Spreadsheet compliance issues 218
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
This post is deleted!
-
Toby,
PWC has a great white paper on evaluating the use of spreadsheets as part of the control environment. If you have not looked at it, youshould.
I work for a fortune 500 company. We are excluding quite a few spreadsheets from our analysis, including account reconciliation spreadsheets (unless they are used to calculate amounts to be used for journal entries) because of the volume and simplicity of their usage. We will end up with a short list of spreadsheets which will be subject to pretty strict access and change controls.
-
We are only looking at spreadsheets which are used in our key controls. That means we have a shortlist of only about a dozen or so that we are considering in scope. Anything else we are treating as user controlled.
For the in- scope ones, we are ensuring they are covered by access controls, change controls etc both at the user end and through IT. This means we are ensuring that the servers and networks where they are located are subject to controls too.