Spreadsheet governance

Right-sized control for the spreadsheets that matter

Most teams don’t need an enterprise GRC platform to govern their critical workbooks. They need to know what changed, who changed it, and to require review where the stakes are real. SheetDelta does that on the SharePoint you already use.

Join the closed beta See the platform

The spreadsheet is staying. Govern it anyway.

Critical numbers still run on spreadsheets — the budget, the reconciliation, the pricing model, the figures that end up in a board pack. Everyone knows the famous cases where a spreadsheet error moved real money, and everyone knows their own files carry some of that same risk. The usual response is one of two extremes: ignore it, or buy a heavyweight end-user-computing platform and inventory every workbook in the building.

There’s a pragmatic middle. Governance, in practice, is three things — knowing what changed, knowing who changed it, and requiring review where it matters. You can have all three without a long rollout or a tool nobody adopts, because the right amount of control isn’t the same for every file.

One workbook, the right amount of control

Governance fails when it’s all-or-nothing. Set the level per workbook and slide it up only as the stakes go up — light by default, strict where it counts.

Track-only

Versions, cell-level comparisons, and a notification when something changes. No approver, no blocking. The right setting for the everyday files — you get a clean history without slowing anyone down.

Review after the fact

The same history, plus a place to comment on a change and mark it reviewed. Catches mistakes without standing between an analyst and their work. Good for shared models that aren’t yet board-facing.

Four-eyes & sign-off

Require one or more distinct approvers before a change is trusted, block self-approval, and resolve open comments first. This is where the control files belong: the reconciliation, the rate card, the model the committee sees.

Gate it

For the few files where a bad change is genuinely costly, hold the change until it’s approved — by reverting or staging it — and run content checks first. The strictest setting, used sparingly.

Spend control where the risk is

A team rarely has hundreds of files that need formal review. It has a few dozen that touch real decisions and a long tail that doesn’t. Treating them the same is how governance programs die: review everything and people route around the tool; review nothing and you’re back to guessing what changed.

The workable approach is to start everything in track-only mode — so you have history and who-changed-what across the board with zero friction — then turn on sign-off only for the control files. That’s a governance posture you can stand up this week and actually keep.

The controls that earn their place

Plain, concrete, and limited to what reduces real risk.

Know what changed

A cell-level comparison of every version: which formula moved, which value was overwritten, which sheet appeared. The foundation everything else sits on.

Know who changed it

Authorship from SharePoint or OneDrive attached to each change, so accountability is built in rather than reconstructed after something breaks.

Require review where it matters

Sign-off on the control files, nothing on the scratch files. The point of governance is to spend control where the risk is, not everywhere.

Catch the dangerous edits

Team Plus

Flag a formula overwritten with a hard-coded number, an edit inside a locked range, or a control total that no longer foots — the changes that quietly break a model.

Keep an exportable trail

Every version, change, comment, and approval, ready to hand to finance, risk, or an auditor. See Excel audit trail.

Run on the tools you have

It watches the SharePoint or OneDrive your team already saves to. No migration, no second place to put files, no new habit to enforce.

Without the heavyweight platform

Dedicated end-user-computing suites are real software for a real problem — a large, regulated estate with formal model inventories and a team to run them. Most finance and operations groups aren’t that. They need the basics done well and adopted: change visibility, author attribution, review on the files that matter, and an exportable trail — running on the SharePoint or OneDrive they already live in, with nothing new for anyone to learn.

That’s the bet SheetDelta makes. To be clear about the boundary: it makes every change reviewable; it does not branch and merge workbooks, because three-way-merging binary files corrupts them. For the version-control angle, see version control for Excel; for the record itself, see Excel audit trail.

Frequently asked questions

What is spreadsheet governance?

It’s the set of practices that keep a critical spreadsheet trustworthy: knowing what changed in it, who changed it, and requiring review before a change is relied on — plus a record you can show later. It isn’t about locking spreadsheets down or banning them. It’s about applying a sensible amount of control to the handful of files where a mistake actually costs money.

Do we need dedicated GRC or EUC software for this?

Usually not. Heavy end-user-computing platforms (the Apparity/CIMCON tier) make sense for large, highly regulated estates with hundreds of inventoried models. Most teams have a few dozen files that matter and need the basics done well: change visibility, who-changed-what, review where it counts, and an audit trail. SheetDelta covers that without a six-month rollout — and runs on the SharePoint you already use.

How do we start without disrupting everyone?

Start in track-only mode on one library. People keep saving exactly where they save today; SheetDelta just begins comparing each new version and recording who changed what. Nobody is blocked and nothing changes about their day. Once the history is proving useful, turn on review and sign-off for the two or three control files that warrant it — and leave the rest light.

Which controls actually matter most?

Three, in order. First, change visibility — a cell-level comparison so you can see what moved at all. Second, accountability — who changed it. Third, review on the control files — sign-off before a change ships, with a check for the obvious failure modes like a formula replaced by a value or a total that stops footing. Everything else is refinement on top of those.

Does this replace our spreadsheet policy?

No — it’s what makes a policy real. A document that says “critical models must be reviewed” does nothing on its own. SheetDelta is the place where that review happens, gets recorded, and can be shown to have happened, so the policy stops being a PDF and becomes something you can demonstrate.