Spreadsheet Risk Issues

It is interesting to note that the riskiness of operational spreadsheets are overlooked even by companies with high standards of risk management. Only when errors amount to actual losses do they realize that these risks have been staring them in the face all along.

Common spreadsheet risk issues

Susceptibility to trivial manual errors

Due to the fundamental structure of spreadsheets, a slight change in the formula or value in any of their inhabited cells may already affect their overall output. An

  • accidental copy-paste,
  • omission of a negative sign,
  • erroneous range selection,
  • incorrect data input or
  • unintentional deletion of a character,cell, range, column, or row

are just some of the simple errors spreadsheet users frequently encounter. Rarely are there any counter-checking controls in place in a spreadsheet-based activity and manual errors therefore easily go undetected.

Possibility of the user working on the wrong version

How do you store spreadsheet files?

Since the most common reports are usually generated on a monthly basis, users tend to store them using variations of these two configurations:

spreadsheet storage

If you notice, a user can accidentally work on the wrong version with any of these structures.

Prone to inconsistent company-wide reporting

This happens when a summary or ?final? spreadsheet is fed information by different departments coming from their own spreadsheets. Even if most of the data in their spreadsheets come from one source (the company-wide database), erroneous copy-pasting and linking, or even different interpretations of the same data can result to contradicting information in the end.

Often defenceless against unauthorised access

Some spreadsheets contain information needed by various individuals or department units in an organisation. Hence, they are often shared via email or through shared folders in a network. Now, because spreadsheets don’t normally use any access control, any user can easily open a spreadsheet file and view or modify the contents as he wishes.

Highly vulnerable to fraud

A complex spreadsheet system with zero or very minimal controls provides the perfect setting for would-be fraudsters. Hidden cells with malicious formulas and links to bogus information can go unnoticed for a long time especially if the final figures don’t deviate much from expected values.

Spreadsheet risk mitigation solutions may not suffice

Inherent complexity makes testing and logic inspection very time consuming

Deep testing can uncover possible errors hidden in spreadsheet cells and consequently mitigate risks. But spreadsheets used to support financial reporting are normally large, complex, highly-personalised and, without ample supporting documentation, understandably hard to follow.

No clear ownership of risk management responsibilities

There?s always a dilemma when an organisation starts assigning risk management responsibilities for spreadsheets. IT personnel believe users in the business side of the organisation should be responsible since they are the ones who create, edit, store, duplicate, and share the spreadsheet files. On the other hand, users believe IT should be responsible since they have always been in-charge of managing IT infrastructure, applications, and files.

To get rid of spreadsheet risks, you’ll have to get rid of spreadsheets altogether

One remedy is to have a risk management activity that involves both IT personnel and spreadsheet users. But wouldn’t you want to get rid of the complexity of having to distribute the responsibilities between the two parties instead of just one?

Learn more about Denizon’s server application solutions and how you can get rid of spreadsheet risk issues.

More Spreadsheet Blogs


Spreadsheet Risks in Banks


Top 10 Disadvantages of Spreadsheets


Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry


How Internal Auditors can win the War against Spreadsheet Fraud


Spreadsheet Reporting – No Room in your company in an age of Business Intelligence


Still looking for a Way to Consolidate Excel Spreadsheets?


Disadvantages of Spreadsheets


Spreadsheet woes – ill equipped for an Agile Business Environment


Spreadsheet Fraud


Spreadsheet Woes – Limited features for easy adoption of a control framework


Spreadsheet woes – Burden in SOX Compliance and other Regulations


Spreadsheet Risk Issues


Server Application Solutions – Don’t let Spreadsheets hold your Business back


Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Making Click-and-Collect click

In my previous post, I introduced you to integrated e-commerce and explained why it is the right way to extend your business online. If you already have a brick-and-mortar retailing business and you’re looking to improve your online presence, you could start offering a click-and-collect service.

With click-and-collect, customers order online and then collect their merchandise from one of the retailer?s local branches. Why would they want to do that?

Apparently, there are buyers who now prefer a click-and-collect service over the delivery service of a purely online retailer. With the latter, they sometimes have to wait forever for the delivery van to arrive or contend with a missed-delivery card.

Basically, customers who want both the convenience of placing orders online and better control of their time find click-and-collect a better option.

Last December 2011, IMRG (Interactive Media in Retail Group) reported a ?significant rise in the percentage of click-and-collect e-retail sales in the 3rd quarter of 2011?. This accounted for 10.4% of all e-retail sales in that quarter. More specifically, the gain was 7.4%, which was also the strongest quarterly gain since IMRG started collecting this data.

Clearly, this particular service is gaining popularity. But how do you meet the rising demand in this area?

A click-and-collect service requires a highly synchronised ecosystem. You don’t want to have a customer order items from your online store, drive a couple of minutes from his house to your nearest outlet, only to find out that one of the items is no longer available.

