheet. Complexity attributes differ across companies but include:
- Spreadsheet size (Mbs)
- Spreadsheet design (hard coded numbers in formulae, poor model structuring etc)
- The number of users
- The use of complex formulae (particularly array formulae, nested formulae etc)
- The number of cells populated
- The number of internal and external links
- The use of VBA
The impact of the error is related to how critical the spreadsheet is within the business. Each company will have a slightly different definition of the impact levels of spreadsheets, but generally:
- A spreadsheet is low impact if it is not used as part of a critical business process and an error would not have a material impact on the business.
- A spreadsheet is medium impact if it contains confidential information and an error could have a material impact on the business.
- A spreadsheet is high impact if it contains highly confidential information and an error would have a significant impact on the business. Spreadsheets used within processes that fall under external regulation (such as Sarbanes-Oxley and Solvency II) are deemed to be of high impact.
Finally, the spreadsheets should be placed in order of risk. Those identified as business critical and high risk should be prioritized for detailed review and placed under control.
This is clearly an on-going process. As new spreadsheets are developed they will need to pass through the risk assessment process as defined by the company’s spreadsheet risk management policy. A periodic review should also be carried out to ensure that all spreadsheets have been correctly categorized.
A best practice standard
The company should define its own best practice spreadsheet development standard that is applied to spreadsheets deemed to be medium or high impact. The standard should clearly outline the standards and conventions to which a spreadsheet should be built. New developments can then be reviewed to ensure that they adhere to the standard.
We advocate the use of the Excel Best Practice Standard from the Spreadsheet Standards Review Board (‘SSRB’).
We also recommend that tailored schedules are added to the standard to reflect your specific design standards. For example this could be a specific color scheme, use of logo or the use of specific text within the header or footer (e.g. document security levels).
Testing
A fundamental, but often overlooked step in the Excel model development cycle is testing. All spreadsheets (but especially business critical spreadsheets) need to be first peer reviewed and then rigorously tested.
It helps to consider the steps that an IT department would take to ensure that something they deliver is correct. It will pass through stages of unit and system testing prior to quality assurance and finally user acceptance testing. So why should a spreadsheet being used for a critical process be any different?
The fact is that no matter how hard we try, humans make errors. The purpose of testing is to identify them and get them resolved before the model goes into the live environment.
Remember that in the first article we highlighted the fact that 94% of spreadsheets and 5% of all formulae within spreadsheets contain errors.
Here is Scott Adams’ view on spreadsheet testing in Dilbert
Training
All staff should be trained so that they have sufficient Excel knowledge for their role and to use the spreadsheets that they are responsible for. As part of the induction process all staff should also be taught the company’s best practice standard.
Whilst this sounds obvious, research has shown that few companies prioritize investment in spreadsheet training.
Documentation
A key risk with spreadsheets is that they are often built and used by one individual within a team (often referred to as a “key man dependency”). If this person is ill or leaves unexpectedly the other members are totally reliant on the documentation left behind. From experience this rarely exists.
Each spreadsheet that is used within a process should as a bare minimum have documentation stating:
- the purpose of the spreadsheet;
- how the spreadsheet fits within the process;
- the source of all inputs for the spreadsheet;
- all key assumptions and drivers;
- key calculations;
- distribution list for outputs.
Spreadsheets that are part of as critical business process should have detailed documentation. This should include a technical specification and user notes.
Security
All business critical and confidential spreadsheets should be subject to access control. Security controls can be implemented across three levels:
- Directory level: Only specific individuals have access to key directories
- File level: Confidential and critical spreadsheets should be password protected to restrict access
- Cell level: Non-input cells should be password protected
Change control, backups and archives
To minimize the risk of losing the current version of a spreadsheet and ensuring that the correct version is being used at all times, all business critical spreadsheets should be backed up, archived and subject to change control procedures.
