PC-based spreadsheets or databases are often used to provide critical data or calculations related to financial risk areas within the scope of a SOX 404 assessment. Financial spreadsheets are often categorized as end-user computing (EUC) tools that have historically been absent traditional IT controls. They can support complex calculations and provide significant flexibility. However, with flexibility and power comes the risk of errors, an increased potential for fraud, and misuse for critical spreadsheets not following the software development lifecycle (e.g. design, develop, test, validate, deploy). To remediate and control spreadsheets, public organizations may implement controls such as:
- Inventory and risk-rank spreadsheets that are related to critical financial risks identified as in-scope for SOX 404 assessment. These typically relate to the key estimates and judgments of the enterprise, where sophisticated calculations and assumptions are involved. Spreadsheets used merely to download and upload are less of a concern.
- Perform a risk based analysis to identify spreadsheet logic errors. Automated tools exist for this purpose.
- Ensure the spreadsheet calculations are functioning as intended (i.e., ""baseline"" them).
- Ensure changes to key calculations are properly approved.
Responsibility for control over spreadsheets is a shared responsibility with the business users and IT. The IT organization is typically concerned with providing a secure shared drive for storage of the spreadsheets and data backup. The business personnel are responsible for the remainder.
This book is your ultimate resource for Spreadsheet Control. Here you will find the most up-to-date information, analysis, background and everything you need to know.
In easy to read chapters, with extensive references and links to get you to know all there is to know about Spreadsheet Control right away, covering: Information technology controls, Corporate Governance of ICT, Corporate governance of information technology, AS 8015, Autonomic Networking, Chief web officer, COBIT, Data custodian, Data governance, Data steward, Data visualization, Governance Interoperability Framework, IBM Tivoli Unified Process (ITUP), ISO/IEC 38500, Ministry of Communications and Information Technology (Egypt), Project governance, Public ROI, Risk IT, SOA Governance, TickIT, Total cost of ownership, Val IT, Web content lifecycle, Website governance.
This book explains in-depth the real drivers and workings of Spreadsheet Control. It reduces the risk of your technology, time and resources investment decisions by enabling you to compare your understanding of Spreadsheet Control with the objectivity of experienced professionals.