As corporate America closes in on its second full year of compliance with the Sarbanes-Oxley Act, one truth is becoming painfully clear: most businesses still flounder in a sea of spreadsheets to manage their internal controls.
The flood first arrived in 2004. Faced with enormous challenges of documentation and testing, executives tackled the problem with spreadsheets because they were the only IT tool companies already used and understood. Such a strategy made for a huge workload, but it was hardly surprising in that inaugural year of Sarbanes and Section 404, when auditors’ expectations were unclear and nobody wanted to be the first to run afoul of government regulators.
We all know how the basic plot unfolded: Section 404 project managers distributed “control surveys” to all corners of the company, in the form of template spreadsheets. Managers at various business units filled out and returned their spreadsheets… and spreadsheets, and more spreadsheets. A multibillion dollar enterprise could find itself juggling thousands of sheets to track and test its internal controls. Many did. All the while, they struggled with basic problems such as version control, data integrity, and cooperation from business units.
See full Article.
Posts
