Big4Guy
Big4GuyWelcome to Big4Guy.com. Big4Guy is an online resource where I will share with you the latest news, insights, knowledge and some experiences as a Big 4 consultant. We will discuss some of the important issues which organisations are facing today in the areas of information security, security and controls in SAP R/3, Oracle Applications, J.D.Edwards, Peoplesoft and various other ERP's. You will also find information on latest complaince regulations like Sarbanes Oxley, Basel II and so on. Big4guy will also attempt to provide valuable resources for individuals interested in examinations the CISA, CISM, CISSP, PMP and various other security certifications considered essential for entry in any Big 4 accounting, auditing and consulting firms. You are invited to post your comments and viewpoints to posts here. I sincerely hope this online journal will be useful to everyone from a budding student to a professional in the accounting, auditing, management and consultancy professions.
|
Post details: Simple Spreadsheet Controls for Easier Sarbanes Oxley Compliance
03/23/06
Simple Spreadsheet Controls for Easier Sarbanes Oxley Compliance
Spreadsheets have become the lifeline for almost all companies complying with sarbanes oxley. Even with the best sarbanes oxley automation softwares available in the market, company's use spreadsheets for their simplicity and ease of use. But use of spreadsheets comes with its own set of risks. Here are some controls which can help mitigate the risks associated with the use of spreadsheets.
Access Controls - Spreadsheets can be password protected. Similarly, read, modify, create access to spreadshhets can be restricted by using a central server and assigning user limited access.
Version Control - Appropriate naming conventions should be followed while using spreadsheets. This acts as version control. To take an example spreadsheets can be named as SpreadsheetV1.0.xls, SpreadsheetV1.1.xls and so on.
Change Control - Changes to spreadsheets should be controlled. A process should be put in place wherby changes to spreadsheets are requested and monitored. There can also be a sign-off from supervisor once changes to spreadsheets are complete.
Input Control - Input control for spreadsheet would mean that data is entered in spreadsheets completely and accurately.
Backups & Archives of Spreadsheets - Organizations using spreadsheets should ensure that back-ups are taken for spreadsheets on a regular basis to avoid availability issues. Similarly, spreadsheets which are not going to be used in future should be identified and archived in a seperate drive.
Formulas & Documentation - Speadsheets containing complex formulas should be inspected by a trained person. Any flaws in spreadsheet logic and formulas should be documented for future reference. This also acts as a means of tracking changes in spreadsheets.
Spreadsheet Development Lifecycle SDLC - Similar to a normal SDLC, spreadsheets also go through the same phases namely requirement specification, design, building, testing and maintainence. All spreadsheets should be tested throughly to ensure that spreadsheets produce correct and accurate results.
Related Posts
Section 404 IT Implementation Best Practices
Four Steps in Designing Internal Controls
Corporate Code of Ethics
Fraud Risk Management - Steps to Treat Fraud
Comments:
No Comments for this post yet...
Categories
Archives
Search
| Mon | Tue | Wed | Thu | Fri | Sat | Sun |
|---|---|---|---|---|---|---|
| << < | > >> | |||||
| 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| 8 | 9 | 10 | 11 | 12 | 13 | 14 |
| 15 | 16 | 17 | 18 | 19 | 20 | 21 |
| 22 | 23 | 24 | 25 | 26 | 27 | 28 |
| 29 | 30 | |||||
Misc
All content copyright © 2005-2008
Big4Guy.com
Do not reproduce either in part or full without the express permission of the
Webmaster
