Managing Critical Spreadsheets in a Compliant Environment

TL;DR

This paper discusses the importance of controlling critical financial spreadsheets to mitigate risks like errors, misuse, and fraud, especially under regulatory requirements such as SOX and Basel II.

Contribution

It provides a summary of key issues and best practices for establishing and maintaining controls over business-critical spreadsheets in compliance environments.

Findings

Automating internal controls reduces financial reporting risks.

Version, change, and access controls are essential for critical spreadsheets.

Regulatory mandates drive the need for stricter spreadsheet management.

Abstract

The use of uncontrolled financial spreadsheets can expose organizations to unacceptable business and compliance risks, including errors in the financial reporting process, spreadsheet misuse and fraud, or even significant operational errors. These risks have been well documented and thoroughly researched. With the advent of regulatory mandates such as SOX 404 and FDICIA in the U.S., and MiFID, Basel II and Combined Code in the UK and Europe, leading tax and audit firms are now recommending that organizations automate their internal controls over critical spreadsheets and other end-user computing applications, including Microsoft Access databases. At a minimum, auditors mandate version control, change control and access control for operational spreadsheets, with more advanced controls for critical financial spreadsheets. This paper summarises the key issues regarding the establishment and maintenance of control of Business Critical spreadsheets.