Nancy Coster, Linda Leon, Lawrence Kalbers, & Dolphy Abraham
Past studies show that only a small percent of organizations implement and enforce formal rules or informal guidelines for the designing, testing, documenting, using, modifying, sharing and archiving of spreadsheet models. Due to lack of such policies, there has been little research on how companies can effectively govern spreadsheets throughout their life cycle.
This paper describes a survey involving 38 participants from the United States, representing companies that were working on compliance with the Sarbanes-Oxley Act of 2002 (SOX) as it relates to spreadsheets for financial reporting.
The findings of this survey describe specific controls organizations have implemented to manage spreadsheets for financial reporting throughout the spreadsheet’s lifecycle. Our findings indicate that there are problems in all stages of a spreadsheet’s life cycle and suggest several important areas for future research.
We asked the 38 respondents to identify the top three processes where implementing appropriate controls for critical spreadsheets used in financial reporting are most difficult.
Respondents were most concerned with change management, version management and access control. They were most confident with the backup process.