Sarbanes-Oxley: Section 404
At I Get It!® Development we’ve been hearing more and more about the
impact of the Sarbanes-Oxley Act (also known as SarBox or just plain
SOX). SOX is driving public companies to develop business controls to
ensure accurate accounting. While this is the first time these controls
have been part of formal legislation with mandatory compliance, I Get
It! Development has been helping our clients implement these same types
of controls for many years as part of their daily business regimen. We
can help you comply with SOX regulations by automating parts of your
compliance review and by implementing control structures.
The first step in achieving compliance is to inventory your
spreadsheets. This process cannot be fully automated by any computer,
but I Get It!® Development can help you with the first pass inventory by
scanning all of the Excel files on your company network for
‘complexity’. The scan actually looks for surrogates of complexity like:
links to other workbooks; preponderance of VLOOKUP formulas or other
referential formulas; and VBA programs (macros). The scan creates a
database of spreadsheets showing the name and location of each file, the
number of worksheet tabs, number of links, VBA modules and any other
data indicated by the client.
For SOX compliance, this data must be presented to department heads for
review of the use of the workbook—whether it is used in operations, for
‘scratch paper’ by individual analysts or for direct roll up into the
financial records. The final determination as to whether or not the
workbook is critical in reporting, i.e. is governed by SOX regulations,
must be made by a human, not a computer!
The next stages of achieving compliance are completely
managerial—determining what level of control is necessary for each set
of workbooks and evaluating the gap between that level and what level of
control already exists.
The final step is to implement control structures where necessary. For
instance, much of the data that resides in unprotected Excel workbooks
on your network will require security upgrades. I Get It!® Development
can help you achieve the required level of security by boosting the
protection and security of your critical Excel files or by moving the
data in them to an enterprise-standard database like SQL Server. We then
create an easy-to-use interface so that your employees can still perform
their job functions but no one else can modify their work!
An experienced independent auditor can tell you exactly which files
require what level of control to comply with SOX regulations . We can
help you with the tools to automate your inventory and implement your
control procedures.
Contact us for more information today whatever stage of compliance you
are in—we can get you through your initial audit faster as well as
implement the controls you need.