2/26/22, 10:30 PM AIN2601-22-S1: Study Unit 6: Spreadsheet security, risks and controls

MENU 

Dashboard / My courses /
AIN2601-22-S1 /
Part 2: SPREADSHEET /
Study Unit 6: Spreadsheet security, risks and controls

Study Unit 6: Spreadsheet security, risks and controls

1     Introduction

In the previous study unit we showed you what a powerful tool Microsoft Office Excel can be when
it is used to perform calculations, present
reports and charts and analyse data.

Spreadsheets have become an essential tool for numerous entities, many of whom cannot function without the use of spreadsheets. This is why
spreadsheet security and control have become so important to ensure that spreadsheets, which organisations rely on, are not compromised,
leading to incorrect calculations, reports, charts
and data analysis, which
in turn could lead to incorrect management decisions.

In this study
unit we will focus specifically
on spreadsheet security, risks
and controls.

2     Spreadsheet risks

Many things can go wrong with spreadsheets.

Unauthorised modifications or data input
may
occur, resulting in incorrect output, be it intentional
or unintentional. There is also the
possibility of errors contained in the formulas and functions used to perform calculations in spreadsheets.

Thus to assess the risk potential for certain spreadsheets, the following factors have to be
considered:

·        
Complexity. Spreadsheets containing complex calculations and functions,
including the use of macros with multiple sources of input,
present a greater potential risk owing
to the complex
calculations.

·        
Frequency of use and updating. Spreadsheets that
are frequently
used or updated pose a greater potential risk owing to the potential for
incorrect input or updating of information or modification of calculations.

·        
Number of users using a spreadsheet. Spreadsheets that
are used by more users have a greater potential risk, especially if
these users can
enter data or change formulas and functions.

·        
Time in use. This relates
to spreadsheets that are used for
a long time (a year
or longer). The potential risk increases because the initial data
entered may be incorrect,
potentially leading to subsequent data
being negatively
affected in future months.

Hence unauthorised modifications or data entry, or spreadsheets containing errors either because of incorrect data being entered or incorrect
formulas
or functions being used in calculations
will lead to errors, with management making incorrect decisions.

Owing to
the
structural design of
spreadsheets, a minor change in a formula
or value or in any of their input cells may affect their overall output,
where manual errors may also go
undetected.

Because the user only sees the results on the face of the spreadsheet or printed report,
these errors
could
easily go unnoticed.

https://mymodules.dtls.unisa.ac.za/mod/page/view.php?id=87884&forceview=1 1/11
2/26/22, 10:30 PM AIN2601-22-S1: Study Unit 6: Spreadsheet security, risks and controls

Typical errors
include

·       
accidental
copy-paste

·       
omission of a
negative sign
MENU 
·       
erroneous range
selection

Dashboard data
·       
incorrect / My courses /
AIN2601-22-S1 /
Part 2: SPREADSHEET /
Study Unit 6: Spreadsheet security, risks and controls
input

·       
unintentional deletion of a
character, cell, range, column
or row

·       
sorting of only
a portion of the data
range

Another common error is the possibility of the user working on the wrong spreadsheet
version.

The potential consequences of one or more of the above errors occurring or security
being breached with unauthorised modifications to
spreadsheets could
result in:

·         
financial
loss
or bankruptcy of an organisation

·         
incorrect costing or
budgeting

·         
public embarrassment, adverse
news coverage
or loss of reputation

·         
loss
of investor confidence

·         
loss
of share value

·         
loss of financial control

·         
career
damage

·         
lawsuits

3      Spreadsheet controls

With the potential risks of a breach in

security or the occurrence of an error in spreadsheets, management will need
to implement controls to
minimise the risks
identified.

There are various ways of controlling spreadsheets. One is to

make
regular back-ups of spreadsheets
and
to audit working versions of
spreadsheets
from
time
to time to
check any
changes
made to ensure that the spreadsheet still works as it was
intended to.

Spreadsheet use also poses inherent risks. These risks can be lessened by reducing the
number of spreadsheets in use. The use of tested and
audited templates for frequently recreated spreadsheets can
also decrease risks.

The following controls (including

security controls) may be implemented for spreadsheets:

·     
Change control. Spreadsheet changes including changes in formulas and
functions need written approval, review and acceptance in order
to
maintain data
integrity.

·     
Access control. General IT controls
should protect
spreadsheets from unauthorised outside access.

̶  
Low-risk spreadsheets residing on a user’s computer system require password
protection.

