Spreadsheet Woes – Limited Features For Easy Adoption of a Control Framework

Like it or not, regulations are here to stay and for a company to comply with them, its IT and financial systems will have to be equipped with a suitable control framework. One common stumbling block to such an implementation is a company?s over-reliance on spreadsheets.

Why is it so difficult to adopt controls for a system that’s reliant on spreadsheets? To understand this, let’s pinpoint some of the strongest, most powerful attributes of these User Developed Applications (UDA).

By nature, spreadsheets are the epitome of simplicity: easy to develop, easily accessible and easily altered. All computers in your workplace will most likely have them and everyone in your organization may be sharing them, making their own versions, and storing them in personal folders.

Sad to say though, these strengths are also control weaknesses and constitute the very reasons why spreadsheets require effective risk management.

Easy to develop. Being easy to develop, most spreadsheet systems are created by non-IT users who have limited knowledge on best control practices. Being constantly under time pressure, these ?developers? may also relegate documentation, security, and data verification to the back burner in favour of coming up with a timely report.

Easy to access. Information in a spreadsheet can be opened by practically anyone within the organization?s network. Who accessed what? And when? If anything goes wrong, it would be difficult to identify the culprit, and the failure to pinpoint responsibility for erroneous data could lead to bigger, more costly mistakes.

Easy to alter. Lastly, if the information is easy to access, then it can also be easily altered, consequently making reports more prone to both accidental errors and fraudulent modifications.

The rise of multimillion dollar scandals due to accidental and intentional spreadsheet errors have prompted regulatory bodies to publish guidelines for mitigating spreadsheet-associated risks. These controls include:

Change control
Version control
Access control
Input
Security and data integrity
Documentation
Development life cycle
Backup and archiving
Logic inspection/Testing
Segregation of duties/roles, and procedures
Analytics

In theory, these controls should be able to bring down risks considerably. However, because of the inherent nature of spreadsheets, such controls are rarely implemented effectively in the real world.

Take for example Security and Data Integrity. One of the most common causes of spreadsheet error is due to ?hardwiring?. This happens when values are inadvertently entered into a formula cell, naturally changing the logic of the spreadsheet.

As a way of control, cell locking can be applied on the formula cells to prevent users without the proper authority from making any changes. However, when reporting deadlines approach drawing spreadsheets to the forefront of data processing, more people are given access rights to the locked cells. Ironically, it is during these crunch times, when errors are most likely to happen.

Because the built-in features of a spreadsheet support none of the controls mentioned above, some companies are tempted to purchase control-enabling programs for spreadsheets just to continue using them for financial reporting. But although these programs can integrate the required controls, you?d still be interacting with the same complex and outdated interface: the spreadsheets.

Thus, these band-aid solutions may not suffice because the root cause of these problems are the spreadsheets themselves.

Learn more about our server application solutions and discover a better way to implement controls.

More Spreadsheet Blogs

Spreadsheet Risks in Banks

Top 10 Disadvantages of Spreadsheets

Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry

How Internal Auditors can win the War against Spreadsheet Fraud

Spreadsheet Reporting – No Room in your company in an age of Business Intelligence

Still looking for a Way to Consolidate Excel Spreadsheets?

Disadvantages of Spreadsheets

Spreadsheet woes – ill equipped for an Agile Business Environment

Spreadsheet Fraud

Spreadsheet Woes – Limited features for easy adoption of a control framework

Spreadsheet woes – Burden in SOX Compliance and other Regulations

Spreadsheet Risk Issues

Server Application Solutions – Don’t let Spreadsheets hold your Business back

Why Spreadsheets can send the pillars of Solvency II crashing down

amazon.co.uk

amazon.com

Check our similar posts

Malware

In the past, viruses were created with the sole purpose of wreaking havoc on the infected systems. A large fraction of today’s malware, on the other hand, are designed to generate revenues for the creator. Spyware, botnets, and keyloggers steal information from your system or control it so that someone else can profit. In other words, the motivation for making them is now more attractive than before.

