Spreadsheet Woes – Burden in SOX Compliance and Other Regulations
End User Computing (EUC) or end User Developed Application (UDA) systems like spreadsheets used to be ideal ad-hoc solutions for data processing and financial reporting. But those days are long gone.
Today, due to regulations like the:
Sarbanes-Oxley (SOX) Act,
Dodd-Frank Act,
IFRS (International Financial Reporting Standards),
E.U. Data Protection Directive,
Basel II,
NAIC Model Audit Rules,
FAS 157,
yes, there?s more ? and counting
a company can be bogged down when it tries to comply with such regulations while maintaining spreadsheet-reliant financial and information systems.
In an age where regulatory compliance have become part of the norm, companies need to enforce more stringent control measures like version control, access control, testing, reconciliation, and many others, in order to pass audits and to ensure that their spreadsheets are giving them only accurate and reliable information.
Now, the problem is, these control measures aren’t exactly tailor-made for a spreadsheet environment. While yes, it is possible to set up a spreadsheet and EUC control environment that utilises best practices, this is a potentially expensive, laborious, and time-consuming exercise, and even then, the system will still not be as foolproof or efficient as the regulations call for.
Testing and reconciliation alone can cost a significant amount of time and money to be effective:
It requires multiple testers who need to test spreadsheets down to the cell level.
Testers will have to deal with terribly disorganized and complicated spreadsheet systems that typically involve single cells being fed information by other cells in other sheets, which in turn may be found in other workbooks, or in another folder.
Each month, an organisation may have new spreadsheets with new links, new macros, new formulas, new locations, and hence new objects to test.
Spreadsheets rarely come with any kind of supporting documentation and version control, further hampering the verification process.
Because Windows won’t allow you to open two Excel files with the same name simultaneously and because a succession of monthly-revised spreadsheets separated by mere folders but still bearing the same name is common in spreadsheet systems, it would be difficult to compare one spreadsheet with any of its older versions.
But testing and reconciliation are just two of the many activities that make regulatory compliance terribly tedious for a spreadsheet-reliant organisation. Therefore, the sheer intricacy of spreadsheet systems make examining and maintaining them next to impossible.
On the other hand, you can’t afford not to take these regulations seriously. Non-compliance with regulatory mandates can have dire consequences, not the least of which is the loss of investor confidence. And when investors start to doubt the management’s capability, customers will start to walk away too. Now that is a loss your competitors will only be too happy to gain.
Learn more about our server application solutions and discover a better way to comply with regulations.
Hadoop is a data system so big it is like a virtual jumbo where your PC is a flea. One of the developers named it after his kid?s toy elephant so there is no complicated acronym to stumble over. The system is actually conceptually simple. It has loads of storage capacity and an unusual way of processing data. It does not wait for big files to report in to its software. Instead, it takes the processing system to the data.
The next question is what to do with Hadoop. Perhaps the question would be better expressed as, what can we do with a wonderful opportunity that we could not do before. Certainly, Hadoop is not for storing videos when your laptop starts complaining. The interfaces are clumsy and Hadoop belongs in the realm of large organisations that have the money. Here are two examples to illustrate the point.
Hadoop in Healthcare
In the U.S., healthcare generates more than 150 gigabytes of data annually. Within this data there are important clues that online training provider DeZyre believes could lead to these solutions:
Personalised cancer treatments that relate to how individual genomes cause the disease to mutate uniquely
Intelligent online analysis of life signs (blood pressure, heart beat, breathing) in remote children?s hospitals treating multiple victims of catastrophes
Mining of patient information from health records, financial status and payroll data to understand how these variables impact on patient health
Understanding trends in healthcare claims to empower hospitals and health insurers to increase their competitive advantages.
New ways to prevent health insurance fraud by correlating it with claims histories, attorney costs and call centre notes.
Hadoop in Retail
The retail industry also generates a vast amount of data, due to consumer volumes and multiple touch points in the delivery funnel. Skillspeed business trainers report the following emerging trends:
Tracing individual consumers along the marketing trail to determine individual patterns for different demographics and understand consumers better.