So, in summary..,
the characteristics of a well-managed environment are:
- a formal governance framework, sponsored by the senior management team, is in place for all spreadsheet development;
- a catalog of spreadsheets is maintained and prioritized by risk profile;
- a best practice standard is applied to the development of all new spreadsheets;
- all new spreadsheets pass through a formal risk assessment, are peer reviewed and formally tested;
- staff are provided with sufficient training to carry out their roles;
- all spreadsheets and their associated processes are well documented;
- access to critical spreadsheets is subject to security controls;
- spreadsheets are subject to change control and are regularly backed up and archived.
What next?
In the next article we will look at the built in Excel functions that can help you to manage spreadsheet risk.
What about you?
How do you (or your company) manage spreadsheet risk? What best practices & guidelines you follow? Please share using comments.
Thank you Myles
Many thanks to Myles for writing this series. Your experience in this area is invaluable. If you enjoy this series, drop a note of thanks to Myles thru comments. You can also reach him at Excel Audit or his linkedin profile.
28 Responses to “Pimp your comment boxes [because it is Friday]”
This borders on Excel soft-cell...er, soft-core...porn. My favorite kind.
Wow, that is pimp-TASTIC! I have a question, as a VBA n00b: additional comment boxes stay plain unless I "run" the macro. Is there a way to change all comments, going-forward?
hi Chandoo, well, I like the macro approach. For those who don't like it, there is another way: just add the "draw" toolbar to the shapes toolbar (via Custom etc), click on "edit comment", click on the auto-shape and then choose "draw" drop-down, --> modify auto-shape --> then you even can have a heart or a banner (I like the horizontal banner in in purple :-)) . in excel 2007, you have to add this custom menu that you choose via Excel Options --> Custom --> it is called "change/ modify auto-shape"!!!
best,
@Chandoo. Great Post 🙂
@Tim : the way the macro is coded, it must be run very time.
@Community: If someone has an idea to perform it when opening an existing excel, it should be nice.
@Community: if someone has some code to revamp the commentboxes on all sheets, please share it. 🙂
@Microsoft Excel-progammers: some pimpoptions for the commentboxes should be great.
Cheerio
Tom
For the auto run, please add the codes in workbook:
Private Sub Workbook_SheetActivate(ByVal Sh As Object)
Call Comments_Tom
End Sub
Wow, that was a lot of fun... Thanks Tom!
@Jeff... Now, 5000 people know about your favorite porn... 😛
@Tim ... you can write an event to handle the new comments. I wouldnt recommend it as it is really painful. another option is to use the macro suggested by Yukikomi. It will update comments everytime you activate the sheet.
@laguerriere: very cool 🙂
@Chandoo ... Thanks! This is good stuff. I combined your tip with a tip from Mark O'Brien, then assigned it to a button on Excel 2010's Quick Access Toolbar, to format comments AS I add them. I also like how Mark's code saves me the trouble of backspacing my name out of new comments:
Sub AppendToExistingComment()
'Source: Mark O'Brien at http://www.mrexcel.com/forum/showthread.php?t=57296
Dim oRange As Range
Dim oComment As Comment
Dim sText As String
'Use object variable to hold range.
Set oRange = ActiveCell
'Use object variable for comment
Set oComment = oRange.Comment
'text to be added to the comment box
sText = InputBox("Type text to be added:", "APPEND TO COMMENT TEXT")
If Len(sText) = 0 Then End
'If Active Cell has a comment then append new text to the end of the comment text
If Not oComment Is Nothing Then
sText = oComment.Text & vbNewLine & sText
oRange.Comment.Delete
End If
'Add a comment with the contents of sText
oRange.AddComment sText
DoEvents
Comments_Tom
End Sub
Thank you very much for the code, it seems to be working for the most part; I am having a problem however. Once the routine makes the corrections to the comment, the comment becomes invisible. By invisible, I mean that when I highlight my mouse over it, nothing appears. However, when I right click the cell and click 'edit comment' then the comment becomes visible and I enter edit mode. Upon clicking out of the comment, it simply vanishes again. I've tried to fix this problem by adding a .shape.visible = msoTrue but then every comment is always visible. o_O please advise...
