Compassoft Launches First Open Governance, Risk Management and Compliance Solution for Spreadsheet Control

Enterprise GRC Systems Can Now View and Control Spreadsheet Risk with Compassoft Enterprise v4.0

Scotts Valley, CA – April 29, 2008 –- Compassoft, the market leader for Enterprise Spreadsheet Governance, Risk and Compliance (GRC) controls, today announced the roll out of Compassoft Enterprise 4.0, the first Spreadsheet GRC management solution to offer an extensible and open architecture for sharing distributed risk information in spreadsheets with enterprise risk and performance management systems, including GRC platforms, Business Intelligence (BI) tools and enterprise resource planning (ERP) systems.

For the first time, executives and their corporate risk managers will have visibility into spreadsheet risk and control violations across their corporate enterprises in a convenient dashboard.  With this release, Compassoft includes a customizable and highly graphical GRC spreadsheet dashboard that leverages Compassoft’s unique business-policy based control framework.   For companies that are already using other management systems as part of their GRC strategy, Compassoft’s information is also readily available for use in their existing dashboards and portals, and can be directly incorporated into their workflow systems.  This quickly exposes control policy violations within the thousands of spreadsheets and PC databases in the enterprise.

“Spreadsheet risk management is an essential component for any successful enterprise GRC strategy,” said Robert Kugel, SVP and research director for Financial Performance Management at Ventana Research. “We find that spreadsheets are a blind spot in almost all enterprise GRC efforts. Companies need to ensure that their management systems take into account the information contained in the vast numbers of spreadsheets and PC databases that are on their network, including ones on desktops and laptops. Compassoft has created a technology solution that can easily share this critical data not only with GRC software but also other enterprise software such as ERP systems, BI, Web analytics, CRM, HIPAA applications and so on.”

“Spreadsheet monitoring has been conducted in a separate silo from the rest of the GRC auditing process, and in many cases it is not conducted at all,” said Michael Rasmussen, president, Corporate Integrity, LLC. “Effective governance, risk and control must be a collaborative process that involves all corporate departments whether financial, legal, risk or IT because spreadsheets represent a major area of risk for them all.”

Automated Control Monitoring for Quick Remediation

Building on Compassoft’s unique “policy-based” spreadsheet control framework, Compassoft Enterprise 4.0 adds policy enforcement to determine if new or changed spreadsheets are being managed effectively.   Control violations are flagged and a notification and a review workflow process are initiated to remediate the problem.   Compassoft Enterprise includes out-of-the-box control policies based on real-world deployments. Alternatively, companies can create their own rules to suit their specific business needs.

Extensible Controls Database to Share Information

With this release, Compassoft provides an unprecedented open spreadsheet control data structure and Web services that allow spreadsheet risk management information to be incorporated into existing management systems dashboards, portals, and workflows to support an integrated enterprise risk strategy.

Risk Management Dashboards for Top-down View

Effective enterprise risk management requires a top-down view into the sources of risk, and a clear understanding of the efficacy of existing control policies.  Compassoft Enterprise v4.0 supports an extensive array of executive reports detailing areas of risk by corporate impact and error probability, overall spreadsheet compliance status, breakdown of control status by risk level, spreadsheet change information, and other management data.  Compassoft maintains a history of information over time for an examination of trended data, and tracks key performance indicators for managerial decision-making. Detailed information is just a click away, and can be modified dynamically to focus on specific areas of interest.

Other Features and Benefits

Compassoft Enterprise v4.0 includes many other new features and enhancements in addition to the company’s trademarked automated risk assessment and control monitoring product capabilities:

1. Executive Views: Interactive, customizable executive dashboard information for risk management oversight;
2. Compliance and Control: Control policy enforcement, compliance assessment and control violation detection;
3. Workflow and Event Notification: Automated framework for risk assessment, monitoring and remediation;
4. Risk Management and Controls Database: Extensible risk management database for custom reporting and third-party risk management system integration;
5. Reports: Extensive standard risk reports and ad-hoc report generation capability;
6. Evaluation: Extension of risk evaluation criteria and spreadsheet complexity assessment;
7. Microsoft Compatibility: Infrastructure improvements including expanded Excel security support, Office 2007 support, and performance enhancements.

Enterprise-wide Control of Spreadsheets

Compassoft Enterprise uniquely combines policy-based controls automation with the ability to discover new or changed spreadsheets, create detailed audit logs of changes to spreadsheets over time and perform automated risk assessment.

Unlike other compliance-focused solutions that seek to manage the process itself, or standalone spreadsheet analysis tools that examine information in a vacuum, Compassoft uniquely provides an end-to-end solution with an enterprise-wide current and historical view of the flow of key information from central databases to and among distributed spreadsheets and reports, with a focus on identifying and preventing the proliferation of bad information and minimizing operational risks.

“Most debates about whether the easily compromised spreadsheet should be used for financials and other critical corporate data assume erroneously that spreadsheets can’t be controlled in the corporate environment,” said Paul Bach, CEO of Compassoft.  “In an uncontrolled environment they represent a significant risk to the enterprise, but technology exists to mitigate that risk.  The reality is that spreadsheets are convenient and flexible tools that will not disappear overnight. Compassoft has created the only policy-based control framework for companies to automatically manage and control spreadsheet risk across their organizations.”

About Compassoft

Compassoft is the market leader for enterprise spreadsheet Governance, Risk and Compliance (GRC) control solutions. Compassoft Enterprise™ enables corporations to manage and control spreadsheets based on business risk policy, automating the continuous discovery and prioritization of spreadsheets throughout the enterprise. By detecting policy exceptions among the thousands of spreadsheets and providing a secure control framework for them, Compassoft’s solutions have improved controls at more than 180 major companies, including the Big Four accounting firms, Allergan, Allied Irish Banks, Bank of America, Bruce Power, CitiGroup, Eli Lilly, HP, Irish Life, Lloyds TSB, Sydney Futures Exchange, Tulane University and Venetian Casinos. For more information, please visit www.compassoft.com.

* * *

Julia Glenister, JAG Wire Group
Tel: (415) 459-3688; Cell: (415) 246-6075
compassoft@jagwiregroup.com