1 / 14

Spreadsheet Management

Spreadsheet Management. Field Interviews with Senior Managers by Caulkins et. al. (2007) report that. Spreadsheet errors are common and have been observed in instances in which errors directly led to losses or bad decisions

fausta
Download Presentation

Spreadsheet Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Spreadsheet Management

  2. Field Interviews with Senior Managers byCaulkins et. al. (2007) report that • Spreadsheet errors are common and have been observed in instances in which errors directly led to losses or bad decisions • Most organizations only have informal spreadsheet quality control procedures • Many feel that more formal quality controls would be beneficial but don’t know how to efficiently achieve this IT research can identify efficient and effective procedures for managing spreadsheet risk by analyzing how companies manage their financial reporting spreadsheets for SOX compliance

  3. Sarbanes-Oxley Act (SOX, 2002) • Requires “an effective system of internal control” for financial reporting in publicly-held companies • Effective management of spreadsheet risk is required to satisfy the regulation requirements • Similar requirements have been made by other regulating agencies (AICPA, NACUBO, FDA)

  4. 10-K Deficiency Filings • 113 10-Ks reported SOX material weaknesses for inadequate internal control of spreadsheets between 2004 and mid-2008. • 42 weaknesses associated with inadequate review processes • 41 weaknesses with inadequate access controls • 27 weaknesses with inadequate change management controls • 22 weaknesses with lack of data integrity controls • 9 weaknesses with inadequate spreadsheet testing • 50 10-Ks cited general lack of effective controls

  5. Sources of Misstatements • Errors vs. Fraud • Taxonomy of spreadsheet errors (Rajalingham, 2001) • Quantitative vs. Qualitative • Accidental errors • Distinguished by level of intent • Developer vs. User committed errors

  6. Accountability for Spreadsheet Deficiencies • Who is accountable? • Senior management • A spreadsheet risk management policy that defines effective processes and enacts appropriate monitoring is needed • An operating model that defines further accountability, roles & responsibilities, processes, controls and control standards

  7. Spreadsheet Risk Management • PricewaterhouseCoopers and the IT Governance Institute have suggested a 5 stage process: • Create an inventory of spreadsheets • Perform a risk assessment of financial misstatement (materiality and likelihood) • Determine the necessary level of controls • Evaluate existing controls • Develop action plans for remediating control deficiencies

  8. Panko, 2005 Life Cycle Stages Where Controls Are Needed Panko (2006) proposed a control framework to help organizations produce accurate financial reports

  9. Examples of Controls that can be Considered for Different Processes

  10. Examples of Spreadsheet Controls • Change Control • Maintain a process for requesting changes to a spreadsheet, making changes, testing and obtaining formal sign-off from an independent individual that the change is functioning appropriately • Version Control • Ensure only current and approved versions of spreadsheets are being used by creating naming conventions, directory structures and access control • Input Control • Ensure that data is input completely and accurately and that it is current and secure • Documentation • Ensure that it is up-to-date and communicates the business objective and specific functions of the spreadsheet

  11. Organizational Parties in the Operating Model • Spreadsheet owners • Developers • End-users • Information Technology division • Business users • Internal Auditors • Spreadsheet review groups

  12. Oveview of Spreadsheet Management Research

  13. Examples of Preventive Controls to Minimize Errors: • Developers: • Training on design principles • Preplanning requirements • Testing protocol • Users: • Ensure correct data inputs • Excel’s Data Validation menu option • ActiveX controls • Standardize documentation for organization • Train to test for reasonableness

  14. Testing for Reasonableness • Use cross-footing techniques (different sum logics that should come to same total) • Apply your domain knowledge of the problem (e.g. if portfolio risk increases, the return of an efficient portfolio should not decrease) • Enter test cases with known outcomes to verify accuracy (e.g. copy the homework solution for the decision variables into your model to see if you get the same results)

More Related