i-nth logo


Uttam Mukherjee


The article discusses the role of auditors in protecting business organizations from potential spreadsheet errors and fraud which lead to inaccurate financial reporting.

Some of the common causes of errors and fraud in spreadsheet include limited software development life cycle tools, not being aware of the tools built into spreadsheet programs, competitive attitude among employees which hinders individuals developing complex spreadsheets from transferring their knowledge to colleagues, among others.

Despite these issues, there are available solutions but implementing them may be difficult. To this end, best practice guidelines for spreadsheet development are encouraged, such as ensuring that spreadsheets meet business and security needs and introducing an inventory list of spreadsheets.


Auditors can help protect their organization from errors and fraud by putting spreadsheet risks in their sights.

The bad:

  • Is management aware of the inherent and residual risks of spreadsheet use?
  • Has management identified and analyzed spreadsheet use as a risk?
  • What internal controls are put in place when developing spreadsheets?
  • What role do internal auditors play?
  • How can internal auditors detect the errors and frauds?
  • What causes the errors and frauds?

The ugly:

  • Spreadsheets have limited software development life cycle tools.
  • Most people are unaware of the tools built into spreadsheet programs and enter data into spreadsheets as they would in a word processor.
  • Management is seldom aware of the intricacies of large, multiple, interrelated spreadsheets. Thus, managers either may not acknowledge the existence of risk or identify it as a matter of minor concern.
  • Competitive cultures at workplaces mean that individuals who develop complex spreadsheets seldom transfer their knowledge to their colleagues.
  • Consequent to this competitive work culture, the board or senior management often must rely heavily on a few people. Unfortunately, if one of these people is dishonest, the chance of fraud increases.
  • Many times management and auditors presume that the logic of formulas, calculations, and links is correct. Hence, they seldom check or rigorously test the validity, integrity, and accuracy of a spreadsheet.
  • Managers may not apply the same rules of internal control and governance that they do to other processes and systems. Spreadsheets proliferate at an alarming rate in an organization without the necessary controls.

The good:

  • Ensuring spreadsheets are developed to meet business and security needs.
  • Introducing an inventory list of authorized spreadsheets.
  • Always checking inputs against source documents.
  • Where possible, adding data validation to input cells.
  • When importing data from another source, ensuring that totals of records and other numeric data match.
  • Ensuring that the software's automated features are not used blindly. For example, by choosing the option to "Enable auto complete of cell values," users may inadvertently enter wrong data that are similar.
  • Testing the validity of links, including external ones.
  • Considering the use of data forms to enter data.
  • Ensuring that managers periodically check for reasonableness of data.
  • Protecting spreadsheets or important ranges of data within a spreadsheet.
  • Ensuring an audit trail exists.


2009, Internal Auditor, April, pages 25-26

Full article

The good, the bad, and the ugly