Spreadsheets have become the lifeline for almost all companies complying with sarbanes oxley. Even with the best sarbanes oxley automation softwares available in the market, company's use spreadsheets for their simplicity and ease of use. But use of spreadsheets comes with its own set of risks. Here are some controls which can help mitigate the risks associated with the use of spreadsheets.

Access Controls - Spreadsheets can be password protected. Similarly, read, modify, create access to spreadshhets can be restricted by using a central server and assigning user limited access.

Version Control - Appropriate naming conventions should be followed while using spreadsheets. This acts as version control. To take an example spreadsheets can be named as SpreadsheetV1.0.xls, SpreadsheetV1.1.xls and so on.

Change Control - Changes to spreadsheets should be controlled. A process should be put in place wherby changes to spreadsheets are requested and monitored. There can also be a sign-off from supervisor once changes to spreadsheets are complete.

Input Control - Input control for spreadsheet would mean that data is entered in spreadsheets completely and accurately.

Backups & Archives of Spreadsheets - Organizations using spreadsheets should ensure that back-ups are taken for spreadsheets on a regular basis to avoid availability issues. Similarly, spreadsheets which are not going to be used in future should be identified and archived in a seperate drive.

Formulas & Documentation - Speadsheets containing complex formulas should be inspected by a trained person. Any flaws in spreadsheet logic and formulas should be documented for future reference. This also acts as a means of tracking changes in spreadsheets.

Spreadsheet Development Lifecycle SDLC - Similar to a normal SDLC, spreadsheets also go through the same phases namely requirement specification, design, building, testing and maintainence. All spreadsheets should be tested throughly to ensure that spreadsheets produce correct and accurate results.

Related Posts

Section 404 IT Implementation Best Practices
Four Steps in Designing Internal Controls
Corporate Code of Ethics
Fraud Risk Management - Steps to Treat Fraud