University of Wales Institute, Cardiff

Project Description

An investigation of the Use and Effectiveness of Software Control Measures for minimising risks in Spreadsheets for Compliance with Sarbanes-Oxley and the UK Combined Code

Project Abstract

The aim of this paper is to investigate the possible use of technical control measures like risk analysis software for minimizing risks in spreadsheets used in the business community in order to comply with legislations like the Sarbanes-Oxley Act 2002 and the UK Combined Code. The aim is three-fold. Firstly, it sets out to explore the awareness of spreadsheet errors and the risks imposed by them in the business world. Big corporate failures like Enron, Worldcom and similar stories have already proved how costly spreadsheet errors could be. So, learning from such mistakes and to mitigate the risks, awareness could be a defining factor. Secondly, it sets out to explore the awareness of compliance legislations related to spreadsheet use in the context of the business world, especially the Sarbanes-Oxley Act 2002 in the US and the UK Combined code. It looks at the awareness level in the business community and how seriously organizations are taking these legislations. The correlation between the awareness of spreadsheets risks and the awareness of compliance legislations and procedures then gives rise to the importance of applying strict rules inside an organization in the form of technical control measures. Therefore, thirdly and finally, it then sets out to explore how effective these control measures are in satisfying both the goals. It investigates the use of risk analysis software like @risk, Crystal Ball, Neuro Solutions, etc and attempts to find out whether their use is helping to achieve the aim of minimizing spreadsheet risks in order to comply with compliance legislations. This study of the triangulation of error, compliance and control in spreadsheets will certainly be useful for future researchers, academics and professionals in this field.

Surveys released for this project:
Spreadsheet risks and compliance 28
