How Internal Auditors can win The War against Spreadsheet Fraud

To prevent another round of million dollar scandals due to fraudulent manipulations on spreadsheets, regulatory bodies have launched major offensives against these well-loved User Developed Applications (UDAs). Naturally, internal auditors are front and center in carrying out these offensives.

While regulations like the Sarbanes-Oxley Act, Dodd-Frank Act, and Solvency II can only be effective if end users are able to carry out the activities and practices required of them, auditors need to ascertain that they have. Sad to say, when it comes to spreadsheets, that is easier said than done.

Because spreadsheets are loosely distributed by nature, internal auditors always find it hard to: locate them, identify ownership, and trace their relationships with other spreadsheets. Now, we’re still talking about naturally occurring spreadsheets. How much more with files that have been deliberately tampered?

Spreadsheets can be altered in a variety of ways, especially if the purpose is to conceal fraudulent activities. Fraudsters can, for instance:

  • hide columns or rows,
  • perform conditional formatting, which changes the appearance of cells depending on certain values
  • replace cell entries with false values either through direct input or by linking to other spreadsheet sources
  • apply small, incremental changes in multiple cells or even spreadsheets to avoid detection
  • design macros and user defined functions to carry out fraudulent manipulations automatically

Recognising the seemingly insurmountable task ahead, the Institute of Internal Auditors released a guide designed specifically for the task of auditing user-developed applications, which of course includes spreadsheets.

But is this really the weapon internal auditors should be wielding in their quest to bring down spreadsheet fraud? Our answer is no. In fact, we believe no such weapon has to be wielded at all?because the only way to get rid of spreadsheet fraud is to eliminate spreadsheets once and for all.

Imagine how easy it would be for internal auditors to conduct their audits if data were kept in a centralised server instead of being scattered throughout the organisation in end-user hard drives.

And that’s not all. Because a server-based solution can be configured to have its own built-in controls, all your data will be under lock and key; unlike spreadsheet-based systems wherein storing a spreadsheet file inside a password-protected workstation does not guarantee equal security for all the other spreadsheets scattered throughout your company.

Learn more about Denizon’s server application solutions and discover a more efficient way for your internal auditors to carry out their jobs.

More Spreadsheet Blogs

 

Spreadsheet Risks in Banks

 

Top 10 Disadvantages of Spreadsheets

 

Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry

 

How Internal Auditors can win the War against Spreadsheet Fraud

 

Spreadsheet Reporting – No Room in your company in an age of Business Intelligence

 

Still looking for a Way to Consolidate Excel Spreadsheets?

 

Disadvantages of Spreadsheets

 

Spreadsheet woes – ill equipped for an Agile Business Environment

 

Spreadsheet Fraud

 

Spreadsheet Woes – Limited features for easy adoption of a control framework

 

Spreadsheet woes – Burden in SOX Compliance and other Regulations

 

Spreadsheet Risk Issues

 

Server Application Solutions – Don’t let Spreadsheets hold your Business back

 

Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

 

Check our similar posts

Field Service Organisations should use Digital Forms

For many Organisations, making use of paper based forms, is a common practice and method for collecting data and recording transactions. Whether it be for producing Quotations, Invoices or even getting sign off on completed jobs.

Paper based forms and documents have been the main stay of office communication and productivity for over 200 years. Paper-based forms are used to create anything from Invoices, Receipts, Purchase Orders, Contracts to the humble internal memo!

Paper-based forms radically improved productivity, efficiency and compliance by enabling people to create paper based instructions and enabling others to add additional information as required.

Over the past 3 decades or so, modern business environments have gradually been evolving towards the concept of the Paperless Office, resulting in the humble Paper based document migrating to a Digital Counterpart. The ease of availability of various Word Processing and Spreadsheet software products and cheap and easy data storage capacity have resulted in the Proliferation of thousands if not millions of files and documents being stored somewhere on the Company’s IT infrastructure.

People often create Digital Templates of forms that may be printed off and supplied to staff to complete using Pen and Paper or electronically. The data collation and reporting is often process

Often when conducting Operational Reviews, it is commonly found that the processing and analysing paper based forms is the least productive, efficient and profitable areas of business, although it is often vitally important.

Benefits of using digital forms for data collection

The ability to collect and analyse data effectively is increasingly important to businesses. Companies gather, examine, process and build reports on large volumes of data. Traditionally, they have deployed mail surveys, telephone interviews, door-to-door interviews as methods to collect information. With the ongoing digitisation, these procedures have become old fashioned.The digital transformation is changing many business operations at a high speed and a great deal of processes that were executed manually are now accomplished using digital methods.

Technology has had a major impact on how to approach data research and has provided researchers new tools that have transformed and improved data collection and analysis. The pace of change requires companies to be able to react quickly and adapt themselves to changing demands from customers and market conditions.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
The Connection between Big Data and MDM

Master Data is information that is critical to your business. This could include contracts, proprietary information, intellectual capital and a whole lot more besides. Because this often reposes in a variety of different places, you need a master data management / MDM policy to control it. That way, you can link it all together in a single, secure, backed up file.

