Flipping heck, just a quick google of 'Sarbanes-Oxley' and 'Spreadsheet' will get you the answer!

Like this for a start...

The Sarbanes-Oxley Act of 2002 (SOX) has forced corporations to examine their spreadsheet use in financial reporting. Surveys conducted in response to SOX have shown that spreadsheets are used widely in corporate financial reporting. Spreadsheet error research, in turn, has shown that nearly all large spreadsheets have multiple errors and that errors of material size are very common. The first round of Sarbanes-Oxley assessments confirmed concerns about spreadsheet accuracy. Another concern is spreadsheet fraud, which also exists in practice and is easy to perpetrate. This paper examines spreadsheet risks for Sarbanes-Oxley (and other regulations) and discusses how general and IT-specific control frameworks can be used to address the control risks created by spreadsheets.

It is difficult to provide non-repudiation within spreadsheets in a scalable context. To replace spreadsheets look towards governance, risk and compliance (GRC) management platforms. Vendors in this space include Axentis, BWise, MEGA, JmeSoftwares. They are a much better choice over the use of spreadsheets for SOX compliance.