Ask Joey ™ a Question

What are spreadsheet controls?

The BEC section of the CPA exam will test you on the key spreadsheet controls. If a business process relies on spreadsheets (e.g. Microsoft Excel or Google Sheets), then certain preventive and detective controls should be in place to ensure the accuracy and integrity of data and financial information. 

What are preventive spreadsheet controls that should be implemented?

Preventive controls that should be implemented by a company include:

1) Formula cells are locked: Key cells in a spreadsheet, such as formulas, should be locked so that users can’t purposefully or accidentally modify cells.

2) Access is restricted: Only authorized individuals should be able to access the spreadsheet from the drive on the network. Additionally, specific individuals should receive read, write, or edit access based on their role. Access should require login credentials (username and password).

3) Backup on the network: Spreadsheets should be stored on the network and included in any regular/routine backups the company would perform for any key information that the company maintains.

4) Track spreadsheet changes: Any changes made to the spreadsheet should be tracked. This includes changes in access, changes to key formulas, etc.

What are detective spreadsheet controls that should be implemented?

Detective controls that should be implemented by a company includ

1) Review of access rights: The appropriate manager of the business process should review the access rights to each spreadsheet and determine the appropriateness. Job roles change and as employees move laterally or horizontally through an organization, their access rights may need to change.

2) Review of spreadsheet formulas: The appropriate employee (spreadsheet owner) should thoroughly review the spreadsheet formulas to ensure the desired calculations and output are being properly performed.

Spreadsheet controls are key controls that every company should have implemented in a business process. Other key controls include segregation of duties, account reconciliationsdata entry input controls, controls over standing data, data processing controls, and supervisory controls.


You might also be interested in...

  • What are data processing controls?

    The BEC section of the CPA exam will test you on the key data processing controls. The purpose of processing controls is to verify that data was properly processed through the system. Processing controls will identify if the data was processed incorrectly. The company would have data entry input controls to verify data is inputted […]

  • What are controls over standing data?

    Standing data is data that is held in the system for long-term use and is not expected to change frequently (hence the term standing data). Another term for standing data is “master list” or “master data” Standing data can consist of customer information, product information, employee information, pay rates, tax codes, sales tax rates, etc. […]

  • What are supervisory controls in a business process?

    A supervisory control means exactly what you think it would mean. Supervisory controls are used to “monitor” a business process and are designed to prevent or detect issues. Supervisory controls are typically performed by the manager of a business process or executive team members. What are some types of preventive supervisory controls? Examples of preventive […]