The Sarbanes-Oxley Act 2002 (SOX) applies to all public companies in the U.S. and international companies that have registered equity or debt securities with the Securities and Exchange Commission (SEC), and the accounting firms that provide auditing services to them.
It is important to implement effective management and control around your spreadsheet processes to comply with SOX.
Entitled Management Assessment of Internal Controls, Section 404 of the SOX Act stipulates that public companies must take responsibility for maintaining an effective system of internal control, in addition to reporting on the system’s effectiveness.
Section 302 of the Sarbanes-Oxley Act 2002 states that senior personnel are directly responsible for the accuracy, documentation and submission of all financial reports as well as the internal control structure to the SEC.
Spreadsheets are widely used for business-critical reporting and are a major component in ICFR. A recent Finsbury study showed that 1 in 20 public companies experience a series spreadsheet error each year. For more on this visit our Finsbury Knowledge area to read our White Paper: Quantifying the Risk of Spreadsheet Error.
Sarbanes Oxley Compliance and spreadsheets
To comply with Sarbanes Oxley you need to include the following spreadsheet requirements:-
The control process needs to be defined in enough detail that users can follow it and auditors can understand the process
Input controls and process controls need to be defined
Maintain a record of changes to the logic of a spreadsheet and authorise those changes
Maintain a historic record of actual changes
Detailed review of the formula logic
Use Spreadsheet Workbench for Sarbanes Oxley Compliance
Spreadsheet Workbench is a market leading solution for meeting Sarbanes Oxley compliance
SWB workflow process can define the core process and controls
Automated audit trail and workflow process
Automated detection of high risk concepts, formula in-consistencies and hidden data.