i-nth logo

Authors

Linda Leon, Dolphy Abraham, & Lawrence Kalbers

Abstract

In the past decade, accounting scandals and financial reporting errors have led to heightened awareness of the need for IT controls and legislation of control regimes. In the United States, the Sarbanes–Oxley Act of 2002 (SOX) was one of the early initiatives to legislate internal controls over financial reporting. Many countries and regions have followed with similar legislation.

In this tutorial we present an analysis of the prior work on error prevention and detection in spreadsheets as it relates to SOX and IT governance frameworks, more generally. SOX requires publicly traded companies to address the problem of spreadsheet management and to assume some accountability for generating accurate information from spreadsheets for financial reporting.

We attempt to reconcile requirements for SOX with IT spreadsheet research. Gaps in design and implementation of spreadsheet controls are identified. From our review of prior work on spreadsheets, we offer a series of options for controlling the spreadsheet development process.

Finally, we provide suggestions to help IT practitioners in organizations look beyond SOX regulations at governance of end-user developed content.

Sample

Process controls
Process controls

Examples of the types of controls that can be considered for implementation in the preventive, detective, and corrective processes.

Publication

2010, Communications of the Association for Information Systems, Volume 27, Number 1

Full article

Beyond regulatory compliance for spreadsheet controls: A tutorial to assist practitioners and a call for research