two men standing far away by the window

Protiviti helps a client address a significant SOX deficiency and manage end user computing risk


  Client Challenge  
Our client had a significant Sarbanes-Oxley (SOX) deficiency related to its utilization of end user-developed applications, including both spreadsheets and databases. This issue received considerable attention from external auditors, the board of directors, and the operational risk management team. These errors could have impacted the client’s financial statements by hundreds of millions of dollars.
Protiviti’s professionals helped our client to design an assessment approach that provided assurance over the integrity of key end user applications. This included the following steps: 
  1. Baseline testing for more than 500 unique spreadsheets and databases across eight locations and three continents, with local teams applying our globally standardized approach.
  2. Remediation assistance to fix spreadsheet logic errors and significant design flaws, and  redesign and development of a small number of particularly complex files, including the Group Cash Flow spreadsheet.
  3. Development of a control framework enabled by the client’s selected spreadsheet management solution.
  4. Partnering with spreadsheet owners to define appropriate monitoring for critical spreadsheets and configuring this monitoring within the management solution.
  5. Development of  training courses on good practice spreadsheet design and development, as well as general and “super-user” training on the management solution.
  6. Review and suggestion of updates to the client’s end user computing policy.

As a result of Protiviti’s insights, the client was able to achieve significant improvements to their areas of content.  The project resulted in: 

  1. Remediation of SOX-significant control deficiency
  2. Identification and correction of millions of dollars in critical spreadsheet errors
  3. Significant reduction in time to review quarterly files
  4. Significant return on investment from implementation of a spreadsheet management solution versus quarterly manual controls testing

Due to our client’s success with this effort, the control framework has already been adopted by another functional business area. Further adoption is planned throughout 2009. Our client has also expanded the scope of spreadsheets managed beyond those simply required for SOX compliance.

How We Help Companies Succeed

Today, organizations are confronted with a multitude of technologies related to networks, servers, point-of-use devices, operating systems, databases, applications and software development tools. Defining an organization’s technology road map and portfolio of technologies requires an effective architecture and set of standards; however, managing the provisioning of these critical information technology (IT) resources to satisfy demand according business priorities can be complex.

Protiviti works with clients to define and implement core IT support processes with effective controls that enable the allocation and measurement of critical IT resources according to business priorities.  Our team of technology risk professionals enables our clients to clearly define the risks of technology, reduce or manage the costs of risk identification, and enable the monitoring of business performance while managing technology risks.

Jonathan Wyatt
Managing Director
Kyle Furtis
Managing Director
  About Protiviti  

Protiviti ( is a global business consulting and internal audit firm composed of experts specializing in risk, advisory and transaction services. The firm helps solve problems in finance and transactions, operations, technology, litigation, governance, risk, and compliance. Protiviti’s highly trained, results-oriented professionals provide a unique perspective on a wide range of critical business issues for clients in the Americas, Asia-Pacific, Europe and the Middle East.

Protiviti has more than 60 locations worldwide and is a wholly owned subsidiary of Robert Half International Inc. (NYSE symbol: RHI). Founded in 1948, Robert Half International is a member of the S&P 500 index.