This can only work if all systems involved are interconnected. Changes in the inventory in your individual outlets should reflect on your database in real time. In turn, these changes have to be reflected instantly on your online store. Conversely, once a buyer has picked items online and is already directed to a local outlet, those items have to be reserved there.

But that’s not all. Your system has to be seamless enough to support fast and reliable service. You don’t want your buyer to have to wait a long time before the items are ready for pick-up. It also has to be capable of tracking the status of ordered products, handling uncollected orders, and monitoring inventory.

By implementing an integrated e-commerce system, these won’t be the only things you?d be able to do. You can even add more value to your service. For example, you can connect to your CRM and learn more about your customers? purchase history, buying habits, and preferences.

That way, it would be easier for you to provide a faster and more convenient buying experience for them in the future.

Click-and-collect is a very promising way to increase your sales and improve customer loyalty.

2015 ESOS Guidelines Chapter 3 ? The ESOS Assessment

ESOS operates in tandem with the ISO 50001 (Energy Management) system that encourages continual improvement in the efficient use of energy. Any UK enterprise qualifying for ESOS that has current ISO 50001 certification on the compliance date by an approved body (and that covers the entire UK corporate group) may present this as evidence of having completed its ESOS assessment. It does however still require board-level certification, following which it must notify the Environment Agency accordingly.

The Alternate ESOS Route

In the absence of an ISO 50001 energy management certificate addressing comprehensive energy use, a qualifying UK enterprise must:

  1. Measure Total Energy Consumption in either kWh or energy spend in pounds sterling, and across the entire operation including buildings, industrial processes and transport.
  2. Identify Areas of Significant Energy Consumption that account for at least 90% of the total. The balance falls into a de minimis group that is officially too trivial to merit consideration.
  3. Consider Available Routes to Compliance. These could include ISO 500001 part-certification, display energy certificates, green deal assessments, ESOS compliant energy audits, self-audits and independent assessments
  4. Do an Internal Review to make sure that you have covered every area of significant consumption. This is an important strategic step to avoid the possibility of failing to comply completely.
  5. Appoint an Approved Lead Assessor who may be internal or external to your enterprise, but must have ESOS approval. This person confirms you have met all ESOS requirements (unless you have no de minimis exceptions).
  6. Obtain Internal Certification by one of more board-level directors. They must certify they are satisfied with the veracity of the reports. They must also confirm that the enterprise is compliant with the scheme.
  7. Notify the Environment Agency of Compliance within the deadline using the online notification system at snapsurveys.com as soon as the enterprise believes is fully compliant.
  8. Assemble your ESOS Evidential Pack and back it up in a safe place. Remember, it is your responsibility to provide proof of the above. Unearthing evidence a year later it not something to look forward to.

The ESOS assessment process is largely self-regulatory, although there are checks and balances in place including lead assessor and board-level certifications. As you work through what may seem to be a nuisance remember the primary objectives. These are saving money and reducing carbon emissions. Contact Ecovaro if we can assist in any way.

Symbion Pharmacy Services? Definition of Responsibility

A ?symbion? is an organism in a symbiotic (i.e. mutually beneficial) relationship with another one. In the case of Australia?s giant Symbion Pharmacy Services, this means supplying and delivering over-counter Chemmart medicines to more than 3,000 hospital and retail pharmacies, while remaining mindful of its carbon footprint.

In 1999, the company with the tagline ?life matters? and a desire to be seen as ?a good corporate citizen? decided it was time to measure exactly what it was pumping out from 12 facilities and over 200 vehicles. This was a voluntary decision as even now there is still no carbon emissions law in Australia (although no doubt being a ?first mover? will put the company in a competitive position when this inevitably comes).

Symbion decided to install emission detection devices and connect these to a central monitoring system with the intention of managing what these measured. There were two stages to this process. First, Symbion determined its reporting requirements based on one of its larger warehouses. Following that, it established a carbon footprint for each of its wholly owned and managed facilities. This put it in a position to:

  • Analyse total emissions down to a level of detail where it understood the contribution of each source
  • Use big data management tools to identify carbon hotspots for priority remedial action
  • Inform the affected workforce, explain the monitoring system and keep them in the loop
  • Separately manage energy abatement programs such as lighting and delivery routes

The program also had productivity spin-offs in that it focused management attention on the processes behind the emissions that were ripe for material and system improvements. It also provided marketing leverage. Symbion?s customers are in the wellness business, ahead of the curve when it comes to how emissions contribute to chronic illness, and aware of the cost of this in terms of human capital.

EcoVaro could help you manage your throughputs by analysing your data on our cloud-based system. This includes trending your metrics, comparing them to your industry seasonal average, and providing you with a business-like view of how well you are doing.

Our service reduces your reliance on (and the cost of) third party audits, and simplifies the reporting process to your controlling authority. It simply makes more sense to contract your software out this way, and only pay for it when you need it.

Ready to work with Denizon?

Contact Us Today