Last Friday, we shared with you an example of one of the type of projects our consultants work on. Today, we decided to continue sharing with you a different type of project example we could perform at client sites. The below case study is taken directly from our website and focuses on the work we perform within IT Consulting solution.

Today, organizations are confronted with a multitude of technologies related to networks, servers, point-of-use devices, operating systems, databases, applications and software development tools. Defining an organization’s technology road map and portfolio of technologies requires an effective architecture and set of standards; however, managing the provisioning of these critical information technology (IT) resources to satisfy demand according business priorities can be complex.

Protiviti works with clients to define and implement core IT support processes with effective controls that enable the allocation and measurement of critical IT resources according to business priorities.  Our team of technology professionals enables our clients to clearly define the risks of technology, reduce or manage the costs of risk identification, and enable the monitoring of business performance while managing technology risks.

Client Challenge: Our client had a significant Sarbanes-Oxley (SOX) deficiency related to its utilization of end user-developed applications, including both spreadsheets and databases. This issue received considerable attention from external auditors, the board of directors, and the operational risk management team. These errors could have impacted the client’s financial statements by hundreds of millions of dollars.

Protiviti’s professionals helped our client to design an assessment approach that provided assurance over the integrity of key end user applications. This included the following steps:

  • Baseline testing for more than 500 unique spreadsheets and databases across eight locations and three continents, with local teams applying our globally standardized approach.
  • Remediation assistance to fix spreadsheet logic errors and significant design flaws, and  redesign and development of a small number of particularly complex files, including the Group Cash Flow spreadsheet.
  • Development of a control framework enabled by the client’s selected spreadsheet management solution.
  • Partnering with spreadsheet owners to define appropriate monitoring for critical spreadsheets and configuring this monitoring within the management solution.
  • Development of  training courses on good practice spreadsheet design and development, as well as general and “super-user” training on the management solution.
  • Review and suggestion of updates to the client’s end user computing policy.

As a result of Protiviti’s insights, the client was able to achieve significant improvements to their areas of content.  The project resulted in:

  • Remediation of SOX-significant control deficiency
  • Identification and correction of millions of dollars in critical spreadsheet errors
  • Significant reduction in time to review quarterly files
  • Significant return on investment from implementation of a spreadsheet management solution versus quarterly manual controls testing

Due to our client’s success with this effort, the control framework has already been adopted by another functional business area. Further adoption is planned throughout the year. Our client has also expanded the scope of spreadsheets managed beyond those simply required for SOX compliance.

If this type of work sounds engaging to you, then we encourage you to visit to find a consulting position in one of our offices.

Leave a Reply