Thank you,
Nick
@Nick- That is because the font color of the comment is white and when you select the color of selection is also white hence you can not see anything. Try to change the color code in the routine to something else. would work
Thanks for that! The code works perfectly!
[...] look at Format Excel Comment Boxes using VBA Macros | Chandoo.org - Learn Microsoft Excel Online [...]
@ Chandoo - code works great and the comments look super cool. But I have ran into a small issue. In the comments, I am inserting pictures. When I run the macro, for all comments which already have pictures; pictures are deleted. Pls help me retain the pics in comments.
[…] posted some code one of his readers submitted, it "pimps" your comment boxes from those boring black-text-on-yellow rectangles to something more professional and eye-pleasing. […]
love in it
Hi Tom,
This looks really excellent. I am however relatively new to macros / VBA codes so having copy pasted your code in the Developer mode of an Excel file, what are the next steps to use them? Can you please help? Just to recap, I opened a blank Excel workbook, clicked on Developer, copy pasted the comments code and saved the file to the desktop.
Now how do I go about using it to add comments to an existing file? My apologies for asking a question which may be basic to you great geniuses, but I am not there yet and aspire to get there.
Many thanks for helping me with next steps that I need to take so that I can now use the code.
Best Wishes
Deepak Dave, CMA, MBA, PMP
Senior Management Consultant
Dear Dave,
The best thing to do is to copy the macro in the personal.xls(x) file. The personal excel file will always be launched when you open excel so you can use it with every excelworkbook.
Read all about it on the page of Microsoft.
https://support.office.com/en-us/article/Copy-your-macros-to-a-Personal-Macro-Workbook-aa439b90-f836-4381-97f0-6e4c3f5ee566
Once you have the macro in the personal, you can 'call' the macro by the keyboardcombination 'alt+f8' and klik on the macroname.
Hope this clarifies the 'how to'. Good luck with your first steps in the wonderfull world of macro's.
Tom
Hi Tom,
Many thanks. I will try that out. Learning is fun and learning this stuff is even more amazing.
Best Wishes
Deepak Dave
There is a line 'Dim LArea As Long' which does not appear to be used. Have I missed something?
Dear Gary,
Correct the 'Dim LArea As Long' is indeed not relevant and can be deleted.
Tom
Excellent hack!
For some reason when I opened my file after using LibreOffice Calc, all comment boxes had changed to some arrow shape.
So this macro helped me from manually changing more than 5000 comments in a worksheet, or having to install some Excel extension.
I used it with the following attributes to get back old style comments:
It helped me from manually changing more than 5000 comments in a worksheet, or having to install some Excel extension.
.Shape.AutoShapeType = msoShapeRectangle
.Shape.TextFrame.Characters.Font.Name = "Calibri"
.Shape.TextFrame.Characters.Font.Size = 10
.Shape.TextFrame.AutoMargins = True
.Shape.TextFrame.AutoSize = True
Thanks a lot!
This was helpful, thank you
I think this is among the most significant
information for me. And i am glad reading your article.
But wanna remark on some general things, The site style is great,
the articles is really great : D. Good job, cheers
Is there code to add to this that will format a particular part of the comment (i.e. make the last sentence in the comment bold and in italics)?
This is fantastic!
How would I add auto-sizing to it?
I tried adding this:
.Shape.AutoSize = True but it gives me an error and as a novice at VBA I can't figure it out.
.Shape.TextFrame.AutoSize = True
Hello I am so glad I found your web site, I really found you by accident,
while I was browsing on Bing for something else, Nonetheless I am here now and would
just like to say thanks a lot for a remarkable post and a all round entertaining blog (I also love the theme/design), I don’t have time to
read it all at the moment but I have book-marked
it and also added in your RSS feeds, so when I have time I will be back to read a lot more,
Please do keep up the fantastic work.
This is GREAT!
How should the code be changed in order to tun once for all worksheets in a workbook?