Spreadsheet Access Controls

Access to Sarbanes Oxley spreadsheets should be controlled to ensure that only authorized staff can gain access and make changes to the spreadsheet.

Ideally the spreadsheet should be stored in a folder that only allows authorized staff to access it (contact your IT department to find out which ones to use).

If the spreadsheet is NOT stored in an access restricted folder (e.g. on your hard drive, unrestricted folder or on a memory stick), then it MUST be password protected (see below on how to assign passwords to spreadsheets). You may also need to have separate passwords for users who can access the spreadsheet versus users who can make changes to the spreadsheet.

Individual cells within the spreadsheet can also be protected (see below on how to activate it in Excel). This is particularly important in spreadsheets that are used by a number of people. Cells that contain formula should be protected from accidental changes or deletion.

Even protection without a password can be sufficient to prevent casual errors. Protection with a password is much more secured, but there is no remedy if the password is lost.