Spreadsheet Fraud

To any company executive or business owner, the mere possibility of fraud can be enough to send alarm bells ringing – for good reason. In a prolonged recession, the last thing investors would want to discover is a huge, gaping hole where supposedly a neat profit should have been. Also to find out that such loss was brought about by deliberately falsified accounting and poor spreadsheet controls only makes the situation even more regrettable.

Why?

Because these losses would not have occurred had there been a stronger risk management program in place and more stringent quality control on critical data to begin with.

But given the nature of a spreadsheet system i.e. its sheer flexibility and easy accessibility, plus the fact that they were never intended to be enterprise-level tools, there are no hard and fast rules for auditing spreadsheets. Also because of the lack of internal controls for end user computing (EUC) applications, in this case spreadsheets, you can’t expect these systems to yield consistently accurate results.

In fact, most managers assume that major spreadsheet errors should result in figures that are blatantly out of touch with how things stand in the real world, making these errors easily detectable.

Well they assumed wrong. You’ll find cases where the losses ran to millions of dollars without anyone being the wiser.

In instances of fraud, the problem becomes more complicated as these errors are deliberately hidden and cleverly disguised, perhaps one erroneous cell at a time. Even if these cover-ups started out with smaller figures that may have had negligible impact on a company?s operation, the cumulative costs of these ?insignificant? errors multiply exponentially as the spreadsheets are reused and utilised as bases for other related reports.

While there is no generally accepted definition of the term ?spreadsheet fraud?, its quite easy to identify one when a case crops up. Fraud arising from spreadsheets are typically characterised by:

Fallacious inputs – correct figures are deliberately replaced with false values.

Erroneous outputs owing to data alteration – hyperlinks are linking to the wrong spreadsheets or cells; use of macros or special lines of code which are understandable only to the person who developed the code.

Concealment of critical information – can be done with easy ?tweaks? such as hidden rows and columns, using the same colour for both the font and the background, or hard coding additional values into a cell.

There is nothing really highly-sophisticated or technical in any of these methodologies. But without internal spreadsheet controls in place, it would take a discerning eye and a thorough review to catch the inconsistencies contained in a spreadsheet fraught with errors. Also, if these errors are knowingly placed there, the chances of finding them are close to nil.

Learn more about our server application solutions and discover a better way to protect your company from spreadsheet fraud.

More Spreadsheet Blogs


Spreadsheet Risks in Banks


Top 10 Disadvantages of Spreadsheets


Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry


How Internal Auditors can win the War against Spreadsheet Fraud


Spreadsheet Reporting – No Room in your company in an age of Business Intelligence


Still looking for a Way to Consolidate Excel Spreadsheets?


Disadvantages of Spreadsheets


Spreadsheet woes – ill equipped for an Agile Business Environment


Spreadsheet Fraud


Spreadsheet Woes – Limited features for easy adoption of a control framework


Spreadsheet woes – Burden in SOX Compliance and other Regulations


Spreadsheet Risk Issues


Server Application Solutions – Don’t let Spreadsheets hold your Business back


Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

Check our similar posts

The Better Way of Applying Benford’s Law for Fraud Detection

Applying Benford’s Law on large collections of data is an effective way of detecting fraud. In this article, we?ll introduce you to Benford’s Law, talk about how auditors are employing it in fraud detection, and introduce you to a more effective way of integrating it into an IT solution.

Benford’s Law in a nutshell

Benford’s Law states that certain data sets – including certain accounting numbers – exhibit a non-uniform distribution of first digits. Simply put, if you gather all the first digits (e.g. 8 is the first digit of ?814 and 1 is the first digit of ?1768) of all the numbers that make up one of these data sets, the smallest digits will appear more frequently than the larger ones.

That is, according to Benford’s Law,

1 should comprise roughly 30.1% of all first digits;
2 should be 17.6%;
3 should be 12.5%;
4 should be 9.7%, and so on.

Notice that the 1s (ones) occur far more frequently than the rest. Those who are not familiar with Benford’s Law tend to assume that all digits should be distributed uniformly. So when fraudulent individuals tinker with accounting data, they may end up putting in more 9s or 8s than there actually should be.

Once an accounting data set is found to show a large deviation from this distribution, then auditors move in to make a closer inspection.

Benford’s Law spreadsheets and templates

Because Benford’s Law has been proven to be effective in discovering unnaturally-behaving data sets (such as those manipulated by fraudsters), many auditors have created simple software solutions that apply this law. Most of these solutions, owing to the fact that a large majority of accounting departments use spreadsheets, come in the form of spreadsheet templates.

You can easily find free downloadable spreadsheet templates that apply Benford’s Law as well as simple How-To articles that can help you to implement the law on your own existing spreadsheets. Just Google “Benford’s law template” or “Benford’s law spreadsheet”.

I suggest you try out some of them yourself to get a feel on how they work.

