Archive for February, 2009
Survey: Spreadsheet and EUC Risk Assessment
Published February 28, 2009 Polls 3 CommentsTags: risk assessment
Spreadsheet Compliance: 5 Steps to Success
Published February 28, 2009 Auditor Guidance , Press Articles 4 CommentsTags: Jefferson Wells, Prodiance, spreadsheet compliance
5 Steps to Success
This article entitled 5 Steps to Success for Spreadsheet Compliance
by Jefferson Wells and Prodiance outlines 5 pragmatic steps organizations can take to improve spreadsheet compliance, including:
1. Inventory all spreadsheets
2. Assess spreadsheet risk
3. Perform mathmatical verification
4. Establish a controlled environment
5. Establish a corporate policy on spreadsheet control
You can download the article here from the Compliance Week web site.
Spreadsheets and SOX 404 Compliance
Published February 27, 2009 Auditor Guidance , Regulatory Mandates , SOX 404 1 CommentTags: PwC, SOX 404
In their white paper entitled The Use of Spreadsheets: Considerations for Section for 404 of the Sarbanes-Oxley Act (2004), PwC set the tone for scrutinizing spreadsheet controls as part of regular SOX audits. The white paper highlights the risks associated with critical spreadsheets, provides guidance on evaluating spreadsheet controls, and a list of recommended controls including access control, version control, and change control.
You can still download the white paper here.
Gartner MarketScope for Spreadsheet Control Products, 2008
Published February 27, 2009 Analyst Research Leave a CommentTags: Gartner MarketScope
Gartner is perhaps the foremost expert in IT research. In 2008, analysts Jay Heiser and David Furlonger performed in depth research on technology solutions available on the market, and published the first MarketScope for Spreadsheet Control Products. You can purchase the full report here for $1,995.00 USD.
The NAIC Model Audit Rule & Spreadsheets
Published February 25, 2009 Regulatory Mandates Leave a CommentTags: NAIC Model Audit Rule
New changes to the NAIC Model Audit Rule Effective in 2010 will require insurance firms to establish Internal Controls over Financial Reporting (ICFR) similar to SOX Section 404. Although public firms have processes and controls in place under SOX, private firms will need to prepare for this new set of regulatory mandates. You can download the NAIC Implementation Guide here visit additional resources on the NAIC web site here.
This presentation from 2006 was published by Deloitte & Touche Enterprise Risk Services reviews the business issues and risks associated with spreadsheets, and offers suggested solutions to improving spreadsheet management. Download the presentation slides here.
Spreadsheet Controls: Easy-to-apply techniques to mitigate risks (Jefferson Wells)
Published February 25, 2009 Auditor Guidance Leave a CommentTags: Best Practices, spreadsheet remediation techniques
This article by Mike Hoye, Subject Matter Expert at Jefferson Wells includes several pragmatic, yet easy to apply remediation techniques for critical spreadsheets. Techniques include the use of color schemes, worksheet protection, data validation, and use of table for numeric constants. Read the full article here.
SEC: Ex-CFO Used Spreadsheets for Fraud (CFO.com)
Published February 24, 2009 Cases of Fraud & Errors 3 CommentsTags: hidden rows and columns, spreadsheet fraud case
This spreadsheet fraud case includes Scott Hirth, former CFO of software firm ProQuest, who cooked the books by making fraudulent accounting entries in spreadsheets for more than five years. Hirth manipulated spreadsheet data using ”hidden rows” so that the false account entries didn’t show up when they were printed in hard copy.
Read the full article.
Spreadsheet Risk Management: Frequently Asked Questions (Protiviti)
Published February 24, 2009 Auditor Guidance Leave a CommentTags: Protiviti, spreadsheet risk FAQs
This white paper from Protiviti is designed to answer frequently asked questions about spreadsheet risk based on real business need. Although this publication uses the term “spreadsheet”, much of the guidance applies equally to other end-user-developed applications, such as databases and reports. Spreadsheets are the most prevalent of end-user applications, but there are other types growing in numbers that should not be ignored.
Download the white paper from the Protiviti web site here.
Ex-Optionable CEO charged; bank trader admits fraud
Published February 24, 2009 Cases of Fraud & Errors Leave a CommentTags: BMO, spreadsheet fraud case
This Bloomberg article (Nov. 2008) reports on a lengthy federal investigation where former BMO officers and executives manipulated uncontrolled spreadsheets to artificially inflate the bank’s gas options portfolio. This fraud went on undetected for about 3 years until the market turned against the traders, who were unsupervised. BMO eventually suffered related losses of $853 million.
Read the full story.
Eric Perry
