How Internal Auditors can win The War against Spreadsheet Fraud

To prevent another round of million dollar scandals due to fraudulent manipulations on spreadsheets, regulatory bodies have launched major offensives against these well-loved User Developed Applications (UDAs). Naturally, internal auditors are front and center in carrying out these offensives.

While regulations like the Sarbanes-Oxley Act, Dodd-Frank Act, and Solvency II can only be effective if end users are able to carry out the activities and practices required of them, auditors need to ascertain that they have. Sad to say, when it comes to spreadsheets, that is easier said than done.

Because spreadsheets are loosely distributed by nature, internal auditors always find it hard to: locate them, identify ownership, and trace their relationships with other spreadsheets. Now, we’re still talking about naturally occurring spreadsheets. How much more with files that have been deliberately tampered?

Spreadsheets can be altered in a variety of ways, especially if the purpose is to conceal fraudulent activities. Fraudsters can, for instance:

hide columns or rows,
perform conditional formatting, which changes the appearance of cells depending on certain values
replace cell entries with false values either through direct input or by linking to other spreadsheet sources
apply small, incremental changes in multiple cells or even spreadsheets to avoid detection
design macros and user defined functions to carry out fraudulent manipulations automatically

Recognising the seemingly insurmountable task ahead, the Institute of Internal Auditors released a guide designed specifically for the task of auditing user-developed applications, which of course includes spreadsheets.

But is this really the weapon internal auditors should be wielding in their quest to bring down spreadsheet fraud? Our answer is no. In fact, we believe no such weapon has to be wielded at all?because the only way to get rid of spreadsheet fraud is to eliminate spreadsheets once and for all.

Imagine how easy it would be for internal auditors to conduct their audits if data were kept in a centralised server instead of being scattered throughout the organisation in end-user hard drives.

And that’s not all. Because a server-based solution can be configured to have its own built-in controls, all your data will be under lock and key; unlike spreadsheet-based systems wherein storing a spreadsheet file inside a password-protected workstation does not guarantee equal security for all the other spreadsheets scattered throughout your company.

Learn more about Denizon’s server application solutions and discover a more efficient way for your internal auditors to carry out their jobs.

More Spreadsheet Blogs

Spreadsheet Risks in Banks

Top 10 Disadvantages of Spreadsheets

Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry

How Internal Auditors can win the War against Spreadsheet Fraud

Spreadsheet Reporting – No Room in your company in an age of Business Intelligence

Still looking for a Way to Consolidate Excel Spreadsheets?

Disadvantages of Spreadsheets

Spreadsheet woes – ill equipped for an Agile Business Environment

Spreadsheet Fraud

Spreadsheet Woes – Limited features for easy adoption of a control framework

Spreadsheet woes – Burden in SOX Compliance and other Regulations

Spreadsheet Risk Issues

Server Application Solutions – Don’t let Spreadsheets hold your Business back

Why Spreadsheets can send the pillars of Solvency II crashing down

amazon.co.uk

amazon.com

Check our similar posts

Could Kanban Be?Best for Knowledge Workers?

Knowledge Workers include academics, accountants, architects, doctors, engineers, lawyers, software engineers, scientists and anybody else whose job it is to think for a living. They are usually independent-minded people who do not appreciate project managers dishing out detailed orders. Kanban project management resolves this by letting them choose the next task themselves.

The word ?Kanban? comes from a Japanese word meaning ?billboard? or ?signboard?. Before going into more detail how this works let’s first examine how Japanese beliefs of collaboration, communication, courage, focus on value, respect for people and a holistic approach to change fit into the picture.

The Four Spokes Leading to the Kanban Hub

Visualise the Workflow ?You cannot improve what you cannot see. The first step involves team members reducing a project to individual stages and posting these on a noticeboard.
Create Batches ? These stages are further reduced to individual tasks or batches that are achievable within a working day or shift. More is achievable when we do not have to pick up where we left off the previous day.
Choose a Leader the Team Respects – Without leadership, a group of people produces chaotic results. To replace this with significant value they need a leader, and especially a leader they can willingly follow.
Learn and Improve Constantly ? Kaizen or continuous improvement underpins the Japanese business model, and respects that achievement is a step along the road, and not fulfilment.

The Kanban Method in Practice

Every Kanban project begins with an existing process the participants accept will benefit from continuous change. These adjustments should be incremental, not radical step-changes to avoid disrupting the stakeholders and the process. The focus is on where the greatest benefits are possible.

Anybody in the team is free to pull any batch from the queue and work on it in the spirit of collaboration and cooperation. That they do so, should not make any waves in a culture of respect for people and a holistic approach to working together. All it needs is the courage to step out of line and dream what is possible.

