How Internal Auditors can win The War against Spreadsheet Fraud

To prevent another round of million dollar scandals due to fraudulent manipulations on spreadsheets, regulatory bodies have launched major offensives against these well-loved User Developed Applications (UDAs). Naturally, internal auditors are front and center in carrying out these offensives.

While regulations like the Sarbanes-Oxley Act, Dodd-Frank Act, and Solvency II can only be effective if end users are able to carry out the activities and practices required of them, auditors need to ascertain that they have. Sad to say, when it comes to spreadsheets, that is easier said than done.

Because spreadsheets are loosely distributed by nature, internal auditors always find it hard to: locate them, identify ownership, and trace their relationships with other spreadsheets. Now, we’re still talking about naturally occurring spreadsheets. How much more with files that have been deliberately tampered?

Spreadsheets can be altered in a variety of ways, especially if the purpose is to conceal fraudulent activities. Fraudsters can, for instance:

hide columns or rows,
perform conditional formatting, which changes the appearance of cells depending on certain values
replace cell entries with false values either through direct input or by linking to other spreadsheet sources
apply small, incremental changes in multiple cells or even spreadsheets to avoid detection
design macros and user defined functions to carry out fraudulent manipulations automatically

Recognising the seemingly insurmountable task ahead, the Institute of Internal Auditors released a guide designed specifically for the task of auditing user-developed applications, which of course includes spreadsheets.

But is this really the weapon internal auditors should be wielding in their quest to bring down spreadsheet fraud? Our answer is no. In fact, we believe no such weapon has to be wielded at all?because the only way to get rid of spreadsheet fraud is to eliminate spreadsheets once and for all.

Imagine how easy it would be for internal auditors to conduct their audits if data were kept in a centralised server instead of being scattered throughout the organisation in end-user hard drives.

And that’s not all. Because a server-based solution can be configured to have its own built-in controls, all your data will be under lock and key; unlike spreadsheet-based systems wherein storing a spreadsheet file inside a password-protected workstation does not guarantee equal security for all the other spreadsheets scattered throughout your company.

Learn more about Denizon’s server application solutions and discover a more efficient way for your internal auditors to carry out their jobs.

More Spreadsheet Blogs

Spreadsheet Risks in Banks

Top 10 Disadvantages of Spreadsheets

Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry

How Internal Auditors can win the War against Spreadsheet Fraud

Spreadsheet Reporting – No Room in your company in an age of Business Intelligence

Still looking for a Way to Consolidate Excel Spreadsheets?

Disadvantages of Spreadsheets

Spreadsheet woes – ill equipped for an Agile Business Environment

Spreadsheet Fraud

Spreadsheet Woes – Limited features for easy adoption of a control framework

Spreadsheet woes – Burden in SOX Compliance and other Regulations

Spreadsheet Risk Issues

Server Application Solutions – Don’t let Spreadsheets hold your Business back

Why Spreadsheets can send the pillars of Solvency II crashing down

amazon.co.uk

amazon.com

Check our similar posts

User-Friendly RASCI Accountability Matrices

Right now, you’re probably thinking that’s a statement of opposites. Something dreamed up by a consultant to impress, or just to fill a blog page. But wait. What if I taught you to create order in procedural chaos in five minutes flat? ?Would you be interested then?

The first step is to create a story line ?

Let’s imagine five friends decide to row a boat across a river to an island. Mary is in charge and responsible for steering in the right direction. John on the other hand is going to do the rowing, while Sue who once watched a rowing competition will be on hand to give advice. James will sit up front so he can tell Mary when they have arrived. Finally Kevin is going to have a snooze but wants James to wake him up just before they reach the island.

That’s kind of hard to follow, isn’t it ?

Let’s see if we can make some sense of it with a basic RASCI diagram ?

Responsibility Matrix: Rowing to the Island
Activity	Responsible	Accountable	Supportive	Consulted	Informed
Person	John	Mary	Sue	James	Kevin
Role	Oarsman	Captain	Consultant	Navigator	Sleeper

Now let’s add a simple timeline ?

Responsibility Matrix: Rowing to the Island
?	Sue	John	Mary	James	Kevin
Gives Direction	?	?	A	?	?
Rows the Boat	?	R	?	?	?
Provides Advice	S	?	?	?	?
Announces Arrival	?	?	A	C	?
Surfaces From Sleep	?	?	?	C	I
Ties Boat to Tree	?	?	A	?	?

Things are more complicated in reality ?

Quite correct. Although if I had jumped in at the detail end I might have lost you. Here?s a more serious example.

There?s absolutely no necessity for you so examine the diagram in any detail, other to note the method is even more valuable in large, corporate environments. This one is actually a RACI diagram because there are no supportive roles (which is the way the system was originally configured).

Other varieties you may come across include PACSI (perform, accountable, control, suggest, inform), and RACI-VS that adds verifier and signatory to the original mix. There are several more you can look at Wikipedia if you like.

Denizon’s Business Continuity Services

Disruptions to business operations can be as catastrophic as a Hurricane Katrina or a 9/11 or as relatively trivial as a minor power outage or a planned shutdown. What ever the gravity, scope and duration the disruption has, your company should be able to handle each situation so that you can declare “business as usual” and really mean it. (more…)

Big Energy Data Management

Recent times have seen the advent of cloud based services and solutions where energy data is being stored in the cloud and being accessed from anywhere, anytime through remote mobile devices. This has been made possible by web-based systems that can usually bring real-time meter-data into clear view allowing for proactive business and facility management decisions. Some web based systems may even support multi utility metering points and come in handy for businesses operating multiple sites.

Whereas all this has been made possible by increased use of smart devices/ intelligent energy devices that capture data at more regular intervals; the challenge facing businesses is how to transform the large data/big volume of data into insights and action plans that would translate into increased performance in terms of increased energy efficiency or power reliability.

A solution to this dilemma facing businesses that do not know how to process big energy data, may lie in energy management software. Energy management software?s have the capability to analyse energy consumption for, electricity, gas, water, heat, renewables and oil. They enable users to track consumption for different sources so that consumers are able to identify areas of inefficiency and where they can reduce energy consumption, Energy software also helps in analytics and reporting. The analytics and reporting features that come with energy software are usually able to:

? Generate charts and graphs ? some software?s give you an option to select from different graphs

? Do graphical comparisons e.g. generate graphs of the seasonal average for the same season and day type

? Generate reports that are highly customisable

While choosing from the wide range of software available, it is important for businesses to consider software that has the capacity to support their data volume, software that can support the frequency with which their data is captured and support the data accuracy or reliability.

Energy software alone may not make the magic happen. Businesses may need to invest in trained human resources in order to realise the best value from their big energy data. Experts in energy management would then apply human expertise to leverage the data and analyse it with proficiency to make it meaningful to one?s business.