two men standing far away by the window

Protiviti helps a client address a significant SOX deficiency and manage end user computing risk


  Client Challenge  
Our client had a significant Sarbanes-Oxley (SOX) deficiency related to its utilization of end user-developed applications, including both spreadsheets and databases. This issue received considerable attention from external auditors, the board of directors, and the operational risk management team. These errors could have impacted the client’s financial statements by hundreds of millions of dollars.
Protiviti’s professionals helped our client to design an assessment approach that provided assurance over the integrity of key end user applications. This included the following steps: 
  1. Baseline testing for more than 500 unique spreadsheets and databases across eight locations and three continents, with local teams applying our globally standardized approach.
  2. Remediation assistance to fix spreadsheet logic errors and significant design flaws, and  redesign and development of a small number of particularly complex files, including the Group Cash Flow spreadsheet.
  3. Development of a control framework enabled by the client’s selected spreadsheet management solution.
  4. Partnering with spreadsheet owners to define appropriate monitoring for critical spreadsheets and configuring this monitoring within the management solution.
  5. Development of  training courses on good practice spreadsheet design and development, as well as general and “super-user” training on the management solution.
  6. Review and suggestion of updates to the client’s end user computing policy.

As a result of Protiviti’s insights, the client was able to achieve significant improvements to their areas of content.  The project resulted in: 

  1. Remediation of SOX-significant control deficiency
  2. Identification and correction of millions of dollars in critical spreadsheet errors
  3. Significant reduction in time to review quarterly files
  4. Significant return on investment from implementation of a spreadsheet management solution versus quarterly manual controls testing

Due to our client’s success with this effort, the control framework has already been adopted by another functional business area. Further adoption is planned throughout 2009. Our client has also expanded the scope of spreadsheets managed beyond those simply required for SOX compliance.

How We Help Companies Succeed

Today, organizations are confronted with a multitude of technologies related to networks, servers, point-of-use devices, operating systems, databases, applications and software development tools. Defining an organization’s technology road map and portfolio of technologies requires an effective architecture and set of standards; however, managing the provisioning of these critical information technology (IT) resources to satisfy demand according business priorities can be complex.

Protiviti works with clients to define and implement core IT support processes with effective controls that enable the allocation and measurement of critical IT resources according to business priorities.  Our team of technology risk professionals enables our clients to clearly define the risks of technology, reduce or manage the costs of risk identification, and enable the monitoring of business performance while managing technology risks.

Jonathan Wyatt
Managing Director
Kyle Furtis
Managing Director
  About Protiviti  
Protiviti ( is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit, and has served more than 60 percent of Fortune 1000® and 35 percent of Fortune Global 500® companies. Protiviti and our independently owned Member Firms serve clients through a network of more than 70 locations in over 20 countries. We also work with smaller, growing companies, including those looking to go public, as well as with government agencies.
Named one of the 2015 Fortune 100 Best Companies to Work For®, Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.