Sarbanes Oxley 404

[Arie Vet]

Good morning everybody,

I've been implementing the Sarbanes Oxley 404 requirements at the
company I'm working now. So far, so good. But we've a left over named
Excel. Does anyone have experience with SOx and Excel. I know
Microsoft has the Sarbanes Oxley Accelerator, but this has a lot of
hus-hus we don't need.

I could be a kind of repositiry used for the basic sheets, from which
the users uses the sheet, but cannot change the formulas. But more
than this - the new sheets must be approved and 'froozen' before they
may be rolled out. The pressure (mostly because a lack of time, like
always...) is relatively high here, so we have to find a solution.

Bottom line question: what can we use .. and how?

With best regards,


Arie Vet

 

[NickHK]

Arie,
Don't real know what that entails but there's a whole website devoted it. No
idea if it's any use to you, but the mention Excel.

http://www.sarbanes-oxley.com/

NickHK

 

[kcc]

When I saw your comment on Sarb-Ox Accelerator, I thought it
would be something that was designed to help with change control
for excel, but it seem more like a highly specialized version of
project manager specifically for Sarb-Ox. The simple reality is
that auditors hate spreadsheets. They don't trust them and they
don't want to take the time to learn what they do. But without
their sign-off, nothing else matters, so you need their input.
There are the basics, such as limited access to LAN drives and
separation of duties so the people preparing the spreadsheet do
not have a vested interest in the outcome, but I'm close to concluding
that doubling your staff and calculating everything twice, with a third
person to compare the results is what would be required by some.
One thing I would like to write is a macro that inserts some kind of
serial number on exhibits and/or the files themselves that could be
used to prove if tampering has taken place, but so far, I'm to too
busy writing documentation for Sarb-Ox.
kcc

 

[Arie Vet]

When I saw your comment on Sarb-Ox Accelerator, I thought it
would be something that was designed to help with change control
for excel, but it seem more like a highly specialized version of
project manager specifically for Sarb-Ox.

Both: we do need something to handle the spreadsheets - and yes,
auditors are demanding a proper way to do so..

The simple reality is
that auditors hate spreadsheets. They don't trust them and they
don't want to take the time to learn what they do. But without
their sign-off, nothing else matters, so you need their input.

This is not entirely true. When a mistake is made in a sheet, and not
recognized, it could lead to a (financial) loss. An error which is
obvious (like miscalculating the costs of producing) will be recovered
some day when the financial systems runs their quarterly or yearly
checks. But - when a calculation is to high, it could cost you
costumers, and this is NOT found on any financial system...

But what also happened: when the results came from a spreadsheet, who
tells me this information is true? When using software like SAP or
other financial programs, in most cases there is a segregation of
functions: One person makes the bookings, an other person will
sign-off and maybe a thirth will handle the payments. This is a system
used to ensure fraud will not happen. And then - a company mades an
overview based on a spreadsheet. Mostly made by one person, and often
not controlled.. this is a way to fraud and this was the way to SOx
(Enron, MCI, Ahold).

There are the basics, such as limited access to LAN drives and
separation of duties so the people preparing the spreadsheet do
not have a vested interest in the outcome, but I'm close to concluding
that doubling your staff and calculating everything twice, with a third
person to compare the results is what would be required by some.

And in the end - we are calculating the calculations...

This discussion is not over as long as it is called the 'Excell Hell'
.... but for now I'm looking for a solution.

best regards,

Arie