Why Spreadsheets can send the Pillars of Solvency II Crashing Down


Solvency II is now fast approaching and while it may provide added protection to policy holders, its impact on the insurance industry is not all a bed of roses. Expect insurance companies to restructure, increase manpower, and raise spending on actuarial operations and risk management initiatives. Those that cannot, will have to go. But what have spreadsheets got to do with all these?

Well, spreadsheets aren’t really the main casts in this blockbuster of a regulatory exercise but they certainly have a significant supporting role to play. Pillar I of Solvency II, which calls for improved supervision on internal control, risk management, and corporate governance, and Pillar II, which tackles supervisory reporting and public disclosure of financial and other relevant information, both affect systems that have high-reliance on spreadsheets.

A little background about spreadsheets might help.

Who needs an IT solution when you can have spreadsheets?

Everyone in any organisation just love spreadsheets; from the office clerk to the CEO. Because they’re so easy to use (not to mention they’re a staple in office computers), people employ them for processing numbers and as an all-around tool for planning, forecasting, reporting, complex modelling, market data analysis, and so on. They make such tasks faster and easier. Really?

You probably haven’t heard of spreadsheet hell

Unfortunately, spreadsheets do have certain shortcomings. Due to their inherent structure and lack of controls, it is so easy to commit simple errors like an accidental copy paste, an omission of a negative sign, an incorrect data input, or an unintentional deletion. Such shortcomings may seem harmless until your shareholders discover a multi-million discrepancy in your financial report.

And because spreadsheet errors can go undetected for a long time, they are constant targets of fraudsters. In other words, spreadsheets are high risk applications.

Solvency II Impact on Spreadsheet-based Financial and IT Systems

Regulations like Solvency II, are aimed at reducing risks to manageable levels. Basically, Solvency II is a risk-based system wherein a company?s capital requirements will depend on its measured riskiness. If companies want to avoid facing onerous capital requirements, they have to comply.

The three pillars of Solvency II have to be in place. Now, since spreadsheets (also known as User Developed Applications or UDAs) are high-risk applications with weak control features and prone to produce inaccurate reports, companies will have a lot of work to do to establish Pillars II and III.

There are at least 8 articles that impact spreadsheets in the directive. Article 82, for example, which requires firms to ensure a high level of data quality and accuracy, strikes at the very core of spreadsheets? weakness.

A whitepaper by Raymond Panko entitled ?Spreadsheets and Sarbanes-Oxley: Regulations, Risks, and Control Frameworks? mentioned that 94% of audited real world operational spreadsheets that were included in his study were found to have errors and that an average of 5.2% of all cells in the audited spreadsheets had errors.

Furthermore, many articles in the directive call for the enforcement of better documentation. This is one thing that’s very tedious and almost unrealistic to do with spreadsheets because just about anyone uses them. Besides, with different ‘versions? of the same data existing in different workstations throughout the organisation, it would be extremely difficult to keep track of them all.

Because of spreadsheets you now need an IT solution

It is clear that, with the growing number of regulations and the mounting complexity of tasks needed for compliance, spreadsheets no longer belong in this era. What you need is a server-based solution that allows for seamless collaboration, data reliability, data consistency, increased security, automatic consolidation, and all the other features that make regulation compliance more doable.

One important ingredient for achieving Solvency II compliance is sound data risk management. Sad to say, the ubiquitous spreadsheet will only expose your data to more risks.

More Spreadsheet Blogs


Spreadsheet Risks in Banks


Top 10 Disadvantages of Spreadsheets


Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry


How Internal Auditors can win the War against Spreadsheet Fraud


Spreadsheet Reporting – No Room in your company in an age of Business Intelligence


Still looking for a Way to Consolidate Excel Spreadsheets?


Disadvantages of Spreadsheets


Spreadsheet woes – ill equipped for an Agile Business Environment


Spreadsheet Fraud


Spreadsheet Woes – Limited features for easy adoption of a control framework


Spreadsheet woes – Burden in SOX Compliance and other Regulations


Spreadsheet Risk Issues


Server Application Solutions – Don’t let Spreadsheets hold your Business back


Why Spreadsheets can send the pillars of Solvency II crashing down

Advert-Book-UK

amazon.co.uk

Advert-Book-USA

amazon.com

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Maturing Into CMMI

 

In all likelihood, the reason why you landed on this page was because you were seeking CMMI experts to help you meet the demands of a growing number of potential clients who require CMMI compliance.

