Authors
Tim Burdick
Abstract
Learn how internal auditors can play a leading role in helping organizations maximize the effectiveness of spreadsheet management activities by incorporating six steps as part of ongoing audit efforts.
Efficient and cost-effective, spreadsheets are ubiquitous in today's business world. Many managers, for instance, rely on spreadsheets to track workflow processes and report financial data, while at the executive level, spreadsheets can offer instant and concise snapshots of the organization that often drive critical business decisions.
However, the primary advantages of spreadsheets — their simplicity and ease of use — also pose the greatest risks. For example, in many organizations spreadsheets act as small, standalone applications that lack systemwide controls. Therefore, employees are able to create, access, manipulate, and distribute spreadsheet data, as well as introduce critical errors as they manually enter new information or configure existing formulas.
Internal auditors can help organizations detect these and other risks by creating a spreadsheet inventory and developing spreadsheet baselines, among other steps.
Sample
To help organizations enhance the management of their spreadsheet environment, auditors can incorporate the following six steps as part of their ongoing audit activities:
- Identify critical spreadsheets for review.
- Create a spreadsheet inventory.
- Rank each spreadsheet's risk level.
- Develop a baseline for each spreadsheet.
- Evaluate policies and procedures for spreadsheet use.
- Review controls that protect spreadsheet baselines.
Publication
2008, IT Audit, Volume 11, March