This Sounds Like Big Data

Not necessarily: big data refers to extremely large data sets that are best stored and analysed on a cloud using big technology, in order to uncover trends, patterns and associations often relating to human behaviour. Of course, if you run a niche restaurant your critical master data might be limited to a few recipes and the books you do not care to show your accountant.

The distinction is largely a question of size: think of your master data as the subset of big data that you already have your mind around. According to John Case of IBM this is probably already in a structured format and available to share. He goes on to present a cogent case for using this as a peg point around which to systematise the rest. This is because the average organisation already has master data recording customers? and prospects? behaviour.

Do I Still Need My Master Data?

Yes you do, because real people created it with the benefit of human insight. Retain it as a separate set. Then compare it with the results of big data processing for even richer insights. Two heads are better that one and that goes for data processing too.

Trends in CRM Big Data

Adding data via location-aware devices like smartphones and tablets is adding a new dimension to customer information. We now know where they were when they made the enquiry or punched in the information. Use this geo-location data to hone the way you interact with customers and service their accounts. Do not phone a customer who makes decisions at work when they are at home.

Does My Master Data Belong on a Cloud?

There are a number of ?ifs? to consider. How comfortable are you with your service provider. What would happen if someone hacked their server? There are many advantages to cloud technology. Denizon knows of solutions you can rely on, and makes sure its clients have contingency plans to protect them at all times.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Data Leakage Prevention – Protecting Sensitive Information

When DuPont lost $400 million in intellectual property, it wasn’t because a hacker from the other side of the world infiltrated their system. The information was simply stolen by a former employee. Alarmingly, data loss incidents are not always caused by deliberate actions.

A file containing personal information accidentally attached to an email and sent to multiple recipients; financial data stored in a USB pen drive, accidentally left in a restaurant; or bank account data of colleagues, inadvertently posted on a company website – these are also some of the everyday causes of data loss.

A report done by research company Infowatch regarding global data leaks in 2010 showed that there were actually more accidental data leaks in that year compared to intentional ones. Accidental leaks comprised 53%, while intentional leaks comprised 42% (the rest were unidentified).

But even if they ?only? happened accidentally, breach incidents like these can still be very costly. The tens of thousands of dollars that you could sometimes end up paying in civil penalties (as in the case when you lose other people?s personal information) can just be the beginning. More costly than this is the loss of customer and investor confidence. Once you lose those, you could consequently lose a considerable portion of your business.

Confidential information that may already be leaking out right under your nose

With all the data you collect, process, exchange, and store electronically every day, your IT system has surely now become a storehouse of sensitive information. Some of them, you may be even taking for granted.

But imagine what would happen if any of the following trade secrets fell into the wrong hands: marketing plans, confidential customer information, pricing data, product development strategies, business plans, supplier information, source codes, and employee salaries.

These are not the only kind of data that you should be worried about. You could also get into trouble if your sloppy IT security fails to protect employee or client personal information such as their names; social security numbers; drivers license numbers; or bank account numbers and credit/debit card numbers along with their corresponding PINs.

In some countries, you could face onerous data breach notification requirements and heavy fines when these kind of data are involved.

There are now more holes to plug

It’s not just the different varieties of sensitive electronic information that you have to worry about. Because these data can take on different forms, i.e. data-at-rest, data-in-motion, and data-at-the-endpoints, you also need to take aim at different areas in your IT system.

Sensitive information can be found ?at rest? in each of your employees? hard disks, in your servers, storage disks, and in off-site backup disks. They can also be found ?in motion? in email, instant messaging, social networking messaging, P2P file sharing, ftp, http, and so on.

That’s not all. Your highly mobile workforce may have already introduced yet another high-risk area into your system: data-at-the-endpoints. This includes USB flash-disks, laptops, portable hard disks, CDs, and even smartphones.

The main challenge of data leak prevention

Having been made aware of the various aspects of data leakage, have you already come to grips with the extent of the task at hand?

There are two major things you need to do here to prevent data leakage.

One, you need to identify what data you have that can be considered as sensitive/confidential information. Of course you have financial information and employee salaries in your files. But do you also store personally identifiable information? Do you have trade secrets that are stored in electronic form?

Two, you need to pinpoint their locations. Are they only on your hard disks and laptops? Or have they made their way to flash drives, CDs/DVDs, or portable HDDs? Are they being transmitted through email or any other file transfer media?

The reason why you need to know what your sensitive data are as well as where they are is because you would like all efforts of securing them to be as efficient and unobtrusive as possible.

Let’s say, as a way of protecting your data, you decide to implement encryption. Since encryption can consume a lot of storage space and significantly reduce performance, it may be impractical to encrypt your entire database or all your files. For the same reason, you wouldn’t want to encrypt every single email that you send.

Thus, the best way would be to encrypt only the data that really need encryption. But again, you need to know what data needs to be encrypted and where those data can be found. That alone is no simple task.

Not only will you need to deal with the data you already have, you will also have to worry about the data that will go through your systems during the course of your day-to-day transactions.

Identifying sensitive data as it enters or leaves your system, goes through your network, or gets stored in your file system or database, and then applying the necessary security actions should be done automatically and intelligently. Otherwise, you could end up spending on a lot of man-hours or, worse, wasting them on a lot of false positives and negatives.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today