profile

The HaiQu Newsletter

How do you audit a regulated data processing spreadsheet? Part 1: Before I even open it.

Published over 1 year ago • 1 min read

When you're confronted with a spreadsheet full of data, how do you audit it? where do you start? What kind of things should you be looking for?

Let's say I'm seeing a data processing spreadsheet template for the first time. Before I even open up the spreadsheet, I want to ask a few questions:

  • What exactly am I looking at? Is it the spreadsheet file itself, or a printouts / PDF images of the spreadsheet? If it's an image, is it the complete record?
  • What's the use case for this spreadsheet? What kind of data are we processing? Does it directly affect the safety of a patient, quality of a product, or study data?
  • Does it come from an approved template, or is it a one-off designed around this particular data set?
  • How is the file controlled? Which version am I looking at? Can I tell if it's from the latest approved release?
  • Where did the data come from? Is any of it direct entry of original inputs?
  • Is it transcribed, imported, cut/pasted, or is that part uncontrolled?
  • Were the users trained on filling this spreadsheet with data?
  • Do I have access to the input data?
  • Is there an SOP or instructions governing the use of the spreadsheet?

Until next time, thanks for reading!

– Brendan

p.s. Enjoy this message? Read more at the Hyland Quality Systems website.

The HaiQu Newsletter

I'm Brendan Hyland. I help regulated facilities transform their software, spreadsheets, workflows and documents from time-consuming, deviation-invoking, regulatory burdens, to the competitive advantage they were meant to be. Join me every week as we take a few minutes to explore, design, test and improve the critical systems we use in our facilities.

Read more from The HaiQu Newsletter

I’ve seen this pattern repeatedly: Instrument data is saved as an Excel or CSV. Data is then copied to a bare-bones spreadsheet with several columns of calculations or transformations. Results from the spreadsheet’s calculations are copied for use further down the data analysis pipeline. And I, the auditor, get handed a signed and dated pdf of the worksheet. Was this email forwarded to you? Subscribe Here! Why yes, M. Inspector, this spreadsheet was validated! Ok, they are rarely this bad - I...

4 days ago • 1 min read
The Spreadsheet Risk Reduction Guide

Calling quality people everywhere! I've just released something I think you'll find useful. Over the past 20 years working in regulated environments, I've seen the same spreadsheet problems show up again and again: A quick Excel tool gets built to solve an immediate need. It works. Gets "validated" with a few hand calculations. Then gets reused and modified for different datasets or slightly different purposes. Eventually - sometimes months or years later - someone discovers an error. Or an...

6 days ago • 1 min read

I'm thrilled to announce that I'll be presenting at the CCSQA/NERCSQA Joint Annual Meeting in October! The conference is 2 days, Thursday & Friday, 16-17 October 2025, in Laval, Quebec, Canada. On-site and virtual attendance available. Here's the announcement link: https://sqa.org/CCSQA/CCSQA/Events/Upcoming_Events.aspx My session is on Friday morning, and titled "The power of a specification: Freeing your creative self to go beyond compliance." Here's the abstract: As busy quality...

29 days ago • 1 min read