̶  
High-risk spreadsheets need to be stored on a server that has a secure file directory. Access rights to these folders need to be restricted to the
authorised users.

https://mymodules.dtls.unisa.ac.za/mod/page/view.php?id=87884&forceview=1 2/11
2/26/22, 10:30 PM AIN2601-22-S1: Study Unit 6: Spreadsheet security, risks and controls

·       
General security controls. General security controls relating to file access controls that may be implemented are as follows:

-  a password required
for
opening or reading workbooks
MENU 
-  a password required
to make changes to the workbook structure

-  a Dashboard / My courses /
AIN2601-22-S1
password required
for
changing the content in/ a
Part
sheet2:or
cell
SPREADSHEET /
Study Unit 6: Spreadsheet security, risks and controls

A password may encrypt the specific workbook, the structure or the cells in a spreadsheet. Note, however, that commercial hackers may use
various programs available on the internet to obtain the password for a file – hence password protection
alone may not be sufficient.

The following steps should also be followed and communicated to the users of spreadsheets that
are password protected to ensure that
their
passwords stay safe and that this is
regarded as good practice for password
protection:

-  
Do not share the password with anyone.

-  
Do not write
the
password down and place
it where people can find
it.

-  
Do not use an obvious password (eg birthdays or names) that someone could easily guess.

-  
Use a combination
of letters and
numbers.

-  
Include uppercase and lowercase
letters, numbers
and symbols in the password.

-  
Use numbers
to represent letters, for instance, 3
for
your E and 1 for i.

-  
Passwords should
be eight or more
characters in length.

-  
Change passwords
regularly if needed.

·     
Input control. Spreadsheet input data needs to be verified to the original source data for accuracy. Another person also needs to trace inputs
back to original
source data.

·     
Logical inspection. An independent person other than the spreadsheet user should test the formulas and functions for correctness. Only one
logical inspection per spreadsheet is required if the other controls are
working effectively.

Another facet of logical inspection is the inclusion of

fixed values in formulas.
A formula should never contain a fixed (“hard-coded”) value. Even
“permanently” fixed components
(eg tax rate) can change in the context of business operations. To prevent these types of
mistakes you could
separate the input
components from the formulas by having a data input section/sheet in which you can easily
identify the various inputs and
assumptions on the face
of the spreadsheet and update these without the need to
change the detailed formulas/
functions. The use of control
balances may also prove helpful to ensure the soundness of formulas or
input on spreadsheets.

In so doing, the use of formulas and functions becomes much more flexible, with a decrease in potential errors caused
by the inclusion of an
incorrect
fixed value.

(a)   Display formulas

You may be auditing formulas and you need to see all the formulas on the worksheet. You
can use the following procedures to control the hiding
or
displaying of formulas:

There are two ways to switch between displaying

formulas
and their values
on a worksheet:

https://mymodules.dtls.unisa.ac.za/mod/page/view.php?id=87884&forceview=1 3/11
2/26/22, 10:30 PM AIN2601-22-S1: Study Unit 6: Spreadsheet security, risks and controls

·       
Using an icon/command:

–   Click
on the Formulas
tab on the Ribbon.

–   In the Formula Auditing group, click on

the Show Formulas
icon.
MENU 

Dashboard / My courses /
AIN2601-22-S1 /
Part 2: SPREADSHEET /
Study Unit 6: Spreadsheet security, risks and controls

OR

·       
Using the keyboard:

-   Press
CTRL and
~ (the grave accent) simultaneously

4      Microsoft
Office Excel
security
controls

Microsoft Office Excel provides various levels of security and protection, allowing you to control who can access and change the file’s data. To
protect a workbook containing data
you
can do the following:

·       
Optimal security.
Protect your
entire
workbook file with a password
allowing
only authorised users
to view or modify
the
data.

·       
Additional protection of specific data. Protect certain worksheet or workbook elements, with or without a password. This will help to
prevent users from accidentally or
intentionally changing,
moving
or deleting data, formulas or functions.

In the next activities we will demonstrate how

to do both. 

.4.1
Using passwords to help secure
an entire workbook

You can secure

an entire
workbook

·       
by restricting who can
open and use the workbook data

·       
by requiring a password to view or to save changes to the workbook

For optimal password security, always assign a password

to open and view the file. In section
4.2 you will learn how to give only certain users
permission to modify data or
workbook elements.

Before you start the next practical section, start/open the Microsoft Office Excel Program.

(a)   To
encrypt
your workbook
and set a password
to open it

Computer activity 6.1 - Password protecting the whole Workbook

·    
In an open spreadsheet, click
the File tab.

·    
Click on Info.

https://mymodules.dtls.unisa.ac.za/mod/page/view.php?id=87884&forceview=1 4/11
2/26/22, 10:30 PM AIN2601-22-S1: Study Unit 6: Spreadsheet security, risks and controls

·    
This will open the Info
menu options.

