Spreadsheet Controls - how to apply (scenarios provided) ? 2530



  • I have just finished reading PWC’s whitepaper on Spreadsheet Controls.
    12 ways to protect spreadsheets are being suggested.
    However, have any one of you experienced auditors which strictly require all 12 to be adopted?
    If not, which are the usual ones that are adopted that can satisfy auditors’ requirement?

    Critical Spreadsheet Identification:
    Also, am I right to identify the critical spreadsheets by sieving out those spreadsheets where computed balances are deemed material and that these balances get directly keyed into Accounting books e.g., warranty accruals to be manually recorded into GL?
    What about those spreadsheets where computed balances do not get input into Accounting books directly, instead they are input into other spreadsheets?
    E.g., social funds deduction computed via spreadsheet; the computed deductions (amt is above given materiality level) are input into a separate payroll spreadsheet; the eventual computed payroll amount (amt above given materiality level) gets keyed into Accounting books.
    In this case, which spreadsheets should be subject to protection?
    Also in another scenario, if the social deductions computed amt is not material, BUT the eventual consolidated payroll amount is, then which spreadsheets should be subject to protection?
    sorry for the long read…



  • I am unaware of any auditors that require all of the suggested controls. We generally have in place - limited access (either LAN security or sheet is PW protected), cell protection, control totals and other data integrity checks. This is sufficient for our auditors. It also helps if you have analytical controls in place as well.
    As for what spreadsheets to include as ‘significant’, we generally only include those that directly feed a JE to a significant account where normal analytics can’t be used as a control or where the spreadsheet acts as a subledger to support a GL account.


Log in to reply