How Internal Auditors can win The War against Spreadsheet Fraud

To prevent another round of million dollar scandals due to fraudulent manipulations on spreadsheets, regulatory bodies have launched major offensives against these well-loved User Developed Applications (UDAs). Naturally, internal auditors are front and center in carrying out these offensives.

While regulations like the Sarbanes-Oxley Act, Dodd-Frank Act, and Solvency II can only be effective if end users are able to carry out the activities and practices required of them, auditors need to ascertain that they have. Sad to say, when it comes to spreadsheets, that is easier said than done.

Because spreadsheets are loosely distributed by nature, internal auditors always find it hard to: locate them, identify ownership, and trace their relationships with other spreadsheets. Now, we’re still talking about naturally occurring spreadsheets. How much more with files that have been deliberately tampered?

Spreadsheets can be altered in a variety of ways, especially if the purpose is to conceal fraudulent activities. Fraudsters can, for instance:

  • hide columns or rows,
  • perform conditional formatting, which changes the appearance of cells depending on certain values
  • replace cell entries with false values either through direct input or by linking to other spreadsheet sources
  • apply small, incremental changes in multiple cells or even spreadsheets to avoid detection
  • design macros and user defined functions to carry out fraudulent manipulations automatically

Recognising the seemingly insurmountable task ahead, the Institute of Internal Auditors released a guide designed specifically for the task of auditing user-developed applications, which of course includes spreadsheets.

But is this really the weapon internal auditors should be wielding in their quest to bring down spreadsheet fraud? Our answer is no. In fact, we believe no such weapon has to be wielded at all?because the only way to get rid of spreadsheet fraud is to eliminate spreadsheets once and for all.

Imagine how easy it would be for internal auditors to conduct their audits if data were kept in a centralised server instead of being scattered throughout the organisation in end-user hard drives.

And that’s not all. Because a server-based solution can be configured to have its own built-in controls, all your data will be under lock and key; unlike spreadsheet-based systems wherein storing a spreadsheet file inside a password-protected workstation does not guarantee equal security for all the other spreadsheets scattered throughout your company.

Learn more about Denizon’s server application solutions and discover a more efficient way for your internal auditors to carry out their jobs.

More Spreadsheet Blogs

 

Spreadsheet Risks in Banks

 

Top 10 Disadvantages of Spreadsheets

 

Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry

 

How Internal Auditors can win the War against Spreadsheet Fraud

 

Spreadsheet Reporting – No Room in your company in an age of Business Intelligence

 

Still looking for a Way to Consolidate Excel Spreadsheets?

 

Disadvantages of Spreadsheets

 

Spreadsheet woes – ill equipped for an Agile Business Environment

 

Spreadsheet Fraud

 

Spreadsheet Woes – Limited features for easy adoption of a control framework

 

Spreadsheet woes – Burden in SOX Compliance and other Regulations

 

Spreadsheet Risk Issues

 

Server Application Solutions – Don’t let Spreadsheets hold your Business back

 

Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

 

Check our similar posts

Total Quality Management

Total Quality Management (TQM) is another business management approach that focuses on the involvement of all members of the organisation to participate in improving processes, products, services, and the culture in which they work in. It is important that every team member realises how each individual and each activity affects, and in turn is affected by, others.

With the use of combined quality and management tools, TQM also aims to reduce losses brought about by wasteful practices, a common concern in most companies. Using the TQM strategy, business would also be able to identify the cause of a defect, thereby preventing it from entering the final product.

Deming’s 14 Points

At the core of the Total Quality Management concept and implementation is Deming’s 14 points, a set of guidelines on quality as conceptualised by W Edwards Deming, one of the pioneers of quality. Deming’s 14 points are as follows:

  1. Create constancy of purpose for improving products and services.
  2. Adopt the new philosophy.
  3. Cease dependence on inspection to achieve quality.
  4. End the practice of awarding business on price alone; instead, minimise total cost by working with a single supplier.
  5. Improve constantly and forever every process for planning, production and service.
  6. Institute training on the job.
  7. Adopt and institute leadership.
  8. Drive out fear.
  9. Break down barriers between staff areas.
  10. Eliminate slogans, exhortations and targets for the workforce.
  11. Eliminate numerical quotas for the workforce and numerical goals for management.
  12. Remove barriers that rob people of pride of workmanship, and eliminate the annual rating or merit system.
  13. Institute a vigorous program of education and self-improvement for everyone.
  14. Put everybody in the company to work accomplishing the transformation.

