Spreadsheet Woes – Limited Features For Easy Adoption of a Control Framework

Like it or not, regulations are here to stay and for a company to comply with them, its IT and financial systems will have to be equipped with a suitable control framework. One common stumbling block to such an implementation is a company?s over-reliance on spreadsheets.

Why is it so difficult to adopt controls for a system that’s reliant on spreadsheets? To understand this, let’s pinpoint some of the strongest, most powerful attributes of these User Developed Applications (UDA).

By nature, spreadsheets are the epitome of simplicity: easy to develop, easily accessible and easily altered. All computers in your workplace will most likely have them and everyone in your organization may be sharing them, making their own versions, and storing them in personal folders.

Sad to say though, these strengths are also control weaknesses and constitute the very reasons why spreadsheets require effective risk management.

Easy to develop. Being easy to develop, most spreadsheet systems are created by non-IT users who have limited knowledge on best control practices. Being constantly under time pressure, these ?developers? may also relegate documentation, security, and data verification to the back burner in favour of coming up with a timely report.

Easy to access. Information in a spreadsheet can be opened by practically anyone within the organization?s network. Who accessed what? And when? If anything goes wrong, it would be difficult to identify the culprit, and the failure to pinpoint responsibility for erroneous data could lead to bigger, more costly mistakes.

Easy to alter. Lastly, if the information is easy to access, then it can also be easily altered, consequently making reports more prone to both accidental errors and fraudulent modifications.

The rise of multimillion dollar scandals due to accidental and intentional spreadsheet errors have prompted regulatory bodies to publish guidelines for mitigating spreadsheet-associated risks. These controls include:

  • Change control
  • Version control
  • Access control
  • Input
  • Security and data integrity
  • Documentation
  • Development life cycle
  • Backup and archiving
  • Logic inspection/Testing
  • Segregation of duties/roles, and procedures
  • Analytics

In theory, these controls should be able to bring down risks considerably. However, because of the inherent nature of spreadsheets, such controls are rarely implemented effectively in the real world.

Take for example Security and Data Integrity. One of the most common causes of spreadsheet error is due to ?hardwiring?. This happens when values are inadvertently entered into a formula cell, naturally changing the logic of the spreadsheet.

As a way of control, cell locking can be applied on the formula cells to prevent users without the proper authority from making any changes. However, when reporting deadlines approach drawing spreadsheets to the forefront of data processing, more people are given access rights to the locked cells. Ironically, it is during these crunch times, when errors are most likely to happen.

Because the built-in features of a spreadsheet support none of the controls mentioned above, some companies are tempted to purchase control-enabling programs for spreadsheets just to continue using them for financial reporting. But although these programs can integrate the required controls, you?d still be interacting with the same complex and outdated interface: the spreadsheets.

Thus, these band-aid solutions may not suffice because the root cause of these problems are the spreadsheets themselves.

Learn more about our server application solutions and discover a better way to implement controls.

More Spreadsheet Blogs


Spreadsheet Risks in Banks


Top 10 Disadvantages of Spreadsheets


Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry


How Internal Auditors can win the War against Spreadsheet Fraud


Spreadsheet Reporting – No Room in your company in an age of Business Intelligence


Still looking for a Way to Consolidate Excel Spreadsheets?


Disadvantages of Spreadsheets


Spreadsheet woes – ill equipped for an Agile Business Environment


Spreadsheet Fraud


Spreadsheet Woes – Limited features for easy adoption of a control framework


Spreadsheet woes – Burden in SOX Compliance and other Regulations


Spreadsheet Risk Issues


Server Application Solutions – Don’t let Spreadsheets hold your Business back


Why Spreadsheets can send the pillars of Solvency II crashing down

Advert-Book-UK

amazon.co.uk

Advert-Book-USA

amazon.com

Check our similar posts

How Bouygues manages an Empire-Sized Footprint

Bouygues is into telecoms / media, and building and road construction. It also knows it has to watch its energy footprint closely. Owning 47% of energy giant Alstom keeps it constantly in the media spotlight. Shall we find out more about its facility management policies?

The journal Premises and Facilities Management interviewed MD Martin Bouygues on his personal opinions concerning managing energy consumption in facilities. He began by commenting that this was hardly a subject for the C-Suite in years gone by. Low-level clerks simply paid the bills following which the actual amounts were lost in the general expenses account. That of course has changed.

Early pressure came from soaring energy bills, which were pursued by a whole host of electricity-saving gadgets. However, it was only after the carbon crisis caught business by surprise that the link was forged to aerial pollution, and the social responsibilities of big business to help with the solution. The duty to have an energy strategy became an obligation eagerly policed by organisations such as Greenpeace.

Unsurprisingly, Martin Bouygues? advice begins with keeping energy consumption and its carbon footprint as high up on the agenda as health and safety. ?It needs bravery and a lot of hard work to get it there,? he says, ?so perseverance is the key?. 

The company has developed proprietary software that enables it to pull data from remote sensors in more than 80 countries every fifteen minutes. A single large building can contribute 50 million data items annually making data big business in the system. Every building has an allocated energy performance contract against which results are reported monthly, as a basis for reviewing progress.

The system is intelligent and able to incorporate low-occupancy periods such as weekends and public holidays. What is measured gets managed. We all know that, but how many of us apply the principle to our energy bills. With assistance from ecoVaro, the possible becomes real.

