Spreadsheet Management. Field Interviews with Senior Managers by Caulkins et. al. (2007) report that Spreadsheet errors are common and have been observed.

Slides:



Advertisements
Similar presentations
Internal Control in a Financial Statement Audit
Advertisements

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.
Presented by YOUR NAME THE DATE
Secure Systems Research Group - FAU Process Standards (and Process Improvement)
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Auditing Computer Systems
Auditing Computer-Based Information Systems
…optimise your IT investments Spreadsheet Management Maturity Model Philip Howard Research Director – Bloor Research.
1 Continuous Auditing Implications: Rethinking the Roles of Systems of Internal Controls Presented by Rob Nehmer Berry College at the Fifth Continuous.
ProCognis SOX 404 & COSO Implementation Presentation
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
System Implementations American corporations spend about $300 Billion a year on software implementation/upgrade projects.
Information Systems Controls for System Reliability -Information Security-
SAS 112: The New Auditing Standard Jim Corkill Controller Accounting Services & Controls.
Chapter 17 Acquiring and Implementing Accounting Information Systems
Spreadsheet Management. Sarbanes-Oxley Act (SOX, 2002) Requires “an effective system of internal control” for financial reporting in publicly- held companies.
© Copyright 2012 Pearson Education. All Rights Reserved. Chapter 10 Fraud & Internal Control ACCOUNTING INFORMATION SYSTEMS The Crossroads of Accounting.
Internal Auditing and Outsourcing
Integrated Capability Maturity Model (CMMI)
Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.
D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.
Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.
Demystifying the Business Analysis Body of Knowledge Central Iowa IIBA Chapter December 7, 2005.
Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee.
INTERNAL CONTROL OVER FINANCIAL REPORTING
Chapter Three IT Risks and Controls.
Chapter 5 Internal Control over Financial Reporting
Internal Control in a Financial Statement Audit
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.
Roles and Responsibilities
Internal Control in a Financial Statement Audit
1 Chapter Three IT Risks and Controls. 2 The Risk Management Process Identify IT Risks Assess IT Risks Identify IT Controls Document IT Controls Monitor.
1 Today’s Presentation Sarbanes Oxley and Financial Reporting An NSTAR Perspective.
Auditing Information Systems (AIS)
The views expressed in this presentation do not necessarily reflect those of the Federal Reserve Bank of New York or the Federal Reserve System Association.
Avoid Disputes, Not Complaints Presented by: Stuart Ayres and Derek Pullen Stuart Ayres, Scheme Manager Derek Pullen, Scheme Adjudicator.
Environmental Management System Definitions
Chapter 6 Internal Control in a Financial Statement Audit Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution.
Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.
Business Analysis. Business Analysis Concepts Enterprise Analysis ► Identify business opportunities ► Understand the business strategy ► Identify Business.
A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,
IS 630 : Accounting Information Systems Auditing Computer-based Information Systems Lecture 10.
Kathy Corbiere Service Delivery and Performance Commission
Company: Cincinnati Insurance Company Position: IT Governance Risk & Compliance Service Manager Location: Fairfield, OH About the Company : The Cincinnati.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
Chapter 8-1 Chapter 8 Accounting Information Systems Information Technology Auditing Dr. Hisham madi.
Chapter 3-Auditing Computer-based Information Systems.
Pertemuan 14 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
Alex Ezrakhovich Process Approach for an Integrated Management System Change driven.
Design Evaluation Overview Introduction Model for Interface Design Evaluation Types of Evaluation –Conceptual Design –Usability –Learning Outcome.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
© 2007 by Prentice HallManagement Information Systems, 10/e Raymond McLeod and George Schell 1 Information Auditing ► External auditors from outside the.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Internal Control in a Financial Statement Audit Chapter Six.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Auditors’ Dilemma – reporting requirements on Internal Financial Controls under the Companies Act 2013 and Clause 49 of the Listing agreement V. Venkataramanan.
Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8th Edition William C. Boynton California Polytechnic State University at.
Internal Control in a Financial Statement Audit
Internal Control in a Financial Statement Audit
TechStambha PMP Certification Training
FORMAL SYSTEM DEVELOPMENT METHODOLOGIES
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
An overview of Internal Controls Structure & Mechanism
Presentation transcript:

Spreadsheet Management

Field Interviews with Senior Managers by Caulkins et. al. (2007) report that Spreadsheet errors are common and have been observed in instances in which errors directly led to losses or bad decisions Most organizations only have informal spreadsheet quality control procedures Many feel that more formal quality controls would be beneficial but don’t know how to efficiently achieve this IT research can identify efficient and effective procedures for managing spreadsheet risk by analyzing how companies manage their financial reporting spreadsheets for SOX compliance