Whether or not you’re here for that reason, you might want to know why CMMI or Capability Maturity Model Integration is steadily becoming a common denominator among highly successful software and engineering development companies. If you stay for a while, we can show you how CMMI can substantially increase your organisation’s chances of:

  • reducing development costs;
  • acquiring new customers and retaining old ones;
  • beating deadlines;
  • bringing down development time;
  • increasing the overall quality of your products and services; and
  • improving the level of satisfaction of customers, employees, and all other stakeholders.

Surely, no organisation can be too small or too big to aspire for such benefits of attaining high levels of maturity and capability.

If you want to look beyond Maturity Level ratings, then you’ve come to the right place. We focus on introducing CMMI principles and blending them into your organisation’s culture to achieve a truly superior and sustainable business advantage. Compliance will then be an inevitable offshoot of the actions you make.

Likewise, if you simply want to obtain a deeper understanding of CMMI and learn how it can be applied either to your entire organisation or to specific projects, we’d be happy to assist you in that regard as well.

Finally, when you’re ready, we can also conduct CMMI appraisals either for benchmarking purposes or simply for determining how well your process improvement initiatives are going.

CMMI Consulting

Are you worried that implementing CMMI might entail an overhaul of your current processes? Don’t be.

CMMI is all about improving current processes, not replacing them. Ideally, the final result of all process improvement activities should be hinged on your own business objectives and context, so we’ll make sure it remains that way when we work with you.

We rely on our extensive knowledge and experience in CMMI, engineering, software development, and technologies as well as in change and project management in providing model-based process improvement services. Whether you’re gearing up for an appraisal or simply want to employ CMMI-based practices, these are the things we can do for you.

  • Help you interpret how CMMI can be implemented in relation to your business.
  • Assist in convincing sponsors and stakeholders to support your CMMI implementation initiatives.
  • Introduce the necessary training to all individuals who need to undertake them.
  • Conduct a Gap Analysis to find out where your company’s current processes stand relative to their CMMI specifications.
  • Assemble a process group that will champion your process improvement initiatives. We’ll facilitate effective collaboration among its team members, transforming them into a cohesive force designed to carry out plans and motivate everyone else down the line.
  • Introduce tools and practices that will improve the efficiency of our process improvement initiatives.
  • Carry out periodic evaluations and produce reports to provide sponsors and stakeholders a clear picture of our progress.

CMMI Training

Still not convinced CMMI is right for you? There’s only one way to fully grasp the benefits of implementing CMMI – take the Introduction to CMMI course. Although what happens next is entirely up to you, we’re pretty sure you’ll make the right decision after passing it.

Do you need to include people from your organisation in a SCAMPI (Standard CMMI Appraisal Method for Process Improvement) team? They’ll have to undergo this course too. The Introduction to CMMI is for systems and software engineering managers and practitioners, appraisal team members, process group members, and basically anyone who want to grasp CMMI fundamentals.

This is what you’ll be able to do after going through 3 days of lectures and exercises:

  • Gain a deeper understanding of the various components of CMMI-DEV models and their relationships.
  • Discuss the process areas in CMMI-DEV models.
  • Extract and interpret aspects in the model relevant to your own organisation’s processes.

We also offer highly specialised training and workshops such as those for:

  • Achieving High Maturity Levels
  • Top Executives
  • Team Building in Preparation for Appraisals

CMMI Appraisal

An organisation new to CMMI will want to know first how far their current processes are relative to the implementation of model-based improvements in order to determine the resources and time that have to be spent to get there.

Similarly, an organisation already well acquainted with CMMI and has begun taking steps in improving processes, will eventually want to know how close it has come to the Maturity Level it has aimed for.

In both cases, these organisations will have to be assessed by a qualified CMMI appraiser to obtain an accurate picture of their current status. We can perform appraisals on either your entire organisation or on specific projects/practices within a process area. Our appraisers can conduct the following SCAMPI (Standard CMMI Appraisal Method for Process Improvement) appraisals:

  • SCAMPI Class A – This is what you’ll need if you’re aiming for a level rating.
  • SCAMPI Class B – You may want to use this for process reviews or for preparing for a SCAMPI Class A.
  • SCAMPI Class C or Gap Analysis – We typically conduct this for organisations who have yet to implement CMMI-based initiatives so that they can design the most cost-effective road map for the implementation proper.
The General Data Protection Regulation & The Duty to use Encryption

The General Data Protection Regulation, abbreviated to GDPR, raised a storm when it arrived. In reality, it merely tightened up on existing good practice according to digital security specialists Gemalto. The right to withhold consent and to be forgotten has always been there, for example. However, the GDPR brings a free enforcement service for consumers, thus avoiding the need for third party, paid assistance.

