Sarbanes-Oxley forced companies to look under the rock of their internal controls, but eight years later, spreadsheets and databases are still causing operational risk headaches, and sometimes the public embarrassment of financial restatements or fraud. To combat the problem, the Institute of Internal Auditors (IIA) is rallying the troops. The group has issued a practice guide entitled Auditing User-developed Applications. The guide urges internal auditors to "determine and review" critical spreadsheets and databases, which it distinguishes from their innocuous kin with the term user-developed applications, or UDAs.
Internal auditors should audit UDAs annually, and regard any problems as a control weakness, the IIA recommends.
Since large companies may have thousands of Excel and Access files that reside on employees' computers, many of which may be used for critical calculations or processes, this is no small task, says David Furlonger, an analyst at Gartner Group.
Complete your profile to continue reading and get FREE access to Treasury & Risk, part of your ALM digital membership.
Your access to unlimited Treasury & Risk content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Thought leadership on regulatory changes, economic trends, corporate success stories, and tactical solutions for treasurers, CFOs, risk managers, controllers, and other finance professionals
- Informative weekly newsletter featuring news, analysis, real-world case studies, and other critical content
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the employee benefits and financial advisory markets on our other ALM sites, PropertyCasualty360 and ThinkAdvisor
Already have an account? Sign In Now
*May exclude premium content© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.