The Kanban Project Method ? Conclusions and Thoughts

Every engine needs some sort of fuel to make it go. The Kanban project management method needs collaboration, communication, courage, focus on value, respect for people and a holistic approach to work. This runs counter to traditional western hierarchies and probably limits its usefulness in the West.

Contact Us

(+353)(0)1-443-3807 – IRL
(+44)(0)20-7193-9751 – UK

Authentication and Access Control

Threats to your data can come from external or internal sources.

There are individuals who don’t have the authorisation but are driven by malicious intentions to gain access to certain information. This may refer to individuals who already belong to your organisation (but don’t have the necessary access rights) as well as those who don’t.
There are individuals who have both the authorisation and, unfortunately, the malicious intentions over certain information.
Finally, there are individuals who have the authorisation, no malicious intentions, but have accidentally exposed the information in question to those without the proper authority.

While curbing threats 2 and 3 would require other methods, threat #1 can be countered if the right authentication and access control systems are in place.

Here’s what we can do for you:

Work with your key personnel to determine who gets access to what.
Help you decide whether a single factor or a two-factor authentication (2FA) is appropriate for your organisation and recommend which factors are most suitable. Login methods may include but are not limited to the following:
- biometric devices
- Kerberos tickets
- mobile phones
- passwords
- PKI certificates
- proximity cards
- smart cards
- tokens
Install the necessary infrastructure needed for the factors chosen. For instance, if you opt to use biometrics, then biometric scanners will be installed. We’ll make sure that the authentication terminals are situated in places where achieving optimal traffic and work flow has been taken into consideration.

Other defences we’re capable of putting up include:

Six Sigma

Six Sigma has received much attention worldwide as a management strategy that is said to have brought about huge improvements and financial gains for such big-name companies as Allied Signal, General Electric (GE) and Motorola.

If you want to give your business the chance to attain the same resounding success, Six Sigma could be the method that will steer you towards that direction.

What is Six Sigma?

So what really is it? Six Sigma is a business management tool that was developed using the most effective quality improvement techniques from the last six decades. Basing its approach on discipline, verifiable data, and statistical calculations, Six Sigma aims to identify the causes of defects and eliminate them, thereby resulting in near-perfect products that meet or exceed customer’s satisfaction.

The core concept behind the Six Sigma method is that if an organisation can quantify the number of “defects” there are in a particular process, improvement activities can be implemented to eliminate them, and get as close to a “zero defects” scenario as possible. Defect here is defined as any process output that fails to meet customer specifications.

Six Sigma is also unique from other programs in that it calls for the creation of a special infrastructure of people within the organisation (“Champions“, “Black Belts“, “Green Belts“) who are to be expert in the methods.

Six Sigma Methodologies

When implementing Six Sigma projects, two methodologies are often employed. Although each method uses five phases each, these two are distinguished from each other using 5-letter acronyms and their specific uses.

DMAIC ? is the project methodology used to improve processes and maximise productivity of current business practices. The 5 letters stand for:

D ? Define (the problem)
M ? Measure (the main factors of the existing process)
A ??Analyse?(the information gathered to deter mine the causes of defects)
I ? Improve (the current process based on the analysis)
C ? Control (all succeeding processes so as to minimise additional defects)

DMADV – is the method most suitable if your business is looking to create new products or designs. The acronym stands for:

D ? Define (product goals as the consumer market demands)
M ? Measure (and identify product capabilities and risks)
A ??Analyse?(to create the best possible design)
D ? Design (the product or process details)
V ? Verify (the design)

How does Six Sigma differ from other quality programs?

If you think that Six Sigma is just another one of those business strategies that produce more hype than actual results, think again. Six Sigma uses three key concepts that sets it apart from other business management methods.

It is strictly a data-driven approach, where assumptions and guesswork do not figure in the decision making.
It focuses on achieving quantifiable financial results ? the bottom line ($) ? as much as giving emphasis on customer satisfaction.
It requires strong management leadership, while at the same time creating a role for every individual in the organisation.

Is Six Sigma right for your business?

While many other organisations such as Sony, Nokia, American Express, Xerox, Boeing, Kodak, Sun Micro-systems and many other blue chip companies have followed suit in adopting Six Sigma, the truth is, any company — whether you have a large manufacturing corporation, or a small business specialising in customer service.

Certainly, there is a lot more to Six Sigma than what you can probably absorb in one sitting or reading.

With our wide range of business management consultancy services, we can help you understand the Six Sigma method in the context of your business. We can also help you establish your improvement goals, set up your program, and train your own team of “champions” who can lead in implementing your Six Sigma goals.

Find out more about our Quality Assurance services in the following pages: