How Internal Auditors can win The War against Spreadsheet Fraud

To prevent another round of million dollar scandals due to fraudulent manipulations on spreadsheets, regulatory bodies have launched major offensives against these well-loved User Developed Applications (UDAs). Naturally, internal auditors are front and center in carrying out these offensives.

While regulations like the Sarbanes-Oxley Act, Dodd-Frank Act, and Solvency II can only be effective if end users are able to carry out the activities and practices required of them, auditors need to ascertain that they have. Sad to say, when it comes to spreadsheets, that is easier said than done.

Because spreadsheets are loosely distributed by nature, internal auditors always find it hard to: locate them, identify ownership, and trace their relationships with other spreadsheets. Now, we’re still talking about naturally occurring spreadsheets. How much more with files that have been deliberately tampered?

Spreadsheets can be altered in a variety of ways, especially if the purpose is to conceal fraudulent activities. Fraudsters can, for instance:

hide columns or rows,
perform conditional formatting, which changes the appearance of cells depending on certain values
replace cell entries with false values either through direct input or by linking to other spreadsheet sources
apply small, incremental changes in multiple cells or even spreadsheets to avoid detection
design macros and user defined functions to carry out fraudulent manipulations automatically

Recognising the seemingly insurmountable task ahead, the Institute of Internal Auditors released a guide designed specifically for the task of auditing user-developed applications, which of course includes spreadsheets.

But is this really the weapon internal auditors should be wielding in their quest to bring down spreadsheet fraud? Our answer is no. In fact, we believe no such weapon has to be wielded at all?because the only way to get rid of spreadsheet fraud is to eliminate spreadsheets once and for all.

Imagine how easy it would be for internal auditors to conduct their audits if data were kept in a centralised server instead of being scattered throughout the organisation in end-user hard drives.

And that’s not all. Because a server-based solution can be configured to have its own built-in controls, all your data will be under lock and key; unlike spreadsheet-based systems wherein storing a spreadsheet file inside a password-protected workstation does not guarantee equal security for all the other spreadsheets scattered throughout your company.

Learn more about Denizon’s server application solutions and discover a more efficient way for your internal auditors to carry out their jobs.

More Spreadsheet Blogs

Spreadsheet Risks in Banks

Top 10 Disadvantages of Spreadsheets

Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry

How Internal Auditors can win the War against Spreadsheet Fraud

Spreadsheet Reporting – No Room in your company in an age of Business Intelligence

Still looking for a Way to Consolidate Excel Spreadsheets?

Disadvantages of Spreadsheets

Spreadsheet woes – ill equipped for an Agile Business Environment

Spreadsheet Fraud

Spreadsheet Woes – Limited features for easy adoption of a control framework

Spreadsheet woes – Burden in SOX Compliance and other Regulations

Spreadsheet Risk Issues

Server Application Solutions – Don’t let Spreadsheets hold your Business back

Why Spreadsheets can send the pillars of Solvency II crashing down

amazon.co.uk

amazon.com

Check our similar posts

How FieldElite helps Plumbers

While most people think that running a plumbing business is a very easy job, things are a bit different on the ground. The job goes beyond the dropping by a client’s home and fixing a few pipes. In addition to the actual plumbing work, a plumbing business also involves managing quotes, invoicing customers, dispatching field service workers, and accounting, among others. Undertaking all these operations manually is extremely demanding. Besides the tedious work that it is, you’re likely to end up with a ton of errors.

However, you can overcome these challenges by employing technology. The use of field service management software allows you to automate tasks. Consequently, you no longer have to deal with paperwork, delayed responses to customer requests, or double assignment of tasks.

If you’re wondering which field service management software to use, FieldElite is your best bet. FieldElite is feature-rich, and it gives you way more than the simple automation of the daily operations of your plumbing business.

Below are some of the top benefits you’ll reap by using FieldElite to run your plumbing venture.

Convenient Scheduling

Scheduling is an important aspect of the plumbing industry. Just like other field techs, plumbers would require tasks to be dispatched on time, which is only made possible by proper scheduling. With FieldElite, managers can easily schedule single and recurring tasks for the right plumber in a matter of seconds.

On the other hand, plumbers can also view the available jobs and job information in the FieldElite easy to use App that’s available for Android, and confirm scheduled jobs. They can also accept these jobs using their smartphones and respond to service requests instantly.

Apart from getting the scheduled tasks, the FieldElite scheduling and dispatch feature is integrated with GPS functionality so that plumbers can get information on where to go next, and the optimal route to take from their mobile phones.

The scheduling and dispatch feature also gives plumbers the information on the specific tools required for the job to allow them to get the tools in between appointments and schedules.

Central Data Storage

Just like other field service industries, plumbing also involves big data. Handling data manually would mean more errors for your plumbing business, which will only impact negatively on your business. To eliminate such errors, go paperless with FieldElite.

You can view everything from one place with FieldElite?s dashboard feature, including information about your plumbers and the scheduled tasks. On the other hand, your plumbers can access job details and the pending tasks from a central place.

Plumbers can also get service requests from customers on the FieldElite mobile app from wherever they are. All the requests are stored in a central place, making the response to customer requests easier. The end result is satisfied customers, opening doors for return orders.

In case of an update, all plumbers receive notifications at the same time and, where necessary, respond promptly to the requests. They can update the office instantly with job status changes from a central place.

Convenient Reporting

Reporting is part of the tasks that plumbers have to do after completing the assigned job. As a manager, you expect your plumbers to keep you updated on the status of each assignment. Reporting on paper is time-consuming, and that’s why you need the services of FieldElite.

With FieldElite reporting feature, sending over completed job reports is only a few clicks away. Plumbers can generate reports on the mobile app and keep the office staff updated on the status of the job. Using FieldElite, you can capture customer signatures and add attachments to the job status and send them instantly using the mobile app available on Android.

Since they can do instant reporting via the mobile app, the plumbers can proceed to attend to new service requests as soon as they’re done without having to first come back to the office to submit their reports.

Effective Communication

Timely communication is very essential if you’re working with field technicians. Since you’ll not always be with them in the field, it’s always important to establish a proper communication channel to ensure information reaches your plumbers in time. Here, you can get much more with FieldElite, including communication automation to remind customers of appointments.

With FieldElite field service management software, plumbers receive notifications through the mobile app. The notifications can be for anything from new task requests, requests for alterations, emergencies, and more. On the other hand, office-based staff gets to access the reports once the plumber completes their given task.

That means the plumbers in the field and the office-based team gets communication instantly, enabling them to see and manage their workloads. For this reason, plumbers can complete multiple tasks within a short time, thus improving their overall productivity.

Scalability

The biggest question for most entrepreneurs when they want to buy management software is scalability. Businesses grow and incorporate new activities that would also require to be managed from a centralised system. Where that’s not possible, the business would have to move all their information from one system to a more robust one.

With FieldElite, however, you’re safe. It works perfectly well for startups as well as large-sized plumbing businesses. It allows you to focus on the areas that your organisation covers now, but also lets you add new areas as you introduce them into your business. Moreover, FieldElite is also receiving regular updates to that bring it up-to-speed with new technologies and new ways of doing things, meaning that your business will be in a position to take advantage of the latest and more productive features.

From the benefits mentioned above, it’s quite clear that your plumbing industry greatly needs the services of a field service management software. Your plumbers too need easier time working on their assigned tasks, adding to the reasons why you need to integrate FieldElite in your plumbing business.

How Bouygues manages an Empire-Sized Footprint

Bouygues is into telecoms / media, and building and road construction. It also knows it has to watch its energy footprint closely. Owning 47% of energy giant Alstom keeps it constantly in the media spotlight. Shall we find out more about its facility management policies?

The journal Premises and Facilities Management interviewed MD Martin Bouygues on his personal opinions concerning managing energy consumption in facilities. He began by commenting that this was hardly a subject for the C-Suite in years gone by. Low-level clerks simply paid the bills following which the actual amounts were lost in the general expenses account. That of course has changed.

Early pressure came from soaring energy bills, which were pursued by a whole host of electricity-saving gadgets. However, it was only after the carbon crisis caught business by surprise that the link was forged to aerial pollution, and the social responsibilities of big business to help with the solution. The duty to have an energy strategy became an obligation eagerly policed by organisations such as Greenpeace.

Unsurprisingly, Martin Bouygues? advice begins with keeping energy consumption and its carbon footprint as high up on the agenda as health and safety. ?It needs bravery and a lot of hard work to get it there,? he says, ?so perseverance is the key?.

