Spreadsheet Fraud

To any company executive or business owner, the mere possibility of fraud can be enough to send alarm bells ringing – for good reason. In a prolonged recession, the last thing investors would want to discover is a huge, gaping hole where supposedly a neat profit should have been. Also to find out that such loss was brought about by deliberately falsified accounting and poor spreadsheet controls only makes the situation even more regrettable.

Why?

Because these losses would not have occurred had there been a stronger risk management program in place and more stringent quality control on critical data to begin with.

But given the nature of a spreadsheet system i.e. its sheer flexibility and easy accessibility, plus the fact that they were never intended to be enterprise-level tools, there are no hard and fast rules for auditing spreadsheets. Also because of the lack of internal controls for end user computing (EUC) applications, in this case spreadsheets, you can’t expect these systems to yield consistently accurate results.

In fact, most managers assume that major spreadsheet errors should result in figures that are blatantly out of touch with how things stand in the real world, making these errors easily detectable.

Well they assumed wrong. You’ll find cases where the losses ran to millions of dollars without anyone being the wiser.

In instances of fraud, the problem becomes more complicated as these errors are deliberately hidden and cleverly disguised, perhaps one erroneous cell at a time. Even if these cover-ups started out with smaller figures that may have had negligible impact on a company?s operation, the cumulative costs of these ?insignificant? errors multiply exponentially as the spreadsheets are reused and utilised as bases for other related reports.

While there is no generally accepted definition of the term ?spreadsheet fraud?, its quite easy to identify one when a case crops up. Fraud arising from spreadsheets are typically characterised by:

Fallacious inputs – correct figures are deliberately replaced with false values.

Erroneous outputs owing to data alteration – hyperlinks are linking to the wrong spreadsheets or cells; use of macros or special lines of code which are understandable only to the person who developed the code.

Concealment of critical information – can be done with easy ?tweaks? such as hidden rows and columns, using the same colour for both the font and the background, or hard coding additional values into a cell.

There is nothing really highly-sophisticated or technical in any of these methodologies. But without internal spreadsheet controls in place, it would take a discerning eye and a thorough review to catch the inconsistencies contained in a spreadsheet fraught with errors. Also, if these errors are knowingly placed there, the chances of finding them are close to nil.

Learn more about our server application solutions and discover a better way to protect your company from spreadsheet fraud.

More Spreadsheet Blogs


Spreadsheet Risks in Banks


Top 10 Disadvantages of Spreadsheets


Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry


How Internal Auditors can win the War against Spreadsheet Fraud


Spreadsheet Reporting – No Room in your company in an age of Business Intelligence


Still looking for a Way to Consolidate Excel Spreadsheets?


Disadvantages of Spreadsheets


Spreadsheet woes – ill equipped for an Agile Business Environment


Spreadsheet Fraud


Spreadsheet Woes – Limited features for easy adoption of a control framework


Spreadsheet woes – Burden in SOX Compliance and other Regulations


Spreadsheet Risk Issues


Server Application Solutions – Don’t let Spreadsheets hold your Business back


Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

Check our similar posts

How Bouygues manages an Empire-Sized Footprint

Bouygues is into telecoms / media, and building and road construction. It also knows it has to watch its energy footprint closely. Owning 47% of energy giant Alstom keeps it constantly in the media spotlight. Shall we find out more about its facility management policies?

The journal Premises and Facilities Management interviewed MD Martin Bouygues on his personal opinions concerning managing energy consumption in facilities. He began by commenting that this was hardly a subject for the C-Suite in years gone by. Low-level clerks simply paid the bills following which the actual amounts were lost in the general expenses account. That of course has changed.

Early pressure came from soaring energy bills, which were pursued by a whole host of electricity-saving gadgets. However, it was only after the carbon crisis caught business by surprise that the link was forged to aerial pollution, and the social responsibilities of big business to help with the solution. The duty to have an energy strategy became an obligation eagerly policed by organisations such as Greenpeace.

Unsurprisingly, Martin Bouygues? advice begins with keeping energy consumption and its carbon footprint as high up on the agenda as health and safety. ?It needs bravery and a lot of hard work to get it there,? he says, ?so perseverance is the key?. 

The company has developed proprietary software that enables it to pull data from remote sensors in more than 80 countries every fifteen minutes. A single large building can contribute 50 million data items annually making data big business in the system. Every building has an allocated energy performance contract against which results are reported monthly, as a basis for reviewing progress.

The system is intelligent and able to incorporate low-occupancy periods such as weekends and public holidays. What is measured gets managed. We all know that, but how many of us apply the principle to our energy bills. With assistance from ecoVaro, the possible becomes real.

We offer a similar service to the Bouygues model with one notable exception. You don’t buy the software and you only pay when you use it. Our systems are simply designed for busy financial managers.

Quality Assurance

 

There is a truism that goes “The bitterness of poor quality is remembered long after the sweetness of low price has faded from memory”.

While every consumer can probably relate to this idea, business enterprises offering goods and services are the ones that should heed this the most.

Quality Management Systems

The concept of quality was first introduced in the 1800’s. Goods were then still mass-produced, created by the same set of people, with a few individuals assigned to do some “tweaking” on the product to bring it to acceptable levels. Their idea of quality at that time may not have been that well-defined, but it marked the beginnings of product quality and customer satisfaction as we know it now.

