Task 2 Test Spreadsheet Controls: A) Based on the spreadsheet inventory performed in Task 1, the head of your Internal Audit team has provided you with the Excel spreadsheet that has the highest \"composite risk assessment\" and asked you to test the spreadsheet controls. You have also been provided with general Internal Audit guidance which instructs you on which spreadsheet controls need to be evaluated (included below) and a more detailed \"Internal Audit Program\" Excel file. To test the spreadsheet controls, you will need to follow the detailed steps included in the \"Internal Audit Program,\" which address how to test the spreadsheet controls required by your Internal Audit guidance. You should follow the audit program provided on WP 2000 of the Excel file and document any errors/issues noted, details about your procedures, and your conclusions andfor recommendations based on your testing on WP 2000. You will also need to sign off when you have completed each step. The first two steps in the audit program have been performed already by another member of the Internal Audit team. Your Internal Audit Guidance, adapted from guidance provided by the IT Governance Institute (2006), instructs you to evaluate each of the following areas, the Internal Audit Program references which steps in your testing address each area: a. Access control evaluate whether access is properly limited to the spreadsheet. The spreadsheet should be stored on a network server with appropriate user access restrictions. b. Change control evaluate whether there is a process for making changes to the spreadsheet and whether the users document changes made within a tab in the spreadsheet. c. Documentation evaluate whether there is sufficient documentation about the objectives and functions of the spreadsheet. This documentation should be updated as changes to the objective and functions occur. d. Testing evaluate whether the spreadsheet is functioning as intended based on its documented purpose. A person independent of the spreadsheet (such as Internal Audit) should perform a detailed review. e. Input control confirm whether data input into the spreadsheet is complete and accurate by reconciling the inputs to source documents. f. Security and integrity of data evaluate whether certain important cells are \"locked\" or protected from unauthorized or inadvertent changes to the spreadsheet. g. Logic inspection examine the spreadsheet's logic. A person independent of the spreadsheet's development or use (such as Internal Audit) should carefully inspect and document the spreadsheet logic