Keyloggers can reveal your usernames, passwords, PIN numbers, and other authentication information to their creators by recording your key strokes. This information can then be used for breaking into various accounts: credit cards, payment programs (like PayPal), online banks, and others. You’re right, keyloggers are among the favourite tools of individuals involved in identity theft.

Much like the viruses of old, most present day malware drain the resources, such as memory and hard disk space, of contaminated systems; sometimes forcing them to crash. They can also degrade network performance and in extreme cases, may even cause a total collapse.

If that’s not daunting enough, imagine an outbreak in your entire organisation. The damage could easily cost your organisation thousands of euros to repair. That’s not even counting yet the value of missed opportunities.

Entry points for malware range from optical disks, flash drives, and of course, the Internet. That means, your doors could be wide open to these attacks at this very moment.

Now, we’re not here to promise total invulnerability, as only an unplugged computer locked up in a vault will ever be totally safe from malware. Instead, this is what we’ll do:

Perform an assessment of your computer usage practices and security policies. Software and hardware alone won’t do the trick.
Identify weak points as well as poor practices and propose changes wherever necessary. Weak points and poor practices range from the use of perennial passwords and keeping old, unused accounts to poorly configured firewalls.
Install malware scanners and firewalls and configure them for maximal protection with minimal effect on network and system performance.
Implement regular security patches.
Conduct a regular inspection on security policy compliance as well as a review of the policies to see if they are up to date with the latest threats.
Keep an audit trail for future use in forensic activities.
Establish a risk management system.
Apply data encryption where necessary.
Implement a backup system to make sure that, in a worst case scenario, archived data is safe.
Propose data replication so as to mitigate the after effects of data loss and to ensure your company can proceed with ‘business as usual’.

Once we’ve worked with you to make all these happen, you’ll be able to sleep better.

Other defences we’re capable of putting up include:

Strategy and Portfolio Management

A well planned strategy is the necessary bridge between brilliant leadership and excellent execution. Without it, your entire organisation cannot hope to respond quickly and effectively to challenges and changes within the landscape on which it operates.

Strategic planning involves identifying objectives, understanding what resources are needed to attain them, and then allocating the resources to the appropriate units to ensure they are used optimally towards the achievement of desired objectives. Among the end results which can be reflected by your team members are:

Deeper understanding of the competitive environment;
Snappy execution of plans;
Faster, more aligned actions; and
More intelligent and apt responses against strategic moves of the competition.

We understand the need to institute strategic management in such a way that your organisation can easily adapt to unforeseen developments. As such, all our solutions are formulated to make your organisation not only well-guided but also as dynamic as possible.

Strategy Formulation

Before you can proceed to map out any strategy for your company, you’ll have to study your company’s current environment. This will help you determine what courses of action should be taken to be able to navigate through such environment on your way to the end goal.

If you’re not a full time strategist, such a task can either be very daunting or deceivingly easy… the former can prevent your team from getting started, while the latter can lead your team astray.

Ideally, strategy formulation should be carried out as quickly and as efficiently as possible so you can move on to implementation before the competition can react. Our methods can enable your leaders to hit the ground running each time they set out on a strategic plan.

How?

We can assist in accurately applying strategic tools like SWOT and Gap analysis, then help integrate the results into an effective strategic plan.
We’ll train your team how to carry out effective research techniques so that the information they gather will really be what we need. This is because the tools mentioned earlier can only work effectively if the inputs were picked intelligently. Of course, if you want the entire process expedited, we can also conduct the research ourselves.
We’ll establish best practices for top-down, bottom-up, and collaborative strategic management processes. We’ll even show you how to organise and hold meetings where team members are constantly engaged and in-sync, so action plans can be developed and relayed fast.
We’ll see to it that strategies for all functional departments (such as IT management, supply-chain, HR, marketing, and legal) are in line with your business strategies, which should in, turn be aligned with your overall corporate strategy.

Strategy Evaluation

Your strategies have to be periodically assessed if you want to determine whether they are attuned to variations affecting your organisation. These changes may include new technologies, emerging competitors, new opportunities, as well as unexpected developments in the economic environment and political climate.

