To any company executive or business owner, the mere possibility of fraud can be enough to send alarm bells ringing – for good reason. In a prolonged recession, the last thing investors would want to discover is a huge, gaping hole where supposedly a neat profit should have been. Also to find out that such loss was brought about by deliberately falsified accounting and poor spreadsheet controls only makes the situation even more regrettable.
Why?
Because these losses would not have occurred had there been a stronger risk management program in place and more stringent quality control on critical data to begin with.
But given the nature of a spreadsheet system i.e. its sheer flexibility and easy accessibility, plus the fact that they were never intended to be enterprise-level tools, there are no hard and fast rules for auditing spreadsheets. Also because of the lack of internal controls for end user computing (EUC) applications, in this case spreadsheets, you can’t expect these systems to yield consistently accurate results.
In fact, most managers assume that major spreadsheet errors should result in figures that are blatantly out of touch with how things stand in the real world, making these errors easily detectable.
Well they assumed wrong. You’ll find cases where the losses ran to millions of dollars without anyone being the wiser.
In instances of fraud, the problem becomes more complicated as these errors are deliberately hidden and cleverly disguised, perhaps one erroneous cell at a time. Even if these cover-ups started out with smaller figures that may have had negligible impact on a company?s operation, the cumulative costs of these ?insignificant? errors multiply exponentially as the spreadsheets are reused and utilised as bases for other related reports.
While there is no generally accepted definition of the term ?spreadsheet fraud?, its quite easy to identify one when a case crops up. Fraud arising from spreadsheets are typically characterised by:
Fallacious inputs – correct figures are deliberately replaced with false values.
Erroneous outputs owing to data alteration – hyperlinks are linking to the wrong spreadsheets or cells; use of macros or special lines of code which are understandable only to the person who developed the code.
Concealment of critical information – can be done with easy ?tweaks? such as hidden rows and columns, using the same colour for both the font and the background, or hard coding additional values into a cell.
There is nothing really highly-sophisticated or technical in any of these methodologies. But without internal spreadsheet controls in place, it would take a discerning eye and a thorough review to catch the inconsistencies contained in a spreadsheet fraught with errors. Also, if these errors are knowingly placed there, the chances of finding them are close to nil.
Learn more about our server application solutions and discover a better way to protect your company from spreadsheet fraud.
ISO, or the International Organisation for Standardisation, is a global standard-setting body, made up of a network of various standards organisations from among its 162 member-nations. ISO is a vital force in the manufacturing industry, promoting industrial and commercial global standards for specifications and requirements in materials, products, procedures, information, and quality management.
ISO Certification
For a company, an ISO Certification:
? Is an assurance that the organisation, has met the required management of processes and documentation.
? Provides standards on how businesses and organisations manage information and processes;
? Does not impose any regulations;
? Is not like a license that allows a business or company to operate.
Rather, an ISO Certification merely certifies that a management system, a manufacturing process, or an offered service has all the elements for quality assurance and the capability to compete in the international market.
That said however, an ISO Certification is still vital to most businesses because it brings them up to par with global standards. For instance, in many industries, contracting companies are required ISO 9001 certification, and some government contracts, such as in the oil industry or medical technologies, depend largely on ISO 9001 compliance. Most ISO Standards are specific to different industries, processes, and products, but ISO 9001 is a management system standard that can be applied to any company.
ISO 9001
ISO 9001 is unarguably, one of the most established Quality Management Systems program in the world today that can be a useful tool for any organisation. ISO 9001 Standards is currently the recognised standard not only for quality management systems, but management systems in general, ensuring quality in all aspects ? products, services, and documentation.
Any company, regardless of size or sector, aiming to improve its operations and management, would do well with an ISO 9001 Certification, especially if the organisation is prepared to implement the standards throughout the entire organisation and not just in particular departments or divisions.
Find out more about our Quality Assurance services in the following pages:
ESOS is what UK business needed, to encourage it to become more responsible for the environmental consequences of making money. Government has met with industry leaders to hammer out the finer details. Now there are heartening signs of intra-industry collaboration, for the example the FTA approach we discuss here.
The Freight Transport Association (FTA) is one of the UK?s biggest trade associations, and exists to represent the interests of companies moving goods by air, rail, sea and road. It is their representative at national, European and local level that advises them on legal compliance. In February 2015, it announced plans to help the industry comply with ESOS too.
The association has been active since the announcement of the UK?s Energy Saving Opportunity Scheme. It has engaged with government and membership through the portal of its Logistics Carbon Reduction Scheme (LCRS). The Environment Agency has singled this out as a benchmark other industries could follow.
FTA general manager for consultancy and tendering Karen Packham recently said, ?With our highly experienced and fully qualified team of transport auditors ?the FTA is best placed to offer practical advice and is able to provide specialist audits to ensure members are fully compliant ? and will gain all the benefits that the scheme has to offer.?
These co-audits with Environment Agency specialists advising, will focus on the full range of operational and supporting activities, and ensure that all haulage companies with over 250 employees do the following:
Assess energy use across their full spread of buildings, transport media and industrial activity
Examine energy-intensive pressure points and identify savings opportunities that provide financial benefit
Nominate an ESOS person to conduct future audits, or oversee and approve them independently
Report to the Environment Agency as scheme administrator per statutory intervals
Ecovaro has energy management software that turns metrics into high-level information that busy people understand. Give us a call if you are puzzling how best to present your data. We believe two heads can achieve so much more together.