The company has developed proprietary software that enables it to pull data from remote sensors in more than 80 countries every fifteen minutes. A single large building can contribute 50 million data items annually making data big business in the system. Every building has an allocated energy performance contract against which results are reported monthly, as a basis for reviewing progress.

The system is intelligent and able to incorporate low-occupancy periods such as weekends and public holidays. What is measured gets managed. We all know that, but how many of us apply the principle to our energy bills. With assistance from ecoVaro, the possible becomes real.

We offer a similar service to the Bouygues model with one notable exception. You don’t buy the software and you only pay when you use it. Our systems are simply designed for busy financial managers.

9 Cloud Security Questions you need to ask Service Providers

Companies in Ireland and the UK who are considering cloud adoption might already have a general idea of the security risks inherent in cloud computing. However, since different providers may not offer the same levels of risk mitigation, it is important to know which providers can give sufficient assurance on cloud security.

Here are 10 cloud security questions to ask service providers vying for your attention.

1. Where will my data be located?

There are a variety of reasons why you will want to ask this question. One big reason is that there are certain countries that don’t have strict legislation (or any legislation at all) pertaining to cloud computing. In that case, the provider won’t be as motivated to apply high levels of risk mitigation.

So if your data is hosted off shore, then you might want to reconsider or at least conduct a deeper study regarding the security conditions there.

2. Do you have provisions for regulatory compliance?

Certain standards and regulations (e.g. PCI DSS and possibly the EU Data Protection Directive) have specific guidelines pertaining to data stored in the cloud. If your organisation is covered by any of these legislation, then you need to know whether your provider can help you meet requirements for compliance.

3. Who will have access to my data?

In a cloud environment, where your data is going to be managed by people who aren’t under your direct supervision, you’ll have to worry as much about internal threats as you would with external threats.

Therefore, you need to know how many individuals will have access to your data. You also need to know relevant information such as how admins and technicians with data access rights are screened prior to getting hired. You also need to determine what access controls are being implemented.

4. How is data segregated?

Since there will be other clients, you will want to know how your data is going to be segregated from theirs. Is there any possibility of an accidental or intentional data breach due to poor data segregation? Find out if your data is going to be encrypted and how strong the encryption algorithm is.

5. How will you support investigative activities?

Sometimes, even if strong cloud security measures are in place, a data breach can still happen. If it does happen, the provider should have ways to track each user/administrator’s activity that can sufficiently support a detailed data forensics investigation.

Find out whether logs are being kept and how detailed they are.

6. Are we protected by a Disaster Recovery/Business Continuity plan? How?

Don’t be fooled by sales talk of 100% up-time. Even the most robust cloud infrastructures can suffer outages too. But the important thing is that, when they do fail, they should be able to get up and running in the soonest time possible.

Don’t just ask about their guaranteed RPOs and RTOs. Find out whether your data and applications will be replicated across multiple sites. Unless the provider says they will be, you need to find a provider with a better infrastructure.

7. Can I get copies of my VMs?

In a cloud infrastructure, your servers are actually in the form of files known as virtual machines (VMs). Because VMs are just files, they should be easily copied. There may be issues though, like the VMs might be stored in a not-so-popular proprietary format. Another possible issue is that the provider may simply not allow copying.

Having copies of your VMs can be useful should you later on decide to transfer to another provider or even duplicate your cloud infrastructure on your own.

8. What will happen to my data when I scale down?

One outstanding benefit of cloud computing is that when your business demands drop, you can easily scale down computing resources and reduce your cloud spending. ?But what will happen to your data when you decommission virtual servers? Will they be discarded?

You might want your data to be retained up to a certain period. On the other hand, you might also want them to be deleted immediately. Ask about the provider’s data deletion/data retention policies and see if they are in line with yours.

9. What will happen to my data if I decide to close my account?

There might come a time when you’ll want to terminate your contract with your cloud provider. Just like in issue #8, you’ll want to find out more about data deletion/data retention policies.

Although some providers can give you detailed answers, many of these answers can include a lot of technical jargon that can leave you totally confused. If you want someone you can trust to:

simplify those answers;
help you pick the right cloud service provider, and
even make sure cloud security is really upheld once your cloud engagement is ?under way

Contact Us

(+353)(0)1-443-3807 – IRL
(+44)(0)20-7193-9751 – UK