Obtaining access to aggregated consumer feedback regarding advertising campaigns, product launches, competitor tactics and so on.
Staying with individual consumers as they move through retail outlets and personalising their experience by delivering contextual messages.
Understanding the routes that virtual shoppers follow, and adding handy popups with useful hints and tips to encourage them on.
Detecting trends in consumer preferences in order to forecast next season sales and stock up or down accordingly.
Where to From Here?
Big data mining is akin to deep space research in that we are exploring fresh frontiers and discovering new worlds of information. The future is as broad as our imagination.?
A mobile workforce management software is key to managing an efficient field workforce.? Managing a staff of people can be tricky in any industry. Try keeping track of employees on shifting jobsites, many whom are paid hourly or temporary workers. The added pressure of ensuring the right workers get to the right sites at the right times, but they also need to track hours, parts used, vehicles and equipment assets.
In a previous post, we defined what is an operational review and why they play a key process in the continual evolution of successful businesses.?
Operational reviews allow the organization members to evaluate their performance, according to the procedures, resources properly, timescales and budgets.
In this post, we’ll take a closer look at how to implement an operational review and the steps typically undertaken to help you and your organisation to implement an operational review.
What the steps in a Operational Review Process
There are typically six steps in an operational review that range from preparatory work conducting interviews and collecting documents to the presentation of the final written report.
An audit should be customized to meet a organisatons specific needs, so standard steps can and should only serve as a guideline.? Management and internal and external auditors should adjust the process to address the company’s particular goals and objectives.
Initial Management Meeting
Understanding the problem is the first crucial step of an operational review. This is one of major areas of discussions when the audit team meets with the management, and department heads will be asked to identify any specific areas of concern. Once the problem is identified, it would be easier to come up with workable solutions.
Conduct Interviews
The next step in the evaluation is carried out with experienced teams doing interviews and keeping close observation. Each team essentially watches how employees carry out their responsibilities. This is considered a key part of the process.
When doing the interview, it is also vital that the observing team gains the employees? trust and confidence. Likewise, the staff must be assured that whatever transpires between the team and the employee will be kept confidential. Management must therefore guarantee anonymity to anyone who offers critical information, lest employees withhold vital information and render the data gathered inaccurate.
Systems Review
Employees and management practices will be reviewed by the assessing team according to the standard policies and guidelines of the company. The effectiveness of the controls in place as well as their appropriateness to the current operating conditions will also be evaluated.
Reporting
A documentation of the data gathered and the assessment of the evaluating team, will be submitted to the management after the review process. Flow charts and written narratives of departmental activities are usually part of this report. This is also where observations and recommendations of the team will be presented to the department heads concerned.
Review Results
While the operational review is being conducted, it is important to take into account the vital factors that affect the company: the people, processes, procedures, and strategies. These four factors can determine the company?s progress in the future.
Key Areas of focus in operation reviews
At a minimum an operational review should include the following key ares of assessment
Management Control
Responsibilities, authority, and the scope in which an employee has the freedom to act must be clearly defined and documented. A complete and specific job description for instance, would give the employee a clear perspective on how he acts and functions within the company.
Boundaries should be set not only to benefit the employer but more so the employee as well.
Moral and Ethical Guidelines
Moral and ethical guidelines are just as important to ensure for a smoother employer?employee relationship. Otherwise, personal issues such as work ethics, work attitude and personal values may post problems in the long run if such guidelines are not drawn properly before relationships are established.
Processes and procedures
Evaluating processes is only beneficial if the company itself updates its processes and procedural manuals regularly, or at least when needed. Such protocols may need revision and some steps may be obsolete already. Improving a company?s processes and procedures doesn’t always entail cost. In fact, improvised procedures may even be cost-effective and could make the processes more manageable.
Communication and reporting standards
Gaps in communication could result in serious lapses in internal controls, putting the company and/or its assets at risk. This is where the importance of timely and clear communication comes in. Likewise, reports must be useful, and the flow of information and how it is processed must keep pace with the company?s growth.
Information technology (IT) and security controls can also be included under the communication clause. Proper IT security policies must be in place, state-of-the-art protection techniques employed, and everything be documented, periodically updated, and continually monitored.
