Spreadsheet Woes – Burden in SOX Compliance and Other Regulations

End User Computing (EUC) or end User Developed Application (UDA) systems like spreadsheets used to be ideal ad-hoc solutions for data processing and financial reporting. But those days are long gone.

Today, due to regulations like the:

  • Sarbanes-Oxley (SOX) Act,
  • Dodd-Frank Act,
  • IFRS (International Financial Reporting Standards),
  • E.U. Data Protection Directive,
  • Basel II,
  • NAIC Model Audit Rules,
  • FAS 157,
  • yes, there?s more ? and counting

a company can be bogged down when it tries to comply with such regulations while maintaining spreadsheet-reliant financial and information systems.

In an age where regulatory compliance have become part of the norm, companies need to enforce more stringent control measures like version control, access control, testing, reconciliation, and many others, in order to pass audits and to ensure that their spreadsheets are giving them only accurate and reliable information.

Now, the problem is, these control measures aren’t exactly tailor-made for a spreadsheet environment. While yes, it is possible to set up a spreadsheet and EUC control environment that utilises best practices, this is a potentially expensive, laborious, and time-consuming exercise, and even then, the system will still not be as foolproof or efficient as the regulations call for.

Testing and reconciliation alone can cost a significant amount of time and money to be effective:

  1. It requires multiple testers who need to test spreadsheets down to the cell level.
  2. Testers will have to deal with terribly disorganized and complicated spreadsheet systems that typically involve single cells being fed information by other cells in other sheets, which in turn may be found in other workbooks, or in another folder.
  3. Each month, an organisation may have new spreadsheets with new links, new macros, new formulas, new locations, and hence new objects to test.
  4. Spreadsheets rarely come with any kind of supporting documentation and version control, further hampering the verification process.
  5. Because Windows won’t allow you to open two Excel files with the same name simultaneously and because a succession of monthly-revised spreadsheets separated by mere folders but still bearing the same name is common in spreadsheet systems, it would be difficult to compare one spreadsheet with any of its older versions.

But testing and reconciliation are just two of the many activities that make regulatory compliance terribly tedious for a spreadsheet-reliant organisation. Therefore, the sheer intricacy of spreadsheet systems make examining and maintaining them next to impossible.

On the other hand, you can’t afford not to take these regulations seriously. Non-compliance with regulatory mandates can have dire consequences, not the least of which is the loss of investor confidence. And when investors start to doubt the management’s capability, customers will start to walk away too. Now that is a loss your competitors will only be too happy to gain.

Learn more about our server application solutions and discover a better way to comply with regulations.

More Spreadsheet Blogs


Spreadsheet Risks in Banks


Top 10 Disadvantages of Spreadsheets


Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry


How Internal Auditors can win the War against Spreadsheet Fraud


Spreadsheet Reporting – No Room in your company in an age of Business Intelligence


Still looking for a Way to Consolidate Excel Spreadsheets?


Disadvantages of Spreadsheets


Spreadsheet woes – ill equipped for an Agile Business Environment


Spreadsheet Fraud


Spreadsheet Woes – Limited features for easy adoption of a control framework


Spreadsheet woes – Burden in SOX Compliance and other Regulations


Spreadsheet Risk Issues


Server Application Solutions – Don’t let Spreadsheets hold your Business back


Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Monitoring Water Banks with Telemetrics

Longstanding droughts across South Australia are forcing farmers to rethink the moisture in the soil they once regarded as their inalienable right. Trend monitoring is an essential input to applying pesticides and fertilisers in balanced ratios. Soil moisture sensors are transmitting data to central points for onward processing on a cloud, and this is making a positive difference to agricultural output.

Peter Buss, co-founder of Sentek Technology calls ground moisture a water bank and manufactures ground sensors to interrogate it. His hometown of Adelaide is in one of the driest states in Australia. This makes monitoring soil water even more critical, if agriculture is to continue. Sentek has been helping farmers deliver optimum amounts of water since 1992.

The analogy of a water bank is interesting. Agriculturists must ?bank? water for less-than-rainy days instead of squeezing the last drop. They need a stream of online data and a safe place somewhere in the cloud to curate it. Sentek is in the lead in places as remote as Peru?s Atacamba desert and the mountains of Mongolia, where it supports sustainable floriculture, forestry, horticulture, pastures, row crops and viticulture through precise delivery of scarce water.

This relies on precision measurement using a variety of drill and drop probes with sensors fixed at 4? / 10cm increments along multiples of 12? / 30cm up to 4 times. These probe soil moisture, soil temperature and soil salinity, and are readily re-positioned to other locations as crops rotate.

Peter Buss is convinced that measurement is a means to the end and only the beginning. ?Too often, growers start watering when plants don’t really need it, wasting water, energy, and labour. By monitoring that need accurately, that water can be saved until later when the plant really needs it.? He goes on to add that the crop is the ultimate sensor, and that ?we should ask the plant what it needs?.

This takes the debate a stage further. Water wise farmers should plant water-wise crops, not try to close the stable door after the horse has bolted and dry years return. The South Australia government thinks the answer also lies in correct farm dam management. It wants farmers to build ones that allow sufficient water to bypass in order to sustain the natural environment too.