The GDPR Bottom Lines for Data Security
Moreover, the GDPR has penalties it can apply, of the order that might have a judge choking on his wig. Under it, data security measures such as pseudonymisation (substitution of identifying fields) and encryption (encoding including password protection) have become mandatory. Businesses must further respect their client data by:

a) Storing it in a secure environment supported by robust services and systems

b) Having proven measures to restore availability and access after a breach

c) Being able to prove frequent effectiveness testing of these measures.

The General Data Protection Regulation places an onus on businesses to report any data breaches. This places us in a difficult situation. We must either face at least a wrist slap upon reporting failures. Alternatively, pay a fine of up to ?10 million, or 2% of total worldwide annual turnover.

The Engineered Weak Link in the System
Our greatest threat of breach is probably when the data leaves our secure environment, and travels across cyberspace to an employee, stakeholder, collaborator, or the client themselves. Since email became open to attack, businesses and individuals have turned to sharing platforms like Dropbox, Google Drive, Skydrive, and so on. While these do allow an additional layer of password protection, none of these has proved foolproof. The GDPR may still fine us heavily, whether or not we are to blame for the actual breach.

How Hacking is Approaching Being a Science
We may make a mistake we may regret, if we do not take hacking seriously. The 10 worst data hacks Identity Force lists are proof positive that spending lots of money does not guarantee security (any more than having the biggest stock of nuclear weapons). We have to be smart, and start thinking the way that hackers do.

Hacker heaven is finding an Experian or a Dun & Bradstreet that may have shielded 143 million, and 33 million consumer records respectively, behind a single, flimsy cyber-security door. Ignorance is no excuse for them. They should simply have known better. They should have rendered consumer data unreadable at individual record level. The hackers could have found this too demanding to unpick, and have looked elsewhere.

How Data Encryption Can Help Prevent Hackers Succeeding
Encrypting data is dashboard driven, and businesses need not concern themselves about it works. There are, however, a few basic decisions they must take:

a) Purge the database of all information held without explicit permission

b) Challenge the need for the remaining data and purge the nice-to-haves

c) Adopt a policy of encrypting access at business and customer interfaces

d) Register with three freemium encryption services that seem acceptable

e) After experimenting, sign up for a premium service and be prepared to pay

Factors to Consider When Reaching a Decision
Life Hacker?suggests the following criteria although the list is a one-size-fits-all

a) Is the system fast, simple, and easy to operate

b) Can you encrypt hidden volumes within volumes

c) Can you mass-encrypt a batch of files easily

d) Do all other files remain encrypted when you open one

e) Do files automatically re-encrypt when you close them

f) How confident are you with the vendor, on a scale of 1 to 10

It may be wise to encrypt all the files on your system, and not just your customer data. We are always open to a hack by the competition after our strategic planning. If we leave the decision up to IT, then IT, being human may take the easy way out, and encrypt as little as possible.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Spend more to reduce costs?

It is becoming increasingly important to not to analyse energy consumption for all utility types, be it electricity, gas, water, heat, renewables, oil etc. The bottom line is both operational efficiency and utility costs monitoring. In the long run, these are management strategies designed to drive energy costs downwards as a continuous improvement cycle and as a measure of reducing carbon emissions.

It is also getting increasingly easier for organisations reduce energy use and achieve this goal using technology without having to “remember” to do it yourself. Organisations can never go wrong by investing in energy management software. There are varied software options to choose from depending on the organisational objective.
Some of the energy management objectives that organisations may need to meet are:

? Establishing baseline energy use

? Carrying out Energy audits

? Monitoring and measuring energy performance against the energy policies of an organisation and objectives

? Achieving energy certification
Energy management software?s come in handy when an organization wishes to achieve either of the above objectives.

Use of energy management software?s also assists organisations in measurement and verification of energy consumption as well as Monitoring and Targeting. Measurement and verification is where a company quantifies energy consumption beforehand (baseline energy use) and after energy consumption measurements are implemented in order to verify and report on the level of savings actually achieved.

Organisations that wish to verify the energy savings achieved by building retrofits can use energy management software?s. This is an important objective for companies that wish to either satisfy internal financial accounting and reporting requirements, or to meet the terms of third-party contracts for project implementation and management. Monitoring and targeting is also made easier by use of software. This is critical as a management technique, regardless of whether an organisation has specific facility retrofits in order to keep operations efficient and to monitor utility costs.
Overall, an investment in energy management software, is worthwhile in the achievement of management strategies designed to drive energy costs downwards as a continuous improvement cycle.

Ready to work with Denizon?

Contact Us Today