We offer a similar service to the Bouygues model with one notable exception. You don’t buy the software and you only pay when you use it. Our systems are simply designed for busy financial managers.

What GDPR Means in Practice for Irish Business

The General Data Protection Regulation (GDPR) is a European directive aimed at ring-fencing consumer data against illegal or unnecessary access. There is nothing to discuss or debate with local politicians, or the Irish Data Protection Commissioner for that matter. As a European directive, it has over-riding power. To obtain an English version, please visit this link, and select ?EN? from the table of languages.

As you reach for your tea, coffee or Guinness after sighting it, you will be glad to know the Irish Data Protection Commissioner has the lead in turning this into business English we understand. The following diagram should assist you to obtain a quick overview of the process we all have to go through. In this article, we briefly describe what is inside Boxes 1 to 12. The regulation comes into force on 25 May 2018 so we have less than a year to get ready.

The 12 Essential Steps to Implementing the General Data Protection Act

1. Create awareness among your people of what is coming their way. The GDPR has given our regulator discretion to dish out fines up to ?20,000,000 (or 4% of total annual global turnover, whichever is greater) so there is determination to make this happen.

2. Become accountable by understanding the consumer data you hold. Why are you retaining it, how did you obtain it, and why did you originally collect it. Now you know it is there, how much longer will you still need it? How secure is it in your hands, have you ever shared it?

3. Open a communication channel with your staff, your customers, and anyone else using the data. Share how you feel about how accountable you have been with the information in the past. Explain how you plan to comply with the GDPR in future, and what needs to change.

4. Understand the personal privacy entitlement of the subjects of the information. They have rights to access it, correct mistakes, remove information, restrict its use, decline direct marketing, and copy it to their own files. What needs to change in your systems to assure these rights?

5. Issue a policy for allowing consumers access to their information you hold. You must process requests within a month, and you may not charge for the service unless your cost is excessive. You may decline unfounded or excessive demands within your policy guidelines.

6. Adapt to the requirement that you must have a legal basis for everything you do with, and to consumer data. You need to be in a position to justify your actions to the Irish Data Protection Commissioner in the event of a complaint. Having a legitimate interest is no longer sufficient.

7. Ensure that consumer consent to collect, use, and distribute their data is ?freely given, specific, informed, and unambiguous.? From 25 May 2018 onward, this consent will be your only ground to do so. You cannot force consent. Your benchmark becomes what the GDPR says.

8. Issue rules for managing data of underage subjects. This is currently under review and we are awaiting results. Put systems in place to verify age. Set triggers for where guardians must give consent. Make sure age is verifiable. Use language young people understand.

9. Introduce a culture of openness and honesty, whereby breaches of the GDPR are detected, reported, investigated, and resolved. You will have a duty to file a GDPR report with the Data Protection Commissioner within 72 hours, thus it is important to fast track the process.

10. Introduce a policy of conducting a privacy assessment before taking new initiatives. The GDPR calls for ?privacy by deign?, and we need to engineer it in. This may be the right time to appoint a data controller in your company, and start implementing the GDPR while you have time.

11. You may also need to appoint a data protection officer depending on the size of your business. Alternatively, you need to add managing data protection compliance to an employee?s duties, or appoint an external data-protection compliance consultant.

12. Finally, and you will be glad to know this is the end of the list, the GDPR has an international flavour in that multinational organisations will report into the EU Lead Supervisory Authority. This will manage the process centrally while consulting national data authorities.

The GDPR is a project we all need to complete. If we are out of line, it is in our interests to get things straightened out. Once everything is in place, the task should not be too onerous. Getting there could be the pain.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Web Design and Development

The first few seconds of a first-time website visitor is very crucial. If they don’t like what they see or if they think it takes too long just to load what they’re supposed to see, chances are, that would be the last time you’d ever catch them on your site.

Therefore, striking a balance between your website’s appearance and its loading speed is important for first impressions. Once you’ve captured the visitor’s attention, the next objective is to keep them glued long enough for them to browse through your merchandise. It is at this point that the benefits of a well organised and highly intuitive graphical user interface come into play.

An excellent combination of stylish web design and sharp web development can play a major role in lowering bounce rates and increasing returning visitors. We see to it that our web designers and developers not only excel at what they do individually, but also understand the interplay between their individual creations and how it affects the overall appeal of the website.

This is what you can expect from our brand of web design and development:

  • Conversion-motivated web design. Since we understand that your primary motivation for entering into the eCommerce arena is to turn torrential web traffic into sales, we’ve put conversion as a primary consideration in our web designs.
  • SEO-friendly content. First-time visitors don’t reach your site because they entered your URL somewhere. Rather, they must have stumbled upon your links on search engine results or on other websites.
  • Engaging web content. Because excellent graphics alone can’t sell products but engaging web content can, we invest in excellent copywriters.
  • Visitor-friendly user interface. Before a visitor will ever read content on the current and succeeding pages, they’ll need to interact with your site’s UI first. We’ll make sure your user interface is visually appealing enough to invite visitors to click on your buttons.
  • Superior expertise in web development technologies. Our web developers are certified experts in web related technologies including Javascript, AJAX, SQL, PHP, CSS, Java, Silverlight, CMSes, and Magento, among others. Thus, we can offer extreme flexibility and scalability in our web development services.

See more related services

Ready to work with Denizon?

Contact Us Today