·    
Click on
the arrow below Protect Workbook. The following options
appear:

MENU 

Dashboard / My courses /
AIN2601-22-S1 /
Part 2: SPREADSHEET /
Study Unit 6: Spreadsheet security, risks and controls

·       
Select Encrypt with Password, the Encrypt Document dialog
box
appears.

·       
Type in the password, and click on OK

-  
Take note that you choose a password you will be able to remember later
on

-  
Take the guidelines for good practice for password protection in section
3 into consideration

·       
In the Confirm Password dialog
box, in the Reenter password box,
type the password again, and then click OK.

·       
To save the password, save the file.

·       
After typing the  password, the “Protect Workbook” option
colour filling changes  from white to
light-brown as per above with a message: “A
password is required to open this
workbook”

https://mymodules.dtls.unisa.ac.za/mod/page/view.php?id=87884&forceview=1 5/11
2/26/22, 10:30 PM AIN2601-22-S1: Study Unit 6: Spreadsheet security, risks and controls

 
MENU 

Dashboard / My courses /
AIN2601-22-S1 /
Part 2: SPREADSHEET /
Study Unit 6: Spreadsheet security, risks and controls

·       
Close the workbook, and open it again.

·       
Before opening, the workbook should first
prompt you to put in a password, see below:

4.2 Protecting
a specific worksheet or workbook elements

When you share a workbook with other users in order to work together on the data, you may want to
protect data in specific worksheets or
workbook elements to prevent it from being
changed/edited by other users. Passwords may be used to enable users to enter
so that
they can
modify
specific workbook
and worksheet elements that are protected.

The difference between a

workbook and a worksheet can be explained
as follows:

·       
A workbook is the actual Microsoft Office Excel file that stores all the entered data and
information. Workbooks contain worksheets.

·       
A worksheet, also known as a spreadsheet, is the combination of cells that contain data, which the user can
enter and manipulate.

NOTE

Workbook element and worksheet

element protection is not workbook-level
password
security (as per
4.1 above). Element protection cannot
protect a workbook from users with malicious
intent.

  

4.2.1.         
Protecting
worksheet elements

When you protect a worksheet, all cells on the worksheet are locked by default, and users cannot make any changes to a locked cell. For example,
they cannot insert, modify, delete or format data in a locked cell. However, you can specify which elements users will be allowed to change when
you
protect the worksheet.

To protect worksheet
elements

 Computer activity 6.2

(a)    To protect a worksheet

·      
Select the worksheet you
want to protect.

https://mymodules.dtls.unisa.ac.za/mod/page/view.php?id=87884&forceview=1 6/11
2/26/22, 10:30 PM AIN2601-22-S1: Study Unit 6: Spreadsheet security, risks and controls

·       On the Review tab, in

the
Changes group, click Protect Sheet.

  MENU 

Dashboard / My courses /
AIN2601-22-S1 /
Part 2: SPREADSHEET /
Study Unit 6: Spreadsheet security, risks and controls

As noted above,
all cells on the worksheet are locked by default.

·      
In the Password to unprotect
sheet box, type a password for the sheet, click OK and then retype the password to confirm it.

·     
To unlock a protected worksheet, click on “Review” tab then Unprotect Sheet

·     
Then type in password to unprotect the
sheet

(b)   To unprotect an
individual cell(s) within an already protected
a worksheet

Perform these procedures if you want to allow users to be able to

change/amend specific cell(s) within a locked/protected worksheet.

If locked, you need to unlock the whole protected sheet per (a) above.

·     
Select/highlight the cell(s) you want to
unlock and allow changes/amendment to be done to those.

·     
Select cell B5

·     
Right click and select the “Format Cells” option.

·     
Click on “Protection” tab, then unselect
(clear) the “Locked” check box

·     
Click on OK.

·     
Then lock/protect the whole worksheet again
as outlined in (a) above.

·     
The whole worksheet is now locked except for the cell you have
highlighted above (B5).

https://mymodules.dtls.unisa.ac.za/mod/page/view.php?id=87884&forceview=1 7/11
2/26/22, 10:30 PM AIN2601-22-S1: Study Unit 6: Spreadsheet security, risks and controls

MENU 

Dashboard / My courses /
AIN2601-22-S1 /
Part 2: SPREADSHEET /
Study Unit 6: Spreadsheet security, risks and controls

(c)   
To hide
formulas in a protected
worksheet:

Perform these procedures if you do not want

users to view/see certain formulas within a locked/protected worksheet.