While no time limit is imposed for the build-up of resources vital to the attainment of a specific objective, the window of opportunity can shut on you before you can start amassing such resources. Given this possibility, it is important for your strategies to undergo evaluation processes that will determine whether you should pursue them or not.

Using only the most reliable evaluation techniques, we’ll help you establish whether:

Your strategies will place your company in a position that will give it competitive advantage or will erode whatever advantage the competition already has;
Your strategies are consistent with the landscape on which your company currently traverses;
They are realistic enough in relation to the resources you have on hand;
The associated risks have all been identified and the appropriate control measures have already been put in place;
The time frames for their full realisation are both realistic and acceptable.

Portfolio Management

In today’s highly competitive market, many of the more successful enterprises are driven by project-based systems.

Now, there’s always a tendency for project managers to become overenthusiastic and to come up with a number of projects that can’t be sustained by available resources. If your project-based company frequently runs out of resources, then either you just have too many projects running or too much is being allocated to a select few.

In both instances, the problem does not necessarily lie on the individual project managers themselves. Rather, what is needed is the ability to have full control over existing projects and investments.

Your leadership should be able to rank projects in terms of their impact to your organisation’s growth, positioning, and profitability. This will give you sufficient information when deciding which projects to pursue, prioritise, or shut down. These are the benefits you’ll gain from our services:

A vivid presentation of the big picture. Only when you can step back from all the detail and see the interplay of investments and resources will you be able to make wise decisions regarding how and where to position them.
The ability to distinguish between projects with the highest potentials and those that are outdated.
Access to expertise that will help you distribute your present IT infrastructure, human resources, financial resources, and facilities across running projects to obtain the biggest benefits for all stakeholders.

Contact Us

(+353)(0)1-443-3807 – IRL
(+44)(0)20-7193-9751 – UK

Large scale corporate transformation

Large scale corporate transformation are the necessary actions required to increase performance in an organisation. It leads to greater performance results and greater organisational growth. It is a lasting change and can range from getting new leaders to combining the functions of different departments. It can also involve the introduction of a new phase in the life of an organisation. Large scale corporate transformation can be measured using three variables. The first variable involves determining how deep the change penetrates to all levels of the organisation. The second variable measures how entrenched it becomes in the organisation while the third measure determines the percentage of the organisation covered in the change.

Corporate transformation is essential for a company that seeks to have a greater impact and a longer life in its business sector. The process requires time and resources. The whole establishment needs to support it for success. Not only does the top management need to back it, but stockholders and staff members also need to buy the idea. This is because when the process of corporate transformation hits a barrier, it will take the entire organisation to keep it on course and complete the process. Without the support of everyone, most organisations will not complete the process.

Business transformation in recent times has begun to combine finance, HR and IT departments into one functioning piece of an organisation. This has resulted in leaner, faster, and more efficient corporate entities that produce high results and has a greater impact in its overall functioning. These three key departments are the backbone of any organisation, and the combination of the three creates an efficient organisation that translates into high performance results.

One crucial aspect of large scale corporate transformation is IT transformation, which entails the entire overhaul of any organisation’s technology systems. It adopts a more efficient platform that enhances its overall operation. IT transformation involves the use of Service Oriented Architecture (SOA) and open systems. This process is the revamping of the existing technology used to support the organisation and is critical for aligning the business functions to the mission of the organization. It touches on the current hardware and software and how they can best be improved upon for greater results. This process is necessary in the entire business transformation.

The question that needs to be addressed is how any organisation can make this process successful. First, it requires the understanding that it is not just a goal to be achieved, but a new way of thinking embraced by the entire organisation. Secondly, the leadership in place needs to be fully involved and dedicated to the process and to realise that it takes time and effort to complete such a mission. There also needs to be flexibility and adaptability in order to learn from mistakes and keep moving forward. Constant communication is also critical to ensure that everyone involved understands the current stage and the next steps to be done. Change is the only constant and is necessary for progress and success.