Spreadsheet Woes – Burden in SOX Compliance and Other Regulations

End User Computing (EUC) or end User Developed Application (UDA) systems like spreadsheets used to be ideal ad-hoc solutions for data processing and financial reporting. But those days are long gone.

Today, due to regulations like the:

  • Sarbanes-Oxley (SOX) Act,
  • Dodd-Frank Act,
  • IFRS (International Financial Reporting Standards),
  • E.U. Data Protection Directive,
  • Basel II,
  • NAIC Model Audit Rules,
  • FAS 157,
  • yes, there?s more ? and counting

a company can be bogged down when it tries to comply with such regulations while maintaining spreadsheet-reliant financial and information systems.

In an age where regulatory compliance have become part of the norm, companies need to enforce more stringent control measures like version control, access control, testing, reconciliation, and many others, in order to pass audits and to ensure that their spreadsheets are giving them only accurate and reliable information.

Now, the problem is, these control measures aren’t exactly tailor-made for a spreadsheet environment. While yes, it is possible to set up a spreadsheet and EUC control environment that utilises best practices, this is a potentially expensive, laborious, and time-consuming exercise, and even then, the system will still not be as foolproof or efficient as the regulations call for.

Testing and reconciliation alone can cost a significant amount of time and money to be effective:

  1. It requires multiple testers who need to test spreadsheets down to the cell level.
  2. Testers will have to deal with terribly disorganized and complicated spreadsheet systems that typically involve single cells being fed information by other cells in other sheets, which in turn may be found in other workbooks, or in another folder.
  3. Each month, an organisation may have new spreadsheets with new links, new macros, new formulas, new locations, and hence new objects to test.
  4. Spreadsheets rarely come with any kind of supporting documentation and version control, further hampering the verification process.
  5. Because Windows won’t allow you to open two Excel files with the same name simultaneously and because a succession of monthly-revised spreadsheets separated by mere folders but still bearing the same name is common in spreadsheet systems, it would be difficult to compare one spreadsheet with any of its older versions.

But testing and reconciliation are just two of the many activities that make regulatory compliance terribly tedious for a spreadsheet-reliant organisation. Therefore, the sheer intricacy of spreadsheet systems make examining and maintaining them next to impossible.

On the other hand, you can’t afford not to take these regulations seriously. Non-compliance with regulatory mandates can have dire consequences, not the least of which is the loss of investor confidence. And when investors start to doubt the management’s capability, customers will start to walk away too. Now that is a loss your competitors will only be too happy to gain.

Learn more about our server application solutions and discover a better way to comply with regulations.

More Spreadsheet Blogs


Spreadsheet Risks in Banks


Top 10 Disadvantages of Spreadsheets


Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry


How Internal Auditors can win the War against Spreadsheet Fraud


Spreadsheet Reporting – No Room in your company in an age of Business Intelligence


Still looking for a Way to Consolidate Excel Spreadsheets?


Disadvantages of Spreadsheets


Spreadsheet woes – ill equipped for an Agile Business Environment


Spreadsheet Fraud


Spreadsheet Woes – Limited features for easy adoption of a control framework


Spreadsheet woes – Burden in SOX Compliance and other Regulations


Spreadsheet Risk Issues


Server Application Solutions – Don’t let Spreadsheets hold your Business back


Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Cloud Computing Trends: Where is the Cloud Headed Next?

Cloud adoption has been quick and painless at the consumer level. For instance, everyone’s on Gmail, YouTube, Facebook and Twitter on a daily basis yet most think nothing of the fact that they’re already using cloud-based services. Small businesses have also discovered how cloud solutions have raised efficiency in the workplace up a notch or two, while also bringing about significant cost savings. Cloud applications, particularly those for communication, file sharing, office software, backup and storage, and customer management, have rapidly grown in usage among SMBs.

In the same manner, large corporations are starting to see the potential of moving some of their IT department, whether its infrastructure or network management, to the cloud. By all indications it would seem that whether we are ready for it or not, cloud computing technology is here for the long haul.