A mobile workforce management software is key to managing an efficient field workforce.? Managing a staff of people can be tricky in any industry. Try keeping track of employees on shifting jobsites, many whom are paid hourly or temporary workers. The added pressure of ensuring the right workers get to the right sites at the right times, but they also need to track hours, parts used, vehicles and equipment assets.
In a previous post, we defined what is an operational review and why they play a key process in the continual evolution of successful businesses.?
Operational reviews allow the organization members to evaluate their performance, according to the procedures, resources properly, timescales and budgets.
In this post, we’ll take a closer look at how to implement an operational review and the steps typically undertaken to help you and your organisation to implement an operational review.
What the steps in a Operational Review Process
There are typically six steps in an operational review that range from preparatory work conducting interviews and collecting documents to the presentation of the final written report.
An audit should be customized to meet a organisatons specific needs, so standard steps can and should only serve as a guideline.? Management and internal and external auditors should adjust the process to address the company’s particular goals and objectives.
Initial Management Meeting
Understanding the problem is the first crucial step of an operational review. This is one of major areas of discussions when the audit team meets with the management, and department heads will be asked to identify any specific areas of concern. Once the problem is identified, it would be easier to come up with workable solutions.
Conduct Interviews
The next step in the evaluation is carried out with experienced teams doing interviews and keeping close observation. Each team essentially watches how employees carry out their responsibilities. This is considered a key part of the process.
When doing the interview, it is also vital that the observing team gains the employees? trust and confidence. Likewise, the staff must be assured that whatever transpires between the team and the employee will be kept confidential. Management must therefore guarantee anonymity to anyone who offers critical information, lest employees withhold vital information and render the data gathered inaccurate.
Systems Review
Employees and management practices will be reviewed by the assessing team according to the standard policies and guidelines of the company. The effectiveness of the controls in place as well as their appropriateness to the current operating conditions will also be evaluated.
Reporting
A documentation of the data gathered and the assessment of the evaluating team, will be submitted to the management after the review process. Flow charts and written narratives of departmental activities are usually part of this report. This is also where observations and recommendations of the team will be presented to the department heads concerned.
Review Results
While the operational review is being conducted, it is important to take into account the vital factors that affect the company: the people, processes, procedures, and strategies. These four factors can determine the company?s progress in the future.
Key Areas of focus in operation reviews
At a minimum an operational review should include the following key ares of assessment
Management Control
Responsibilities, authority, and the scope in which an employee has the freedom to act must be clearly defined and documented. A complete and specific job description for instance, would give the employee a clear perspective on how he acts and functions within the company.
Boundaries should be set not only to benefit the employer but more so the employee as well.
Moral and Ethical Guidelines
Moral and ethical guidelines are just as important to ensure for a smoother employer?employee relationship. Otherwise, personal issues such as work ethics, work attitude and personal values may post problems in the long run if such guidelines are not drawn properly before relationships are established.
Processes and procedures
Evaluating processes is only beneficial if the company itself updates its processes and procedural manuals regularly, or at least when needed. Such protocols may need revision and some steps may be obsolete already. Improving a company?s processes and procedures doesn’t always entail cost. In fact, improvised procedures may even be cost-effective and could make the processes more manageable.
Communication and reporting standards
Gaps in communication could result in serious lapses in internal controls, putting the company and/or its assets at risk. This is where the importance of timely and clear communication comes in. Likewise, reports must be useful, and the flow of information and how it is processed must keep pace with the company?s growth.
Information technology (IT) and security controls can also be included under the communication clause. Proper IT security policies must be in place, state-of-the-art protection techniques employed, and everything be documented, periodically updated, and continually monitored.
Strategic planning and tactics
No company can ever be complete without its strategies. It would unwise for any organization to proceed without first knowing where it stands and what direction it wants to take. Strategic planning draws such a map. It must be aligned to the mission and vision of the company, and should also coincide with the organizational goals set. Strategic planning deals with these three key questions:
What do we do now
Whom do we do it for?
How can we overcome competition
Without clear strategic direction, expectations would likely differ between ownership and management.
Contingency planning, testing and recovery
Contingency plans must be up-to-date, and are essential to the organization. If one course of action fails, the company should have plan B, C and so on. In addition, an organization should be prepared to respond to interference’s.
This includes establishing a formal process to review transactions processing during both disruption and recovery.
Presentation of Report
Based on your objectives and our findings, we will develop detailed recommendations to improve your company?s performance and productivity. Our written report will include a list of both short-term and long-term projected improvements and courses of action, to be mutually agreed upon by both parties.
To ensure the achievement of the improvements we outlined, our team will also assist in the implementation of these modifications.
The plan has three levels of recommendations: one for executives, another for management, and a third one for staff.
The executive summary concentrates on your company?s strengths, weaknesses, opportunities and threats to its entirety. It includes recommendations for any needed changes in policy or governance.
The management plan is based on employee feedback and includes areas of immediate improvement as well as identification of potential problem areas. Concerns from the bottom level management can now be forwarded to the top level management in formal writing. Better working relationships may evolve from this, thereby setting the work environment for a higher productivity ratio.
Lastly, the staff report deals with topics like charting the hierarchy of the organization, and discussing in detail specific control objectives that are critical to the company?s mission. Part of our goal is to encourage personnel to pay close attentions to such changes, if any, as these efforts are essential if they want to bring about both organizational and personal success.
If you would like to further discuss how our operational review services can benefit your company, please feel free to contact us at your convenience to schedule an initial consultation. We?ll be more than happy to assist you.
