Spreadsheet Woes – Limited Features For Easy Adoption of a Control Framework

Like it or not, regulations are here to stay and for a company to comply with them, its IT and financial systems will have to be equipped with a suitable control framework. One common stumbling block to such an implementation is a company?s over-reliance on spreadsheets.

Why is it so difficult to adopt controls for a system that’s reliant on spreadsheets? To understand this, let’s pinpoint some of the strongest, most powerful attributes of these User Developed Applications (UDA).

By nature, spreadsheets are the epitome of simplicity: easy to develop, easily accessible and easily altered. All computers in your workplace will most likely have them and everyone in your organization may be sharing them, making their own versions, and storing them in personal folders.

Sad to say though, these strengths are also control weaknesses and constitute the very reasons why spreadsheets require effective risk management.

Easy to develop. Being easy to develop, most spreadsheet systems are created by non-IT users who have limited knowledge on best control practices. Being constantly under time pressure, these ?developers? may also relegate documentation, security, and data verification to the back burner in favour of coming up with a timely report.

Easy to access. Information in a spreadsheet can be opened by practically anyone within the organization?s network. Who accessed what? And when? If anything goes wrong, it would be difficult to identify the culprit, and the failure to pinpoint responsibility for erroneous data could lead to bigger, more costly mistakes.

Easy to alter. Lastly, if the information is easy to access, then it can also be easily altered, consequently making reports more prone to both accidental errors and fraudulent modifications.

The rise of multimillion dollar scandals due to accidental and intentional spreadsheet errors have prompted regulatory bodies to publish guidelines for mitigating spreadsheet-associated risks. These controls include:

Change control
Version control
Access control
Input
Security and data integrity
Documentation
Development life cycle
Backup and archiving
Logic inspection/Testing
Segregation of duties/roles, and procedures
Analytics

In theory, these controls should be able to bring down risks considerably. However, because of the inherent nature of spreadsheets, such controls are rarely implemented effectively in the real world.

Take for example Security and Data Integrity. One of the most common causes of spreadsheet error is due to ?hardwiring?. This happens when values are inadvertently entered into a formula cell, naturally changing the logic of the spreadsheet.

As a way of control, cell locking can be applied on the formula cells to prevent users without the proper authority from making any changes. However, when reporting deadlines approach drawing spreadsheets to the forefront of data processing, more people are given access rights to the locked cells. Ironically, it is during these crunch times, when errors are most likely to happen.

Because the built-in features of a spreadsheet support none of the controls mentioned above, some companies are tempted to purchase control-enabling programs for spreadsheets just to continue using them for financial reporting. But although these programs can integrate the required controls, you?d still be interacting with the same complex and outdated interface: the spreadsheets.

Thus, these band-aid solutions may not suffice because the root cause of these problems are the spreadsheets themselves.

Learn more about our server application solutions and discover a better way to implement controls.

More Spreadsheet Blogs

Spreadsheet Risks in Banks

Top 10 Disadvantages of Spreadsheets

Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry

How Internal Auditors can win the War against Spreadsheet Fraud

Spreadsheet Reporting – No Room in your company in an age of Business Intelligence

Still looking for a Way to Consolidate Excel Spreadsheets?

Disadvantages of Spreadsheets

Spreadsheet woes – ill equipped for an Agile Business Environment

Spreadsheet Fraud

Spreadsheet Woes – Limited features for easy adoption of a control framework

Spreadsheet woes – Burden in SOX Compliance and other Regulations

Spreadsheet Risk Issues

Server Application Solutions – Don’t let Spreadsheets hold your Business back

Why Spreadsheets can send the pillars of Solvency II crashing down

amazon.co.uk

amazon.com

Check our similar posts

ESOS Guide for UK Manufacturers Available

The Engineering Employers’ Federation (EEF) is the UK’s largest sectoral structure. Its goal is to promote the interests of manufacturing, engineering and technology-based businesses in order to enhance their competitiveness.

EEF has positioned itself in London and Brussels in order to be in a position to lobby at EU and Westminster level. Part of its role is helping its members adapt to change and capitalise on it. When it discovered that a third of UK manufacturers must comply with ESOS (and 49% had not even heard of it) EEF decided it was time to publish a handbook for its members.

According to EEF’s head of climate and environment policy Gareth Stace, For the many manufacturers that have already taken significant steps to improve energy efficiency, ESOS can be viewed as a ?stock taking exercise?, ensuring that momentum is maintained and new measures are highlighted and taken when possible?.

He goes on to add that others that have not begun the process should view it as an ‘impetus’ to go head down and find the most cost-effective ways to slash energy costs. Ecovaro adds that they would also have the opportunity to reduce carbon emissions almost as a by-product.