The problem with Benford’s Law when used on spreadsheets

There’s actually another reason why I wanted you to try those spreadsheet templates and How-To’s yourself. I wanted you to see how susceptible these solutions are to trivial errors. Whenever you work on these spreadsheet templates – or your own spreadsheets for that matter – when implementing Benford’s Law, you can commit mistakes when copy-pasting values, specifying ranges, entering formulas, and so on.

Furthermore, some of the data might be located in different spreadsheets, which can likewise by found in different departments and have to be emailed for consolidation. The departments who own this data will have to extract the needed data from their own spreadsheets, transfer them to another spreadsheet, and send them to the person in-charge of consolidation.

These activities can introduce errors as well. That’s why we think that, while Benford’s Law can be an effective tool for detecting fraud, spreadsheet-based working environments can taint the entire fraud detection process.

There?s actually a better IT solution where you can use Benford’s Law.

Why a server-based solution works better

In order to apply Benford’s Law more effectively, you need to use it in an environment that implements better controls than what spreadsheets can offer. What we propose is a server-based system.

In a server-based system, your data is placed in a secure database. People who want to input data or access existing data will have to go through access controls such as login procedures. These systems also have features that log access history so that you can trace who accessed which and when.

If Benford’s Law is integrated into such a system, there would be no need for any error-prone copy-pasting activities because all the data is stored in one place. Thus, fraud detection initiatives can be much faster and more reliable.

You can get more information on this site regarding the disadvantages of spreadsheets. We can also tell you more about the advantages of server application solutions.

Which KPI?s to Use in CRM

Customer relationship management emerged in the 1980?s in the form of database marketing. In those tranquil pre-social media days, the possibility of ?managing? clients may have been a possibility although Twitter and Facebook took care of that. Modern managers face a more dynamic environment. If you are one, then what are the trends you should be monitoring yourself (as opposed to leaving it to others).

If you want to drip feed plants, you have to keep the flow of liquid regular. The same applies to drip-feed marketing. Customers are fickle dare we say forgetful. Denizon recommends you monitor each department in terms of Relationship Freshness. When were the people on your list last contacted, and what ensued from this?

Next up comes the Quality of Engagements that follow from these efforts. How often do your leads respond at all, and how many interfaces does it take to coax them into a decision? You need to relate this to response blocks and unsubscribes. After a while you will recognise the tipping point where it is pointless to continue.

Response Times relate closely to this. If your marketing people are hot then they should get a fast response to sales calls, email shots and live chats. It is essential to get back to the lead again as soon as possible. You are not the only company your customers are speaking too. Fortune belongs to the fast and fearless.

The purpose of marketing is to achieve Conversions, not generate data for the sake of it. You are paying for these interactions and should be getting more than page views. You need to drill down by department on this one too. If one team is outperforming another consider investing in interactive training.

Finally Funnel Drop-Off Rate. Funnel analysis identifies the points at which fish fall off the hook and seeks to understand why this is happening. If people click your links, make enquiries and then drift away, you have a different set of issues as opposed to if they do not respond at all.

You should be able to pull most of this information off your CRM system if it is half-decent, although you may need to trigger a few options and re orientate reporting by your people in the field. When you have your big data lined up speak to us. We have a range of data analysts brimming over with fresh ideas.

ISO Certification and Training

Overview

ISO, or the International Organisation for Standardisation, is a global standard-setting body, made up of a network of various standards organisations from among its 162 member-nations. ISO is a vital force in the manufacturing industry, promoting industrial and commercial global standards for specifications and requirements in materials, products, procedures, information, and quality management.

ISO Certification

For a company, an ISO Certification:

? Is an assurance that the organisation, has met the required management of processes and documentation.

? Provides standards on how businesses and organisations manage information and processes;

? Does not impose any regulations;

? Is not like a license that allows a business or company to operate.

Rather, an ISO Certification merely certifies that a management system, a manufacturing process, or an offered service has all the elements for quality assurance and the capability to compete in the international market.

That said however, an ISO Certification is still vital to most businesses because it brings them up to par with global standards. For instance, in many industries, contracting companies are required ISO 9001 certification, and some government contracts, such as in the oil industry or medical technologies, depend largely on ISO 9001 compliance. Most ISO Standards are specific to different industries, processes, and products, but ISO 9001 is a management system standard that can be applied to any company.

ISO 9001

ISO 9001 is unarguably, one of the most established Quality Management Systems program in the world today that can be a useful tool for any organisation. ISO 9001 Standards is currently the recognised standard not only for quality management systems, but management systems in general, ensuring quality in all aspects ? products, services, and documentation.

Any company, regardless of size or sector, aiming to improve its operations and management, would do well with an ISO 9001 Certification, especially if the organisation is prepared to implement the standards throughout the entire organisation and not just in particular departments or divisions.

Find out more about our Quality Assurance services in the following pages:

Total Quality Management

Failure Mode and Effects Analysis

Six Sigma

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today