How Internal Auditors can win The War against Spreadsheet Fraud

To prevent another round of million dollar scandals due to fraudulent manipulations on spreadsheets, regulatory bodies have launched major offensives against these well-loved User Developed Applications (UDAs). Naturally, internal auditors are front and center in carrying out these offensives.

While regulations like the Sarbanes-Oxley Act, Dodd-Frank Act, and Solvency II can only be effective if end users are able to carry out the activities and practices required of them, auditors need to ascertain that they have. Sad to say, when it comes to spreadsheets, that is easier said than done.

Because spreadsheets are loosely distributed by nature, internal auditors always find it hard to: locate them, identify ownership, and trace their relationships with other spreadsheets. Now, we’re still talking about naturally occurring spreadsheets. How much more with files that have been deliberately tampered?

Spreadsheets can be altered in a variety of ways, especially if the purpose is to conceal fraudulent activities. Fraudsters can, for instance:

  • hide columns or rows,
  • perform conditional formatting, which changes the appearance of cells depending on certain values
  • replace cell entries with false values either through direct input or by linking to other spreadsheet sources
  • apply small, incremental changes in multiple cells or even spreadsheets to avoid detection
  • design macros and user defined functions to carry out fraudulent manipulations automatically

Recognising the seemingly insurmountable task ahead, the Institute of Internal Auditors released a guide designed specifically for the task of auditing user-developed applications, which of course includes spreadsheets.

But is this really the weapon internal auditors should be wielding in their quest to bring down spreadsheet fraud? Our answer is no. In fact, we believe no such weapon has to be wielded at all?because the only way to get rid of spreadsheet fraud is to eliminate spreadsheets once and for all.

Imagine how easy it would be for internal auditors to conduct their audits if data were kept in a centralised server instead of being scattered throughout the organisation in end-user hard drives.

And that’s not all. Because a server-based solution can be configured to have its own built-in controls, all your data will be under lock and key; unlike spreadsheet-based systems wherein storing a spreadsheet file inside a password-protected workstation does not guarantee equal security for all the other spreadsheets scattered throughout your company.

Learn more about Denizon’s server application solutions and discover a more efficient way for your internal auditors to carry out their jobs.

More Spreadsheet Blogs

 

Spreadsheet Risks in Banks

 

Top 10 Disadvantages of Spreadsheets

 

Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry

 

How Internal Auditors can win the War against Spreadsheet Fraud

 

Spreadsheet Reporting – No Room in your company in an age of Business Intelligence

 

Still looking for a Way to Consolidate Excel Spreadsheets?

 

Disadvantages of Spreadsheets

 

Spreadsheet woes – ill equipped for an Agile Business Environment

 

Spreadsheet Fraud

 

Spreadsheet Woes – Limited features for easy adoption of a control framework

 

Spreadsheet woes – Burden in SOX Compliance and other Regulations

 

Spreadsheet Risk Issues

 

Server Application Solutions – Don’t let Spreadsheets hold your Business back

 

Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

 

Check our similar posts

Failure Mode and Effects Analysis

 

Any business in the manufacturing industry would know that anything can happen in the development stages of the product. And while you can certainly learn from each of these failures and improve the process the next time around, doing so would entail a lot of time and money.
A widely-used procedure in operations management utilised to identify and analyse potential reliability problems while still in the early stages of production is the Failure Mode and Effects Analysis (FMEA).

FMEAs help us focus on and understand the impact of possible process or product risks.

The FMEA method for quality is based largely on the traditional practice of achieving product reliability through comprehensive testing and using techniques such as probabilistic reliability modelling. To give us a better understanding of the process, let’s break it down to its two basic components ? the failure mode and the effects analysis.

Failure mode is defined as the means by which something may fail. It essentially answers the question “What could go wrong?” Failure modes are the potential flaws in a process or product that could have an impact on the end user – the customer.

Effects analysis, on the other hand, is the process by which the consequences of these failures are studied.

With the two aspects taken together, the FMEA can help:

  • Discover the possible risks that can come with a product or process;
  • Plan out courses of action to counter these risks, particularly, those with the highest potential impact; and
  • Monitor the action plan results, with emphasis on how risk was reduced.

Find out more about our Quality Assurance services in the following pages:

Network Security

The easiest way for an external threat to get to your private data is through your network. The easiest way to eliminate that threat? Get your data out of the network. Of course, we know you wouldn’t want to do that. We also know that while you may want to sniff every packet for anything suspicious, you wouldn’t want your network to crawl either.

That’s why we’re offering to put up the most efficient checkpoints on every route that leads into and out of your system.

So what can you expect from our brand of network security?

  • Review of your policies and processes for weaknesses – If we see a loophole, we’ll recommend modifications wherever necessary.
  • Protection for your applications and infrastructure – Since we’re familiar with both software and hardware-based protection systems, we can recommend which type is best suited for your setup.
  • Automated identification of business and mission critical applications – They’ll be given priority in your network to ensure bandwidth allocation is optimised.
  • Automated network audits and vulnerability management – Tired of getting prompted by pesky vulnerability notices and don’t know what to do with them? Well, that’s why we’re here.
  • Customisable security reports that contain only relevant and accurate data.

We can also help you with the following:

Saving Energy Step 3 ? Towards a Variable Energy Bill

Do you remember the days when energy was so cheap we paid the bill almost without thinking about it? Things have changed and we have the additional duty of reducing consumption to help save the planet. This is the third article in our mini-series on saving energy. It follows on from the first that explored implementing a management system, and the second listing practical things to implement on the shop floor. These open up the possibility of the variable energy bill we expand on as follows.

If ?variable energy bill? sounds strange to you, I used the unusual turn of phrase to encourage you to view things in a different light. We need to move on from the ?pie chart? mentality where we focus on the biggest numbers like materials, facilities and labour, and zoom in on energy where we can achieve similar gains faster with less pain. But first, we need to see beyond the jargon that governments and consultants love, and get to grips with the reality that we can vary our energy bill and bring cost down.

As executives we recognise this, although other pressures distract us from accepting it as a personal goal. And so we delegate it down the organisation to a level where it becomes ?another crazy management idea? we have to follow to stay out of trouble. I read somewhere that half the world?s organisations do not have energy as a defined objective to monitor in the C Suite. No wonder commerce is only pecking away at energy wastage at a rate of 1% per year.

Find out where you are ?spending energy? and relate this to your core business. If there are places where you are unable to make a connection, challenge the activity?s right to exist. Following the energy trail produces unexpected benefits because it permeates everything we do.

  • Improved product design reducing time spent in factory
  • Streamlined production schedules reducing machine run times
  • Less wear on equipment reducing costly maintenance
  • A more motivated workforce that is prouder of ?what we do?

As you achieve energy savings you can pass these on in terms of lower prices and greater market share. All this and more is possible when you focus on the variables behind your energy bill. Run the numbers. It deserves more attention than it often gets.

Ready to work with Denizon?

Contact Us Today