But if you were to reduce to bare bones the TQM philosophy from Deming’s 14 points, it would all come down to two simple goals:

  1. To make things right the first time; and
  2. To work for continuous improvement.

As with all other quality management process, the end goal is to be able to offer products and services that meet and even exceed customer’s expectations.

Find out more about our Quality Assurance services in the following pages:

Disadvantages of Spreadsheets

Spreadsheets are flexible, inexpensive and easy to use. They are especially handy when it comes to beating report submission deadlines or making impromptu data computations. That’s why office workers, managers and even executives have made spreadsheets their go-to solution for such undertakings and more.

Spreadsheets have become so ubiquitous, that they’ve found their way into a wide range of applications including complex modelling, accounting reconciliations, market data analysis, work flow tracking and monitoring, analytical review and financial reporting.

Unfortunately, organisations heavy reliance on spreadsheets have made these User Developed Applications (UDA) into high-risk office tools. Simple spreadsheet errors like leaving out a negative sign or a cut-and-paste mistake have already caused million-dollar discrepancies. Also, when a fraudulent employee enters into the picture, the risks become unimaginable.

Think TransAlta?s spreadsheet cut-and-paste glitch (the company later called this a ?simple clerical error?) which caused the energy firm a whopping $24 million loss or Fidelity?s overstatement of its earnings owing to the omission of the minus sign on the spreadsheet of a $1.3 billion net capital loss.

In both cases and in many other similar spreadsheet fiasco, the errors played a major role in the organisation’s decision-making, leading to disastrous results including, but not limited to financial loss, shattered investor confidence and public embarrassment.

If these are scenarios your organisation can ill afford, then it’s time to ask yourself: Do the disadvantages of spreadsheets far outweigh their benefits to merit a call for total liberation from them?

More Spreadsheet Blogs


Spreadsheet Risks in Banks


Top 10 Disadvantages of Spreadsheets


Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry


How Internal Auditors can win the War against Spreadsheet Fraud


Spreadsheet Reporting – No Room in your company in an age of Business Intelligence


Still looking for a Way to Consolidate Excel Spreadsheets?


Disadvantages of Spreadsheets


Spreadsheet woes – ill equipped for an Agile Business Environment


Spreadsheet Fraud


Spreadsheet Woes – Limited features for easy adoption of a control framework


Spreadsheet woes – Burden in SOX Compliance and other Regulations


Spreadsheet Risk Issues


Server Application Solutions – Don’t let Spreadsheets hold your Business back


Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
UK Government Updates ESOS Guidelines

Britain?s Environment Agency has produced an update to the ESOS guidelines previously published by the Department of Energy and Climate Change. Fortunately for businesses much of it has remained the same. Hence it is only necessary to highlight the changes here.

  1. Participants in joint ventures without a clear majority must assess themselves individually against criteria for participation, and run their own ESOS programs if they comply.
  2. If a party supplying energy to assets held in trust qualifies for ESOS then these assets must be included in its program.
  3. Total energy consumption applies only to assets held on both the 31 December 2014 and 5 December 2015 peg points. This is relevant to the construction industry where sites may exchange hands between the two dates. The definition of ?held? includes borrowed, leased, rented and used.
  4. Energy consumption while travelling by plane or ship is only relevant if either (or both) start and end-points are in the UK. Foreign travel may be voluntarily included at company discretion. The guidelines are silent regarding double counting when travelling to fellow EU states.
  5. The choice of sites to sample is at the discretion of the company and lead assessor. The findings of these audits must be applied across the board, and ?robust explanations? provided in the evidence pack for selection of specific sites. This is a departure from traditional emphasis on random.

The Environment Agency has provided the following checklist of what to keep in the evidence pack

  1. Contact details of participating and responsible undertakings
  2. Details of directors or equivalents who reviewed the assessment
  3. Written confirmation of this by these persons
  4. Contact details of lead assessor and the register they appear on
  5. Written confirmation by the assessor they signed the ESOS off
  6. Calculation of total energy consumption
  7. List of identified areas of significant consumption
  8. Details of audits and methodologies used
  9. Details of energy saving opportunities identified
  10. Details of methods used to address these opportunities / certificates
  11. Contracts covering aggregation or release of group members
  12. If less than twelve months of data used why this was so
  13. Justification for using this lesser time frame
  14. Reasons for including unverifiable data in assessments
  15. Methodology used for arriving at estimates applied
  16. If applicable, why the lead assessor overlooked a consumption profile

Check out: Ecovaro ? energy data analytics specialist 

Ready to work with Denizon?

Contact Us Today