How Internal Auditors can win The War against Spreadsheet Fraud

To prevent another round of million dollar scandals due to fraudulent manipulations on spreadsheets, regulatory bodies have launched major offensives against these well-loved User Developed Applications (UDAs). Naturally, internal auditors are front and center in carrying out these offensives.

While regulations like the Sarbanes-Oxley Act, Dodd-Frank Act, and Solvency II can only be effective if end users are able to carry out the activities and practices required of them, auditors need to ascertain that they have. Sad to say, when it comes to spreadsheets, that is easier said than done.

Because spreadsheets are loosely distributed by nature, internal auditors always find it hard to: locate them, identify ownership, and trace their relationships with other spreadsheets. Now, we’re still talking about naturally occurring spreadsheets. How much more with files that have been deliberately tampered?

Spreadsheets can be altered in a variety of ways, especially if the purpose is to conceal fraudulent activities. Fraudsters can, for instance:

  • hide columns or rows,
  • perform conditional formatting, which changes the appearance of cells depending on certain values
  • replace cell entries with false values either through direct input or by linking to other spreadsheet sources
  • apply small, incremental changes in multiple cells or even spreadsheets to avoid detection
  • design macros and user defined functions to carry out fraudulent manipulations automatically

Recognising the seemingly insurmountable task ahead, the Institute of Internal Auditors released a guide designed specifically for the task of auditing user-developed applications, which of course includes spreadsheets.

But is this really the weapon internal auditors should be wielding in their quest to bring down spreadsheet fraud? Our answer is no. In fact, we believe no such weapon has to be wielded at all?because the only way to get rid of spreadsheet fraud is to eliminate spreadsheets once and for all.

Imagine how easy it would be for internal auditors to conduct their audits if data were kept in a centralised server instead of being scattered throughout the organisation in end-user hard drives.

And that’s not all. Because a server-based solution can be configured to have its own built-in controls, all your data will be under lock and key; unlike spreadsheet-based systems wherein storing a spreadsheet file inside a password-protected workstation does not guarantee equal security for all the other spreadsheets scattered throughout your company.

Learn more about Denizon’s server application solutions and discover a more efficient way for your internal auditors to carry out their jobs.

More Spreadsheet Blogs

 

Spreadsheet Risks in Banks

 

Top 10 Disadvantages of Spreadsheets

 

Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry

 

How Internal Auditors can win the War against Spreadsheet Fraud

 

Spreadsheet Reporting – No Room in your company in an age of Business Intelligence

 

Still looking for a Way to Consolidate Excel Spreadsheets?

 

Disadvantages of Spreadsheets

 

Spreadsheet woes – ill equipped for an Agile Business Environment

 

Spreadsheet Fraud

 

Spreadsheet Woes – Limited features for easy adoption of a control framework

 

Spreadsheet woes – Burden in SOX Compliance and other Regulations

 

Spreadsheet Risk Issues

 

Server Application Solutions – Don’t let Spreadsheets hold your Business back

 

Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

 

Check our similar posts

A Definitive List of the Business Benefits of Cloud Computing ? Part 3

Strengthens business continuity/disaster recovery capabilities

Today’s business landscape calls for companies to have reliable business continuity and disaster recovery capabilities. After all, when the system goes down, customers and even employees would rarely ask ‘why‘ or ‘what happened‘ but instead go directly to the ‘how soon can we get back up‘ part.

So unless they’ve been struck by the same unforeseen disaster your business is also experiencing, a couple of hours downtime is plenty enough for most of these people. What’s worse is when they simply don’t wait until they get access again and just go to other providers that can offer the same services. In short, your inability to provide continuous IT and business services could translate to lost opportunities which your competition would only be too willing to gain. And that’s not even counting the possibility of losing essential data and other potential negative impact that critical IT failure can bring about.

The answer to avoiding such a scenario is of course, having a sound business continuity and disaster recovery plan in place. But this is actually easier said than done.

Traditionally, setting up a business continuity plan entailed some tedious procedures in addition to very costly infrastructure. We’re talking here about acquiring and maintaining practically a replication of the hardware infrastructure and environments currently existing for business-critical systems and data. Note that these mirror systems should be set-up, housed, and maintained in a remote facility or location.

Making the deployment even more complex is the constant need to update the data in storage as well as keep software applications in sync between the system in use and the one on standby mode. This process would involve the physical transfer of data and syncing of applications, which is cumbersome and again, expensive.

