Big4Guy

Post Sarbanes Oxley, spreadsheets have become a major cause of concern for enterprises. In any enterprise, most of the workings, calculations, project plans etc are made using spreadsheets. My personal experience with most companies shows that a sarbanes oxley implementation project generates a lot of excel sheets. A typical spreadsheet for sarbanes oxley would include control objectives, control procedures, testing procedures, testing results and the external auditor's assessment of the controls.

Sarbanes Oxley spreadsheets also have fields such as control owner, frequency of testing, type of control whether manual or automated, control risks, financial statement assertions, exceptions, priority, management action plan, remediated control and remediation date. Typically, enterprises I have been involved with in their sarbanes oxley implementation, have at a minimum 100 excel sheets for documenting controls. In large organizations, the number of spreadsheets can go upto 1000. So why are spreadsheets so important in sarbanes oxley compliance. Even though softwares aree available in the market which serve alomost the same purpose of documenting and testing controls, the actual SOX implementation project begins well before a software is purchased. Spreadsheets are used for controls documentation and testing. Enterprises must ensure that before they go in for a sox compliance software, it satisfies all their requirements. One way to do this is compare it with the columns, fields, rows one in the spreadsheet. If the software can serve the purpose go for it.

Related Posts on Sarbanes Oxley

Enhancing Internal Controls for 404 Compliance
Planning and Scoping for Sarbanes Oxley
Implementing Enterprise Risk Management Framework
Preventive Controls Vs. Detective Controls