What are spreadsheet controls?
The BEC section of the CPA exam will test you on the key spreadsheet controls. If a business process relies on spreadsheets (e.g. Microsoft Excel or Google Sheets), then certain preventive and detective controls should be in place to ensure the accuracy and integrity of data and financial information.
What are preventive spreadsheet controls that should be implemented?
Preventive controls that should be implemented by a company include:
1) Formula cells are locked: Key cells in a spreadsheet, such as formulas, should be locked so that users can’t purposefully or accidentally modify cells.
2) Access is restricted: Only authorized individuals should be able to access the spreadsheet from the drive on the network. Additionally, specific individuals should receive read, write, or edit access based on their role. Access should require login credentials (username and password).
3) Backup on the network: Spreadsheets should be stored on the network and included in any regular/routine backups the company would perform for any key information that the company maintains.
4) Track spreadsheet changes: Any changes made to the spreadsheet should be tracked. This includes changes in access, changes to key formulas, etc.
What are detective spreadsheet controls that should be implemented?
Detective controls that should be implemented by a company includ
1) Review of access rights: The appropriate manager of the business process should review the access rights to each spreadsheet and determine the appropriateness. Job roles change and as employees move laterally or horizontally through an organization, their access rights may need to change.
2) Review of spreadsheet formulas: The appropriate employee (spreadsheet owner) should thoroughly review the spreadsheet formulas to ensure the desired calculations and output are being properly performed.
Spreadsheet controls are key controls that every company should have implemented in a business process. Other key controls include segregation of duties, account reconciliations, data entry input controls, controls over standing data, data processing controls, and supervisory controls.
Back To All Questions