While large enterprises would not even think twice about having to spend so much to ensure that operations would never come to a grinding halt, most small and mid-sized organisations would not have the required financial means for them to even start considering this option. Often, the bulk of their disaster recovery plan would simply consist of some tape backups, and a lot of hoping that they would never have to suffer from any outage or IT failure.

But all that can be changed with the arrival of cloud computing.

A cloud strategy offers an affordable solution for business continuity and disaster recovery for SMBs with limited resources and even big companies trying to minimise expenses by looking for alternative options.

A reliable service provider would already have the required infrastructure and software vital to a viable BC/DR plan and complete with the appropriate security measures. Organisations need not spend upfront for these facilities, but get to benefit from having updated data backup and a virtualised mirror system that would allow them to quickly get back up in the event of an outage or catastrophic disaster.

When looking to the cloud for a cost-effective BC/DR plan however, it’s worth keeping in mind that not all cloud providers are created equal. That’s why businesses also have many important factors to take into account before signing cloud contracts.

Yes, provision for continuity and and taking necessary precautions against outages are inherent in the cloud service itself, but you’d be surprised how many of these providers don’t actually take responsibility for service interruption. To give organisations some assurance of the cloud company’s capacity for continued service, contracts should stipulate availability guarantees and liability for downtime that the provider is willing to answer for.

Once these relevant issues are ironed out however, it’s easy for business to see how cloud-based data storage and computing can significantly lower the costs involved for SMB BC/DR while greatly improving efficiency, mobility, and collaboration capabilities.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
eCommerce

 

We bet you’ve often read how getting rich through the Internet can be fast and easy. Time for your 5-second reality check: It’s going to entail lots of hard work, dedication, a great deal of information and the ability to use that information to your advantage. Sounds familiar?

Well, it should be. After all, it’s still business. However, while the basic ingredients to achieving success in business are still the basic prerequisites in eCommerce, there are also a lot of technical aspects that have to be factored in. This is where you’ll need us.

Well, actually, we’re going to help you out on those basic ingredients too. That’s because our dedicated specialists will perform most of the hard work until you gain enough know-how to run things on your own.

If you’re starting from scratch, we’ll help you build on your idea and transform it into an actual web-based business.

Then once you’ve got your site online, we’ll redirect traffic to it, attract the right visitors, convert those visitors into buyers and keep them satisfied so that they’ll come back and even spread the word.

Some of our related services include:

How Sustainable is Suez Environment

French-based Suez Environment works in the water and waste-management environment, with specific reference to water production, treatment, & pollution disposal, and waste treatment, recycling, incineration and site desensitisation. Its more than 65,000 employees distributed worldwide have participated in flagship projects like Renault’s goal of 95% reclamation of vehicle parts, and Lyonnaise des Eaux?s saving of 12 million cubic meters of water in a single year.

Suez Environment claims to have consistently increased the recovery rate of treated waste, decreased direct and indirect greenhouse gas emissions, and made significant inroads into the production of sustainable energy on behalf of its clients. But then surely that’s Suez Environment’s business, and with over 65,000 employees we are entitled to expect this. Given that there have been persistent allegations of privatised water distribution bumping prices up to the detriment of the poor, how effective is Suez Environment at practising what it preaches back home?

GDF Suez is its largest shareholder and includes it under its environmental and societal responsibility umbrella. This makes environmental performance an overarching goal alongside management systems, health and safety, risk and procurement, and ethics. Its environmental ambitions spin out into the following strategies:

  • Understand the interactions between our activities and the environment
  • Open dialogue with stakeholders and foster partnerships with them
  • Set quantitative and qualitative targets at all levels of the organisation
  • Achieve optimum balance between financial and environmental challenges
  • Be proactive; anticipate impacts on the environment and plan for them
  • Increase employee awareness through interactive training and education
  • Be constantly innovative; share successes within the organisation
  • Monitor progress continuously and publish measured results achieved.

These goals direct the Suez Environment management team?s attention towards optimising performance in key areas like greenhouse gases, energy management, renewable energy, biodiversity, responsible water management, pollution prevention and health and safety considerations.

Among numerous other examples, its waste incineration programs convert hazardous and conventional waste into heat used to generate electricity without requiring virgin carbon products. Elsewhere, the same energy warms market-gardening tunnels and work places on winter days.

Suez Environment uses sophisticated energy management software to analyse information that’s transmitted by data logging devices online. ecoVaro provides a similar service in the cloud. ecoVaro adapts to your requirements providing fresh insights to your business.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today