Since then, quality has developed into a very basic business principle that every organisation should strive to achieve. Yet while every business recognises the importance of offering product and service quality, it is not something that can be achieved overnight.

If you’ve been in any type of business long enough, you should know that there is no “quick-fix” to achieving quality. Instead, it is an evolving process that needs to be continually worked on. And this is where the importance of having a workable Quality Management System (QMS) in an organisation comes in.

Whatever Quality tools and processes you need to implement the change needed in your organisation, we can help you with it. We are ready to work in partnership with your team to develop strategic systems which will produce significant performance improvements geared towards the achievement of quality.

What is a Quality Management System?

A Quality Management System is defined as the set of inter-related objectives, processes, and operating procedures that organisations use as a guide to help them implement quality policies and attain quality objectives.

Needless to say, the ultimate goal of every quality management system is to establish quality as a core value of the company among all employees, and across all products and services. Why? Because quality services make for happy customers, and satisfied customers ensure continued business for the company.

A Quality Management System does not stop with simply having a set of guidelines that the leaders of a company can easily have their organisation members accept and adhere to. Rather, effective QMS can be implemented when management provides a culture of pride and patience, which will inspire acceptance of individual and group responsibility.

In this manner, not only the heads of the organisation but the employees as well, will develop the desire to achieve company goals that will benefit:

  • All contributing teams;
  • The customers; and
  • The company as a whole.

Find out more about our Quality Assurance services in the following pages:

Is the GDPR Good or Bad News for Business

The European Union?s General Data Protection Act (GDPR) is a new data authority coming into force on 25 May 2018. It replaces the current Data Protection Directive 95/46/EC, while extending the remit to include the export of personal data outside the EU. It aims to give EU citizens and residents living there more control over their personal information. It also hopes to make regulatory compliance simpler for participating businesses.

The Broad Implications for Business
The GDPR puts another layer of accountability on businesses falling within its remit. It requires them to implement ?comprehensive but proportionate governance measures? including recording how they make decisions. The long-term goal is to reduce privacy infringements. In the short run, businesses without good governance may find themselves writing new policies and procedures.

Article 5 of the European Union?s General Data Protection Act lays down the following guidelines for managing personal data. This shall be ?
? Processed transparently, fairly, and lawfully
? Acquired for specific, legitimate purposes only
? Adequate, relevant and limited to essentials
? Not used for any other, incompatible purpose
? However it may be archived in the public interest
? Kept up to date with all inaccuracies corrected
? Ring-fenced when the information becomes irrelevant
? Adequately protected against unauthorised access
? Stored in a way that prevents accidental loss
Furthermore, affected businesses shall appoint a ?controller responsible for, and able to demonstrate, compliance with the principles.?

Implementing Accountability and Governance
The UK Information Commissioner?s Office has issued guidelines regarding provisions to assure governance and accountability. These are along the lines of the ?don’t tell me, show me? management approach the office has generally been following. In summary form, a business, and its controller must:
? Implement measures that assist it to ensure demonstrated compliance
? Maintain suitable, relevant records of personal data processing activities
? Appoint a dedicated data protection officer if scale makes this appropriate
? Implement technologies that ensure data protection by design
? Conduct data protection assessments and respond to results timeously

Implementing the General Data Protection Act in Ireland
The Irish Data Protection Commissioner has decided it is unnecessary to incorporate the GDPR into Irish law, since EU regulations have direct effect. The office of the Commissioner is working in tandem with data practitioners, and industry and professional bodies to raise awareness in business through 2017. It has produced a document detailing what it considers the essentials for business compliance. Briefly, these pre-requisites are:
? Ensure awareness among key personnel, and make sure they incorporate the GDPR into their planning
? Conduct an early assessment of quality management gaps, and budget for additional resources needed
? Do an audit of personal data held, to determine the origin, the necessity to hold it, and with whom shared
? Inform internal and external stakeholders of the current status, and your future plans to implement the GDPR
? Examine current procedures in the light of the new directive. Could you ?survive? a challenge from a data subject?
? Determine how you will process requests for access to the data in the future from within and outside your organization
? Assess how you currently obtain customer consent to store their data. Is this “freely given, specific, informed and unambiguous”?
? Find how you handle information from underage people. Do you have systems to verify ages and obtain guardian consent?
? Implement procedures to detect, investigate, and report data breaches to the Data Protection Commissioner within 72 hours
? Implement a culture of always assessing the effect on individual privacy before starting new initiatives

So Is the GDPR Good or Bad for Business
The GDPR should be good news for business customers. Their personal data will be more secure, and they should see their rate of spam marketing come down. The GDPR is also good news for businesses currently investing resources to protect their clients? interests. It could however, be bad news for businesses that have not been focussing on these matters. They may have a high mountain to climb to come in line with the GDPR.
Disclaimer: This article is for information only and not intended as a comprehensive guide.

Contact Us

  • (+353)(0)1-443-3807 (IRL)
  • (+44)(0)20-7193-9751 (UK)

Ready to work with Denizon?

Contact Us Today