·        
If locked, first unlock/unprotect the whole
protected sheet as per (a) above.

·        
Select/highlight the cell(s) with the
formulas you want to hide for viewing.

·        
Select cell AB45

·        
Right click and select “Format Cells” option

·        
Click on “Protection” tab and select
the “Hidden” check box

·        
Click on OK.

·        
Lock/protect the whole worksheet again as outlined
in (a) above.

·        
All the formulas in the worksheet are now
visible except for the cell you have
highlighted above (AB45).

(d)   To unlock any graphic

objects inserted in worksheet (such as pictures, clip art, shapes or Smart Art
Graphic)

Perform these procedures if you wish to

lock any image/object inserted in the worksheet.

·        
If locked, first unlock/unprotect the
worksheet as per (a) above.

·        
Hold down the CTRL key (on the keyboard)
and then click on the object you wish to lock/unlock

·        
A “Format”
tab will then appear on the Ribbon.

·        
Click on the Format tab

·        
In the Size
group, click the Dialog Box Launcher

·        
The “Format
Shape” window will open to the right of your screen.

https://mymodules.dtls.unisa.ac.za/mod/page/view.php?id=87884&forceview=1 8/11
2/26/22, 10:30 PM AIN2601-22-S1: Study Unit 6: Spreadsheet security, risks and controls

MENU 

Dashboard / My courses /
AIN2601-22-S1 /
Part 2: SPREADSHEET /
Study Unit 6: Spreadsheet security, risks and controls

·        
On the Properties
drop-down menu, clear the Locked
check box.

NOTE

The password is optional. If you do not supply

a password, any user can unprotect the sheet and change the protected elements. Make sure that
you choose a password that
is easy to remember, because if you lose the password, you cannot gain access to the
protected elements on
the
worksheet.

                                 

4.2.2.         
Protecting
the WORKBOOK

Computer
activity 6.3

(a)  To protect/lock the workbook

·    On the Review

tab, in the Changes group, click Protect Workbook.

·    A
“Protect Structure and Windows”
window will open.

·    To
protect the structure of a workbook, select the Structure check box.

·    To
keep the workbook windows in the same size and position every time the workbook
is opened, select the Windows check
box.

·    To
prevent other users from removing workbook protection, in the Password
(optional) box, type a password, click OK.

·    Click
OK.

Retype
the password to confirm it.

https://mymodules.dtls.unisa.ac.za/mod/page/view.php?id=87884&forceview=1 9/11
2/26/22, 10:30 PM AIN2601-22-S1: Study Unit 6: Spreadsheet security, risks and controls

MENU 

 
Dashboard / My courses /
AIN2601-22-S1 /
Part 2: SPREADSHEET /
Study Unit 6: Spreadsheet security, risks and controls

To remove protection
from
a worksheet

Computer activity 6.3

(b)  
To remove protection from a worksheet

·       
On the Review
tab, in the Changes
group, click the greyed-out “Protect Workbook”

·       
Type in the
password in the “Unprotect Workbook”
window.

·       
Click OK.

4.3  Protecting
confidential data in a workbook

Hiding, locking and protecting workbook and worksheet elements are not intended to secure or protect any confidential information you keep in a
workbook. This will only help
obscure data or formulas that
might confuse other users and prevent them from viewing or
making changes to that
data.

Excel does not encrypt data that is hidden or locked in a workbook. To help keep confidential data confidential, you may want to limit access to
workbooks containing such information
by storing them in a location that is
available
only to authorised
users.

5      Summary

https://mymodules.dtls.unisa.ac.za/mod/page/view.php?id=87884&forceview=1 10/11
2/26/22, 10:30 PM AIN2601-22-S1: Study Unit 6: Spreadsheet security, risks and controls

In this study unit we discussed and described spreadsheet risks and controls. We specifically discussed factors to consider when assessing the
potential risk of spreadsheets, including
the
consequences of errors contained in spreadsheets. We looked at controls that can be implemented to
minimise
the risks identified. Lastly, we focused on certain security and
privacy controls that
are included in Microsoft
Office
Excel that you can use
MENU 
to protect your data, formulas and
functions.

Dashboard / My courses /
AIN2601-22-S1 /
Part 2: SPREADSHEET /
Study Unit 6: Spreadsheet security, risks and controls

Last modified: Friday, 10 December 2021, 12:44 PM

◄ Study Unit 6: Overview

Jump to...

Study Unit 7: Overview ►

You are logged in as SHANE GOWER (Log out)

AIN2601-22-S1

Data retention summary

Get the mobile app

https://mymodules.dtls.unisa.ac.za/mod/page/view.php?id=87884&forceview=1 11/11