Skip to Content

ISACA CISA: Reconciling Calculations Most Important in Macro Spreadsheet Audit

When auditing complex spreadsheets, IS auditors should focus evaluation on the reconciliation of outputs from macros and formulas to confirm accuracy before assessing security controls.

Question

Which of the following is MOST important for an IS auditor to review when evaluating the accuracy of a spreadsheet that contains several macros?

A. Version history
B. Formulas within macros
C. Reconciliation of key calculations
D. Encryption of the spreadsheet

Answer

B. Formulas within macros

Explanation

The most important thing for an IS auditor to review when evaluating the accuracy of a spreadsheet with several macros is the reconciliation of key calculations.

The presence of macros enables automation but also introduces risks of error or manipulation. Rather than scrutinizing their internal logic, auditors should prioritize reconciling spreadsheet calculations to source data or redundant formulas. This output validation assesses accuracy regardless of formatting, code or macro usage.

By concentrating testing on reconciliation, IS auditors can efficiently confirm reliability, enabling them to then examine security controls around access, change control and encryption. Output correctness is paramount.

Reference

Isaca Certified Information Systems Auditor CISA certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Isaca Certified Information Systems Auditor CISA exam and earn Isaca Certified Information Systems Auditor CISA certification.