Firms with more than 250 employees, over 250 million revenue or both must comply with ESOS across all UK sectors. In simplest terms, they must have conducted an energy audit by 5th December 2015, and logged their energy saving plan with the Environmental Agency that is Britain?s sustainability watchdog.

The Department of Energy & Climate Change (DEEC) that oversees it believes that large UK businesses are wasting ?2.8 billion a year on electricity they do not need. Clearly it makes sense to focus on larger targets; however EcoVaro believes those halfway to the threshold should voluntarily comply if cutting their energy bills by 25% sounds appealing.

We are able to assist with interpreting their energy audits. These are often a matter of installing sub-meters at distribution points, and reading these for a few representative months to establish a trend. Meters are inexpensive compared to electricity costs, and maintenance teams can install them during maintenance shutdowns.

Ecovaro helps these firms process the data into manageable summaries using cloud-based technology. This is on a pay-when-used basis, and hence considerably cheaper than acquiring the software, or appointing a consultant.

Energy Cooperation Mechanisms in the EU

While the original mission of the European Union was to bring countries together to prevent future wars, this has spun out into a variety of other cooperative mechanisms its founders may never have dreamed of. Take energy for example, where the European Energy Directive puts energy cooperation mechanisms in place to help member states achieve the collective goal.

This inter-connectivity is essential because countries have different opportunities. For example, some may easily meet their renewable targets with an abundance of suitable rivers, while others may have a more regular supply of sunshine. To capitalise on these opportunities the EU created an internal energy market to make it easier for countries to work together and achieve their goals in cost-effective ways. The three major mechanisms are

Joint Projects
Statistical Transfers
Joint Support Schemes

Joint Projects

The simplest form is where two member states co-fund a power generation, heating or cooling scheme and share the benefits. This could be anything from a hydro project on their common border to co-developing bio-fuel technology. They do not necessarily share the benefits, but they do share the renewable energy credits that flow from it.

An EU country may also enter into a joint project with a non-EU nation, and claim a portion of the credit, provided the project generates electricity and this physically flows into the union.

Statistical Transfers

A statistical transfer occurs when one member state has an abundance of renewable energy opportunities such that it can readily meet its targets, and has surplus credits it wishes to exchange for cash. It ?sells? these through the EU accounting system to a country willing to pay for the assistance.

This aspect of the cooperative mechanism provides an incentive for member states to exceed their targets. It also controls costs, because the receiver has the opportunity to avoid more expensive capital outlays.

Joint Support Schemes

In the case of joint support schemes, two or more member countries combine efforts to encourage renewable energy / heating / cooling systems in their respective territories. This concept is not yet fully explored. It might for example include common feed-in tariffs / premiums or common certificate trading and quota systems.

Conclusion

A common thread runs through these three cooperative mechanisms and there are close interlinks. The question in ecoVaro?s mind is the extent to which the system will evolve from statistical support systems, towards full open engagement.

User-Friendly RASCI Accountability Matrices

Right now, you’re probably thinking that’s a statement of opposites. Something dreamed up by a consultant to impress, or just to fill a blog page. But wait. What if I taught you to create order in procedural chaos in five minutes flat? ?Would you be interested then?

The first step is to create a story line ?

Let’s imagine five friends decide to row a boat across a river to an island. Mary is in charge and responsible for steering in the right direction. John on the other hand is going to do the rowing, while Sue who once watched a rowing competition will be on hand to give advice. James will sit up front so he can tell Mary when they have arrived. Finally Kevin is going to have a snooze but wants James to wake him up just before they reach the island.

That’s kind of hard to follow, isn’t it ?

Let’s see if we can make some sense of it with a basic RASCI diagram ?

Responsibility Matrix: Rowing to the Island
Activity	Responsible	Accountable	Supportive	Consulted	Informed
Person	John	Mary	Sue	James	Kevin
Role	Oarsman	Captain	Consultant	Navigator	Sleeper

Now let’s add a simple timeline ?

Responsibility Matrix: Rowing to the Island
?	Sue	John	Mary	James	Kevin
Gives Direction	?	?	A	?	?
Rows the Boat	?	R	?	?	?
Provides Advice	S	?	?	?	?
Announces Arrival	?	?	A	C	?
Surfaces From Sleep	?	?	?	C	I
Ties Boat to Tree	?	?	A	?	?

Things are more complicated in reality ?

Quite correct. Although if I had jumped in at the detail end I might have lost you. Here?s a more serious example.

There?s absolutely no necessity for you so examine the diagram in any detail, other to note the method is even more valuable in large, corporate environments. This one is actually a RACI diagram because there are no supportive roles (which is the way the system was originally configured).

Other varieties you may come across include PACSI (perform, accountable, control, suggest, inform), and RACI-VS that adds verifier and signatory to the original mix. There are several more you can look at Wikipedia if you like.