So where is the cloud headed to next? In this post we examine the trends in the world of cloud computing and what likely lies in store in the near future for cloud users.

Focus on Security

Security has always been a key concern in the cloud computing industry and this will not go away anytime soon. If anything, data security in the cloud will only get to be in the limelight even more as cloud adopters grow in number. That’s why we expect professional cloud services providers to start implementing measures that will help slowly build up confidence in cloud security.

We should soon see more advanced security techniques and protocols that would increase the overall level of privacy and protection for cloud-stored information. Tighter security for login encryptions and prevention of unauthorized access are priority although there are a lot more issues that may need to be addressed. Now it remains to be seen whether these moves are enough for corporate clients to put their full trust in the cloud. But then again, they can always find ways to stay secure while making use of cloud computing where they can, which brings us to the next cloud trend.

Hybrid Approach

Large businesses are taking a longer time to get used to and actually use cloud services, and understandably so. After all, these companies have more at stake when it comes to dealing with such valid issues as security, compliance, outages, legacy systems, and more. However, they also cannot ignore the very appealing characteristics of the cloud. For big companies that have substantial IT needs, scalability, business agility, and faster deployment are listed as the biggest draws of the cloud.

This is why analysts predict that as as these businesses look toward leveraging the benefits of the cloud while at the same time maintaining control over mission critical data and systems, the use of a hybrid approach, i.e. putting some services in a public and at the same time opting to utilize a private cloud for other applications, will see enormous growth.

Mobile Cloud Computing

The BYOD or Bring Your Own Device business policy is another emerging trend that would not have been possible if not for cloud technology. This practice involves having employees bring their mobile devices to work, allowing them to access company files, data, and applications from their personally-owned gadgets in and out of the workplace.

As with any new business practice, the concept of BYOD can be both advantageous and disadvantageous. On the one hand, some believe it helps increase employee productivity and lifts their morale, while reducing overall IT costs. On the other hand, BYOD also opens up a whole new set of problems that are quite consistent with what many businesses take issue with with cloud technology: security. Do the pros outweigh the cons or vice versa? This much isn’t clear yet but what is evident is that more cloud apps are going mobile.

Efficiency, Innovation

While cost savings has always been one benefit that cloud proponents are quick to point out, its capability to improve and streamline business processes, thereby increasing efficiency and agility within the organization, is another key opportunity that the cloud offers. This is evident when you take a look at the most commonly used cloud services: backup and archiving, business continuity, collaboration tools, and big data processing.

Moreover, the cloud is making it easier for individuals to create new products and produce new lines of business. With access to higher IT capacity at lesser cost and at faster deployment rates, businesses can scale into more innovation without having to worry about the availability of computing resources.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
UK Hauliers Pull Together on ESOS

ESOS is what UK business needed, to encourage it to become more responsible for the environmental consequences of making money. Government has met with industry leaders to hammer out the finer details. Now there are heartening signs of intra-industry collaboration, for the example the FTA approach we discuss here.

The Freight Transport Association (FTA) is one of the UK?s biggest trade associations, and exists to represent the interests of companies moving goods by air, rail, sea and road. It is their representative at national, European and local level that advises them on legal compliance. In February 2015, it announced plans to help the industry comply with ESOS too.

The association has been active since the announcement of the UK?s Energy Saving Opportunity Scheme. It has engaged with government and membership through the portal of its Logistics Carbon Reduction Scheme (LCRS). The Environment Agency has singled this out as a benchmark other industries could follow.

FTA general manager for consultancy and tendering Karen Packham recently said, ?With our highly experienced and fully qualified team of transport auditors ?the FTA is best placed to offer practical advice and is able to provide specialist audits to ensure members are fully compliant ? and will gain all the benefits that the scheme has to offer.?

