When auditing complex spreadsheets, IS auditors should focus evaluation on the reconciliation of outputs from macros and formulas to confirm accuracy before assessing security controls.
Table of Contents
Question
Which of the following is MOST important for an IS auditor to review when evaluating the accuracy of a spreadsheet that contains several macros?
A. Version history
B. Formulas within macros
C. Reconciliation of key calculations
D. Encryption of the spreadsheet
Answer
B. Formulas within macros
Explanation
The most important thing for an IS auditor to review when evaluating the accuracy of a spreadsheet with several macros is the reconciliation of key calculations.
The presence of macros enables automation but also introduces risks of error or manipulation. Rather than scrutinizing their internal logic, auditors should prioritize reconciling spreadsheet calculations to source data or redundant formulas. This output validation assesses accuracy regardless of formatting, code or macro usage.
By concentrating testing on reconciliation, IS auditors can efficiently confirm reliability, enabling them to then examine security controls around access, change control and encryption. Output correctness is paramount.
Reference
Isaca Certified Information Systems Auditor CISA certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Isaca Certified Information Systems Auditor CISA exam and earn Isaca Certified Information Systems Auditor CISA certification.