There is more to water management than squeezing the last drop. Soil moisture goes beyond measuring for profit. It is about farming sustainably using data from sensors to guide us. ecoVaro is ahead of the curve as we explore imaginative ways to exploit the data these provide for the common good of all.

Operational Reviews

IT OPERATIONAL REVIEWS DEFINED
An IT operational review is an in-depth and objective review of an entire organisation or a specific segment of that organisation. It can be used to identify and address existing concerns within your company such as communication issues between departments, problems with customer relations, operating procedures, lack of profitability issues, and other factors that affect the stability of the business.
Operational reviews allow the organisation members to evaluate how well they are performing, given that they perform appropriately according to the procedures set by them, allocating their resources properly, and performing such tasks within time frame set and using cost-effective measures. More importantly, it also shows your company how well it is prepared to meet future challenges.
Simply put, the goals of an operational review are to increase revenue, improve market share, and reduce cost.

THE BENEFITS OF AN IT OPERATIONAL REVIEW
The main objective of IT operational reviews is to help organisations like yours learn how to deal with and address issues, instead of simply reacting to the challenges brought about by growth and change.
In such review, the information provided is practical from both a financial and operational perspective. Using these data, the management can then come up with recommendations, which are not only realistic, but more importantly, can help the organisation achieve its goals. The review recognises the extent to which your internal controls actually work, and enables you to identify and understand your strengths, weaknesses, opportunities and threats

To be more specific, let’s list down the ways wherein an effective operational review can contribute to the success of the organisation.

The review process can:
– assess compliance within your own organisational objectives, policies and procedures;
– evaluate specific company operations independently and objectively;
– give an impartial assessment regarding the effectiveness of an organisation’s control systems;
– identify the appropriate standards for quantifying achievement of organisational objectives;
– evaluate the reliability and value of the company?s management data and reports;
– pinpoint problem areas and their underlying causes;
– give rise to opportunities that may increase profit, augment revenue, and reduce costs without sacrificing the quality of the product or service.
Thus, each operational review conducted is unique, and can be holistic or specific to the activities of one department.

Our Operational Efficiencies cover the entire spectrum:

  • What to buy
  • Optimising what you’ve already bought e.g. underutilised servers, duplicate processes, poorly managed bandwidths
  • Making your team comfortable with the changes
  • Instilling Best Practices

UNCOVER WAYS TO DRIVE YOUR PROFITS UP, THROUGH OPERATIONAL REVIEWS

More Operational Review Blogs


Carrying out an Operational Review


Operational Reviews


Operational Efficiency Initiatives


Operational Review Defined

2015 ESOS Guidelines Chapter 7, 8 & 9 – Sign-Off, Compliance & Appeals

This is the final chapter in our series of short posts summarising the quite complex ESOS guidelines (click on ?Comply with ESOS? to see the details). This one addresses the legalities to follow to complete your report – and how to appeal if you are not happy with any of the Environment Agency?s decisions.

  1. Director Sign-Off

This is by no means an easy ride. Confirmation of the work at individual or lead assessor level locks the company into the penalty cycle in the event there are significant irregularities. By signing off the assessment, the board level director(s) # agree that they have

  • Reviewed the enterprise?s ESOS recommendations
  • Believe the enterprise is within the scope of the scheme
  • Believe the enterprise is compliant with the scheme
  • Believe the information provided is correct

Having an internal assessor requires a second board-level signature.

  1. Compliance

You report compliance on the internet. This is free and you can do it at any time within the deadline. You can dip in and out of the process as many times as you wish, but must use the link in the receipting email. While this is something a board member must do, there is no reason why the lead assessor should not complete the basics. The online compliance notification addresses the following topics:

  • The ESOS contact person in the enterprise
  • Any aggregation / dis-aggregation during the period
  • The names and contact details of the lead assessor
  • The proportion of energy consumption per compliance route

The Environment Agency will acknowledge receipt. This does not constitute acceptance. You should keep the ESOS evidence pack in a safe place with at least one backup elsewhere.

  1. Compliance & Enforcement Issues

In the event the Environment Agency decides your enterprise has not met ESOS requirements, it may either (a) issue a compliance notice with instructions, or (b) apply one of the following civil penalties:

  • A fine of up to ?5,000 for failure to maintain records
  • A fine of up to ?50,000 for failure to undertake an energy audit
  • A fine of up to ?50,000 for a false or misleading statement

Any enterprise has the right of appeal against government decisions. In the case of ESOS, this is via:

  • The First-Tier Tribunal if your enterprise is England, Wales or off-shore based
  • The Scottish Minister if your enterprise is based in Scotland
  • The Planning Commission if your enterprise is Northern Ireland-based

The notice you appeal against will supply details of the appeal steps to take.

This blog and its companion chapters concerning the ESOS Guidelines as amended 2015 are with compliments of ecoVaro. We are the people who break ESOS data into manageable chunks of information, so that board-level directors have greater confidence in what they sign.

Ready to work with Denizon?

Contact Us Today