Errors in spreadsheet applications and models are alarmingly common (some authorities, with justification cite spreadsheets containing errors as the norm rather than the exception). Faced with this body of evidence, the auditor can be faced with a huge task - the temptation may be to launch code inspections for every spreadsheet in an organisation. This can be very expensive and time-consuming. This paper describes risk assessment based on the "SpACE" audit methodology used by H M Customs & Excise's tax inspectors. This allows the auditor to target resources on the spreadsheets posing the highest risk of error, and justify the deployment of those resources to managers and clients. Since the opposite of audit risk is audit assurance the paper also offers an overview of some elements of good practice in the use of spreadsheets in business.
[1]
Raymond R. Panko,et al.
Hitting the wall: errors in developing and debugging a "simple" spreadsheet model
,
1996,
Proceedings of HICSS-29: 29th Hawaii International Conference on System Sciences.
[2]
Dennis F. Galletta,et al.
A model of end-user computing policy: Context, process, content and compliance
,
1992,
Inf. Manag..
[3]
Raymond J. Butler,et al.
Is this spreadsheet a tax evader? How HM Customs and Excise test spreadsheet applications
,
2000,
Proceedings of the 33rd Annual Hawaii International Conference on System Sciences.
[4]
John M. Nevison.
Elements of Spreadsheet Style
,
1987
.
[5]
Dennis F. Galletta,et al.
An empirical study of spreadsheet error-finding performance
,
1993
.
[6]
Wales,et al.
Spreadsheet modelling best practice
,
1995
.