Sarbanes-Oxley Act (SOX, 2002) Requires “an effective system of internal control” for financial reporting in publicly- held companies Effective management of spreadsheet risk is required to satisfy the regulation requirements Similar requirements have been made by other regulating agencies (AICPA, NACUBO, FDA)

10-K Deficiency Filings Ks reported SOX material weaknesses for inadequate internal control of spreadsheets between 2004 and mid weaknesses associated with inadequate review processes 41 weaknesses with inadequate access controls 27 weaknesses with inadequate change management controls 22 weaknesses with lack of data integrity controls 9 weaknesses with inadequate spreadsheet testing Ks cited general lack of effective controls

Sources of Misstatements Errors vs. Fraud Taxonomy of spreadsheet errors (Rajalingham, 2001) Quantitative vs. Qualitative Accidental errors Distinguished by level of intent Developer vs. User committed errors

Accountability for Spreadsheet Deficiencies Who is accountable? Senior management A spreadsheet risk management policy that defines effective processes and enacts appropriate monitoring is needed An operating model that defines further accountability, roles & responsibilities, processes, controls and control standards

Spreadsheet Risk Management PricewaterhouseCoopers and the IT Governance Institute have suggested a 5 stage process: Create an inventory of spreadsheets Perform a risk assessment of financial misstatement (materiality and likelihood) Determine the necessary level of controls Evaluate existing controls Develop action plans for remediating control deficiencies

Life Cycle Stages Where Controls Are Needed Panko, 2005 Examples Preventive ControlsDetective ControlsCorrective Controls Formal software engineering approaches such as SDLC- based methods Auditing protocols Change controls Version controls Panko (2006) proposed a control framework to help organizations produce accurate financial reports

Examples of Controls that can be Considered for Different Processes

Examples of Spreadsheet Controls Change Control Maintain a process for requesting changes to a spreadsheet, making changes, testing and obtaining formal sign-off from an independent individual that the change is functioning appropriately Version Control Ensure only current and approved versions of spreadsheets are being used by creating naming conventions, directory structures and access control Input Control Ensure that data is input completely and accurately and that it is current and secure Documentation Ensure that it is up-to-date and communicates the business objective and specific functions of the spreadsheet

Organizational Parties in the Operating Model Spreadsheet owners Developers End-users Information Technology division Business users Internal Auditors Spreadsheet review groups

Oveview of Spreadsheet Management Research Controls for Different Roles Preventive (Formal Development Approaches)Detective (Auditing)Correct- ive Designer End-user (self- designed) Developer (single/ multiple) End-user training; Best practices; Expert-novice differences; Surveys of spreadsheet issues and corporate policies; Effect of teaching design principles on prevention; Graphical approach for reducing errors; Algorithm to capture logic; Web service to manage models; Testing Spreadsheet Accuracy Theory; Risk and control; Applying SDLC to design; Quality control; Training specific design approaches; Testing vs. code review; Discovering spreadsheet structure, Tips for using Excel controls; Organizational quality control procedures; Design strategies to improve usability Framework of risks; Survey of Literature; Testing Spreadsheet Accuracy Theory Testing vs. code review User Organization End-user Heuristics for automatic identification of irregularitiesProposed visualization and auditing tools; Expert-novice differences; Impact of prominence of errors and electronic environment ; Quantifying risk; Factors influenc- ing error detection IT Error prevention techniques; Spreadsheet development life cycle; Review of commercial spreadsheet products; Business intelligence tools to share spreadsheets; Web service to manage models; Survey of spreadsheet issues and corporate policies Keeping track of changes in a spreadsheet Spreadsheet Review Group/Intern al Auditor Error prevention techniques; Spreadsheet development life cycle; Specific tips for Internal Auditors on using Excel controls; Detailed examples of controls and procedures; Broad recommendations for procedures and controls; Spreadsheet testing and Fraud Prevention Controls for Fraud; Auditing protocol; Specific tips for Internal Auditors on using Excel controls; Comprehensive survey of literature; Broad recommendations for procedures and controls; Keeping track of changes; Visualization tools; Visualization techniques for non-modular designs Keeping track of changes; Detailed controls

Examples of Preventive Controls to Minimize Errors: Developers: Training on design principles Preplanning requirements Testing protocol Users: Ensure correct data inputs Excel’s Data Validation menu option ActiveX controls Standardize documentation for organization Train to test for reasonableness

Testing for Reasonableness Use cross-footing techniques (different sum logics that should come to same total) Apply your domain knowledge of the problem (e.g. if portfolio risk increases, the return of an efficient portfolio should not decrease) Enter test cases with known outcomes to verify accuracy (e.g. copy the homework solution for the decision variables into your model to see if you get the same results)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.