Verify the Usage of Spreadsheets for Financial Information

C.

As an IS auditor, the first thing to verify in this situation is whether there is a complete inventory of end-user computing (EUC) spreadsheets, which is option C.

End-user computing (EUC) spreadsheets are those spreadsheets created and maintained by non-IT personnel to support business operations. The use of EUCs can pose significant risks to organizations due to the lack of controls and oversight, which may result in errors, fraud, or non-compliance with regulations.

Therefore, it is crucial to have a complete inventory of EUCs to understand the scope of the risk exposure and ensure proper control over these spreadsheets. The inventory should include information such as the purpose of the spreadsheet, its owner, the data sources used, and the controls in place.

Once the inventory is complete, the auditor can verify whether the spreadsheets meet the minimum IT general controls requirements (option A) to ensure that they are secure, reliable, and available when needed. The auditor should also check whether adequate documentation and training are available for spreadsheet users (option D) to ensure that they are using the spreadsheets properly and accurately.

Finally, the auditor can verify whether the spreadsheets are being formally reviewed by the chief financial officer (CFO) (option B) to ensure that they are providing accurate financial information and that any issues or discrepancies are identified and addressed in a timely manner.

In conclusion, while all of the options are important, the first step for the auditor is to verify whether there is a complete inventory of EUC spreadsheets to understand the scope of the risk exposure and ensure proper control over these spreadsheets.