Strategic planning and tactics
No company can ever be complete without its strategies. It would unwise for any organization to proceed without first knowing where it stands and what direction it wants to take. Strategic planning draws such a map. It must be aligned to the mission and vision of the company, and should also coincide with the organizational goals set. Strategic planning deals with these three key questions:
What do we do now
Whom do we do it for?
How can we overcome competition
Without clear strategic direction, expectations would likely differ between ownership and management.
Contingency planning, testing and recovery
Contingency plans must be up-to-date, and are essential to the organization. If one course of action fails, the company should have plan B, C and so on. In addition, an organization should be prepared to respond to interference’s.
This includes establishing a formal process to review transactions processing during both disruption and recovery.
Presentation of Report
Based on your objectives and our findings, we will develop detailed recommendations to improve your company?s performance and productivity. Our written report will include a list of both short-term and long-term projected improvements and courses of action, to be mutually agreed upon by both parties.
To ensure the achievement of the improvements we outlined, our team will also assist in the implementation of these modifications.
The plan has three levels of recommendations: one for executives, another for management, and a third one for staff.
The executive summary concentrates on your company?s strengths, weaknesses, opportunities and threats to its entirety. It includes recommendations for any needed changes in policy or governance.
The management plan is based on employee feedback and includes areas of immediate improvement as well as identification of potential problem areas. Concerns from the bottom level management can now be forwarded to the top level management in formal writing. Better working relationships may evolve from this, thereby setting the work environment for a higher productivity ratio.
Lastly, the staff report deals with topics like charting the hierarchy of the organization, and discussing in detail specific control objectives that are critical to the company?s mission. Part of our goal is to encourage personnel to pay close attentions to such changes, if any, as these efforts are essential if they want to bring about both organizational and personal success.
If you would like to further discuss how our operational review services can benefit your company, please feel free to contact us at your convenience to schedule an initial consultation. We?ll be more than happy to assist you.
Alcoa is one of the world?s largest aluminium smelting and casting multinationals, and involves itself in everything from tin cans, to jet engines to single-forged hulls for combat vehicles. Energy costs represent 26% of the company?s total refining costs, while electricity contributes 27% of primary production outlays. Its Barberton Ohio plant shaved 30% off both energy use and energy cost, after a capital outlay of just $21 million, which for it, is a drop in the bucket.
Aluminium smelting is so expensive that some critics describe the product as ?solid electricity?. In simple terms, the method used is electrolysis whereby current passes through the raw material in order to decompose it into its component chemicals. The cryolite electrolyte heats up to 1,000 degrees C (1,832 degrees F) and converts the aluminium ions into molten metal. This sinks to the bottom of the vat and is collected through a drain. Then they cast it into crude billets plugs, which when cooled can be re-smelted and turned into useful products.
The Alcoa Barberton factory manufactures cast aluminium wheels across approximately 50,000 square feet (4,645 square meters) of plant. It had been sending its scrap to a sister company 800 miles away; who processed it into aluminium billets – before sending them back for Barberton to turn into even more wheels. By building its own recycling plant 60 miles away that was 30% more efficient, the plant halved its energy costs: 50% of this was through process engineering, while the balance came from transportation.
The transport saving followed naturally. The recycling savings came from a state-of-the-art plant that slashed energy costs and reduced greenhouse gas emissions. Interestingly enough, processing recycled aluminium uses just 5% of energy needed to process virgin bauxite ore. Finally, aluminium wheels are 45% lighter than steel, resulting in an energy saving for Alcoa Barberton?s customers too.
The changes helped raise employee awareness of the need to innovate in smaller things too, like scheduling production to increase energy efficiency and making sure to gather every ounce of scrap. The strategic change created 30 new positions and helped secure 350 existing jobs.
The direction that Barberton took in terms of scrap metal recycling was as simple as it was effective. The decision process was equally straightforward. First, measure your energy consumption at each part of the process, then define the alternatives, forecast the benefits, confirm and implement. Of course, you also need to be able to visualise what becomes possible when you break with tradition.
