Sarbanes Oxley End User Computing Controls
December 04, 2004 Business News(PRLEAP.COM) End-user computing introduces a different level of risk to a company's information technology and operational environment under Sarbanes Oxley. End-user computing generally involves the use of department-developed spreadsheets and databases, which are frequently used as tools in performing daily work. To the extent these spreadsheets are in place, they are an extension of the IT environment and results generated from them may, in assessing their impact, have an effect on the company\'s financial statements. . Some Spreadsheets Best Practice Guidelines are at: http://www.treasury.govt.nz/dice/reports/rev-spreadsheets.pdf . A listing of Sarbanes Oxley Information Technology resources is at http://www.projectbailout.com/PM/Sarbanes-Oxley-IT.htm or at www.projectbailout.com ). End User Computing can be audited and control by manual process; using automated tools; or by the ideal method eliminating the need for end user computing by add the computations to systems controlled by information technology.
End User Computing Auditing includes: 1) Identifying any and all spreadsheets/databases that are in use which form the basis for reports, data used in performing duties, or result in creating financial data/transactions in your area of responsibility. 2) Locating of the spreadsheet/database on the network, the drive and server location or if on a desktop, who has a copy of it or uses the spreadsheet in conducting their duties 3) Determining who has access to the tool or has a current copy/version of it. Any access controls in place (version control, change control, password access, etc.) and what computer security is in place for these files. Computer security resources for Sarbanes Oxley Information Technology are listed at http://www.4terrorism.com/computersecurity.htm at www.4terrorism.com .
There are software solutions that provides a Sarbanes-Oxley solutions for Microsoft Excel financial spreadsheet remediation that provides many of the key controls recommended such as access control, version control, cell-by-cell audit trail, cell locking based on access control privileges. These tools can help improve compliance for financial and analytical spreadsheets. Access to files can be controlled by methods such as defining users, groups, roles and privileges for files and folders. A listing of Sarbanes Oxley Information Technology resources are at http://www.projectbailout.com/PM/Sarbanes-Oxley-IT.htm or at www.projectbailout.com .
The best solution for end-user computing is to eliminate it by integrated the functions into the overall system. Software architecture forms the blue print for building successful software-intensive systems. Solutions architecture represents a capitalized investment, an abstract reusable model that can be transferred from one system to the next. The software architecture is often the only common vehicle for communication among a system\'s stakeholders. The right software architecture is the linchpin for software project success and provides the most comprehensive solution to Sarbanes Oxley End User Computing. The wrong software architecture one is a recipe for disaster (http://www.projectbailout.com/Software-Architecture.htm ). A listing of Sarbanes Oxley Information Technology resources is at http://www.projectbailout.com/PM/Sarbanes-Oxley-IT.htm or at www.projectbailout.com ).