These co-audits with Environment Agency specialists advising, will focus on the full range of operational and supporting activities, and ensure that all haulage companies with over 250 employees do the following:

  • Assess energy use across their full spread of buildings, transport media and industrial activity
  • Examine energy-intensive pressure points and identify savings opportunities that provide financial benefit
  • Nominate an ESOS person to conduct future audits, or oversee and approve them independently
  • Report to the Environment Agency as scheme administrator per statutory intervals

Ecovaro has energy management software that turns metrics into high-level information that busy people understand. Give us a call if you are puzzling how best to present your data. We believe two heads can achieve so much more together.

Is the GDPR Good or Bad News for Business

The European Union?s General Data Protection Act (GDPR) is a new data authority coming into force on 25 May 2018. It replaces the current Data Protection Directive 95/46/EC, while extending the remit to include the export of personal data outside the EU. It aims to give EU citizens and residents living there more control over their personal information. It also hopes to make regulatory compliance simpler for participating businesses.

The Broad Implications for Business
The GDPR puts another layer of accountability on businesses falling within its remit. It requires them to implement ?comprehensive but proportionate governance measures? including recording how they make decisions. The long-term goal is to reduce privacy infringements. In the short run, businesses without good governance may find themselves writing new policies and procedures.

Article 5 of the European Union?s General Data Protection Act lays down the following guidelines for managing personal data. This shall be ?
? Processed transparently, fairly, and lawfully
? Acquired for specific, legitimate purposes only
? Adequate, relevant and limited to essentials
? Not used for any other, incompatible purpose
? However it may be archived in the public interest
? Kept up to date with all inaccuracies corrected
? Ring-fenced when the information becomes irrelevant
? Adequately protected against unauthorised access
? Stored in a way that prevents accidental loss
Furthermore, affected businesses shall appoint a ?controller responsible for, and able to demonstrate, compliance with the principles.?

Implementing Accountability and Governance
The UK Information Commissioner?s Office has issued guidelines regarding provisions to assure governance and accountability. These are along the lines of the ?don’t tell me, show me? management approach the office has generally been following. In summary form, a business, and its controller must:
? Implement measures that assist it to ensure demonstrated compliance
? Maintain suitable, relevant records of personal data processing activities
? Appoint a dedicated data protection officer if scale makes this appropriate
? Implement technologies that ensure data protection by design
? Conduct data protection assessments and respond to results timeously

Implementing the General Data Protection Act in Ireland
The Irish Data Protection Commissioner has decided it is unnecessary to incorporate the GDPR into Irish law, since EU regulations have direct effect. The office of the Commissioner is working in tandem with data practitioners, and industry and professional bodies to raise awareness in business through 2017. It has produced a document detailing what it considers the essentials for business compliance. Briefly, these pre-requisites are:
? Ensure awareness among key personnel, and make sure they incorporate the GDPR into their planning
? Conduct an early assessment of quality management gaps, and budget for additional resources needed
? Do an audit of personal data held, to determine the origin, the necessity to hold it, and with whom shared
? Inform internal and external stakeholders of the current status, and your future plans to implement the GDPR
? Examine current procedures in the light of the new directive. Could you ?survive? a challenge from a data subject?
? Determine how you will process requests for access to the data in the future from within and outside your organization
? Assess how you currently obtain customer consent to store their data. Is this “freely given, specific, informed and unambiguous”?
? Find how you handle information from underage people. Do you have systems to verify ages and obtain guardian consent?
? Implement procedures to detect, investigate, and report data breaches to the Data Protection Commissioner within 72 hours
? Implement a culture of always assessing the effect on individual privacy before starting new initiatives

So Is the GDPR Good or Bad for Business
The GDPR should be good news for business customers. Their personal data will be more secure, and they should see their rate of spam marketing come down. The GDPR is also good news for businesses currently investing resources to protect their clients? interests. It could however, be bad news for businesses that have not been focussing on these matters. They may have a high mountain to climb to come in line with the GDPR.
Disclaimer: This article is for information only and not intended as a comprehensive guide.

Contact Us

  • (+353)(0)1-443-3807 (IRL)
  • (+44)(0)20-7193-9751 (UK)

Ready to work with Denizon?