Sarbanes-Oxley: What About all the Spreadsheets?
Raymond R. Panko, Nicholas Ordway
TL;DR
The paper discusses the risks associated with spreadsheets in corporations post-Sarbanes-Oxley, emphasizing the importance of testing and control frameworks to mitigate errors and fraud risks.
Contribution
It highlights the need for comprehensive spreadsheet testing and control frameworks, and discusses how to quantify spreadsheet risks and improve fraud detection capabilities.
Findings
Spreadsheet errors are significant and quantifiable.
Testing is crucial for effective spreadsheet control.
Control frameworks can reduce spreadsheet-related risks.
Abstract
The Sarbanes-Oxley Act of 2002 has finally forced corporations to examine the validity of their spreadsheets. They are beginning to understand the spreadsheet error literature, including what it tells them about the need for comprehensive spreadsheet testing. However, controlling for fraud will require a completely new set of capabilities, and a great deal of new research will be needed to develop fraud control capabilities. This paper discusses the riskiness of spreadsheets, which can now be quantified to a considerable degree. It then discusses how to use control frameworks to reduce the dangers created by spreadsheets. It focuses especially on testing, which appears to be the most crucial element in spreadsheet controls.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSpreadsheets and End-User Computing · Statistics Education and Methodologies