A search of the internet suggests that the average age of an internal auditor is around 40 years old. That’s roughly the same age of the most popular software programming language still used by most organizations today— the spreadsheet.
Invented in 1979, the spreadsheet is the original end user computing (EUC) application and still reigns large in most organizations. The spreadsheet has helped spawn hundreds of programming tools and languages aimed at the end user. These include Excel, Python, R, Matlab, SQL, SAS, and many more.
A 2016 analysis by Jenny Bryan estimates that there are 650 million spreadsheets users, with 50% of those users utilizing formulas. Bryan also estimates that there are upwards of 5 million Python users and 1 million R users. A study by Ray Panko estimates that almost 90% of spreadsheets have errors. The importance of these EUCs is reflected in the sophisticated business processes they support such as modeling, financial analysis and regulatory reporting.
EUCs are usually developed without detailed documentation by employees that lack professional development experience. These applications also lack peer review and/or an audit trail of changes, resulting in inevitable mistakes. Despite all of this, internal auditors rarely use tools to help ease or automate their analysis and understanding of these applications.
Auditors know that they are the third, and often the last, line of defense against mistakes. Critical business reporting mistakes could cost the organization its treasure and reputation. Even knowing this, many internal auditors express frustration at the perceived challenges of auditing EUCs.
While help exists in the marketplace, none have more expertise than Apparity. The Apparity team combines 40+ years of experience in helping organizations and their internal audit teams efficiently manage EUC risk.
We will be publishing a series of blog posts to further expand on this topic. Internal auditors will learn how to leverage technology to help understand and manage spreadsheet and EUC risk once and for all. Key aspects will include:
- Inventory development and management
- Risk assessment and logic inspection
- Monitoring and audit trail
- Issue identification and management