Beyond Regulatory Compliance for Spreadsheet Controls: A Tutorial to Assist Practitioners and a Call for Research

@article{Leon2010BeyondRC,
  title={Beyond Regulatory Compliance for Spreadsheet Controls: A Tutorial to Assist Practitioners and a Call for Research},
  author={Linda A. Leon and Dolphy M. Abraham and Lawrence Kalbers},
  journal={Commun. Assoc. Inf. Syst.},
  year={2010},
  volume={27},
  pages={28}
}
In the past decade, accounting scandals and financial reporting errors have led to heightened awareness of the need for IT controls and legislation of control regimes. In the United States, the Sarbanes–Oxley Act of 2002 (SOX) was one of the early initiatives to legislate internal controls over financial reporting. Many countries and regions have followed with similar legislation. In this tutorial we present an analysis of the prior work on error prevention and detection in spreadsheets as it… 

Figures and Tables from this paper

Controls over Spreadsheets for Financial Reporting in Practice
TLDR
It is indicated that there are problems in all stages of a spreadsheet’s life cycle and several important areas for future research are suggested.
Improving Efficiency in Budgeting – An Interventionist Approach to Spreadsheet Accuracy Testing
TLDR
It is shown that later spreadsheet error in budgeting is already rooted in a poor conceptualization of the budget template, in non-workflow-oriented imputation of data and poor documentation of data requirements, and illustrated how the accuracy of spreadsheets substantially improves by introducing even simplistic VBA.
Accountants’ Perceptions of the Use of Excel Spreadsheet in Financial Reporting: A Survey of Accounts Personnel in Manufacturing Firms
Spreadsheet, a widely accepted critical business application tool with its benefits and unavoidable inadequacies is relied on by many accountants for financial reporting and operational processes
Managing Information Security Risk Using Integrated Governance Risk and Compliance
This paper aims to demonstrate the building blocks of an IT Governance Risk and Compliance (IT GRC) model as well the phased stages of the optimal integration of IT GRC frameworks, standards and
Organizational Violations of Externally Governed Privacy and Security Rules: Explaining and Predicting Selective Violations Under Conditions of Strain and Excess
TLDR
A theoretical model, the selective organizational information privacy and security violations model (SOIPSVM), explains organizational rule-violating behavior as an attempt to protect core organizational values from external entities that pressure organizations to change their values to comply with rules.
Shadow Systems, Risk, and Shifting Power Relations in Organizations
TLDR
New theory is built to understand the persistence of shadow systems in organizations from a single case study in a mid-sized savings bank and derives two feedback cycles that concern shifting power relations between business units and central IT associated with shadow systems.
IT controls in the public cloud: Success factors for allocation of roles and responsibilities
TLDR
The research suggested that the most significant competency and skill for a person allocated to IT controls is to be able to evaluate and manage a cloud service provider, especially in terms of risks, compliance, and security issues related to public cloud technology.
A Role Allocation Model For IT Controls In A Cloud Environment
TLDR
The purpose of this paper is to propose a theoretical model for assigning roles and responsibilities for IT controls for an organization operating in a cloud environment based on a strong theoretical grounding and can be used to inform good practice.
The 'lish': a data model for grid free spreadsheets
TLDR
A “lish calculus” is developed, an extension to vector arithmetic for hierarchical structures that provides a concise notation for calculations with lishes that simplifies the usual spreadsheet formula expressions, and enables the machine to interpret them consistently with the context in which they are located.
...
...

References

SHOWING 1-10 OF 77 REFERENCES
Spreadsheets and Sarbanes-Oxley: Regulations, Risks, and Control Frameworks
  • R. Panko
  • Economics
    Commun. Assoc. Inf. Syst.
  • 2006
TLDR
This paper examines spreadsheet risks for Sarbanes-Oxley (and other regulations) and discusses how general and IT-specific control frameworks can be used to address the control risks created by spreadsheets.
The effect of IT controls on financial reporting
Purpose - The purpose of this paper is to examine information technology (IT) control deficiencies and their affect on financial reporting. Design/methodology/approach - This study examines 278
The impact of training in financial modelling principles on the incidence of spreadsheet errors
TLDR
The findings show that spreadsheet errors and, in particular, spreadsheet design errors are prolific even for a simple domain-free exercise, and support the contention that accounting educators should include a course in spreadsheet design principles and problem-solving techniques as part of an undergraduate accounting program.
Applying the CobiT Control Framework to Spreadsheet Developments
TLDR
This paper illustrates how spreadsheet risk and control issues can be mapped onto the CobiT framework and thus brought to managers attention in a familiar format.
Spreadsheet Errors and Decision Making: Evidence from Field Interviews
TLDR
Interviewing executives and senior managers/analysts in the private, public, and non-profit sectors about their experiences with spreadsheet errors and quality control procedures found that opinions differ as to whether the consequences of spreadsheet errors are severe.
The Effect of SOX Internal Control Deficiencies on Firm Risk and Cost of Equity
ABSTRACT The Sarbanes-Oxley Act (SOX) mandates management evaluation and independent audits of internal control effectiveness. The mandate is costly to firms but may yield benefits through lower
Categorisation of Spreadsheet Use within Organisations, Incorporating Risk: A Progress Report
TLDR
The authors present and analyse three proposed models for categorisation of spreadsheet use and the level of risks involved and the models are analysed in the light of current knowledge and the general risks associated with organisations.
Is this spreadsheet a tax evader? How HM Customs and Excise test spreadsheet applications
  • Raymond J. Butler
  • Business
    Proceedings of the 33rd Annual Hawaii International Conference on System Sciences
  • 2000
TLDR
The audit experience is briefly summarised, the methodology is described and the results to date of a campaign of spreadsheet testing that started in July 1999 are outlined.
Experiences in using a contingency factor-based validation methodology for spreadsheet DSS
TLDR
Experiences in using a practical, contingency factor-based methodology for validation of spreadsheet-based DSS are described, which can be extended to encompass other DSS.
...
...