Spreadsheet Risk Issues

It is interesting to note that the riskiness of operational spreadsheets are overlooked even by companies with high standards of risk management. Only when errors amount to actual losses do they realize that these risks have been staring them in the face all along.

Common spreadsheet risk issues

Susceptibility to trivial manual errors

Due to the fundamental structure of spreadsheets, a slight change in the formula or value in any of their inhabited cells may already affect their overall output. An

  • accidental copy-paste,
  • omission of a negative sign,
  • erroneous range selection,
  • incorrect data input or
  • unintentional deletion of a character,cell, range, column, or row

are just some of the simple errors spreadsheet users frequently encounter. Rarely are there any counter-checking controls in place in a spreadsheet-based activity and manual errors therefore easily go undetected.

Possibility of the user working on the wrong version

How do you store spreadsheet files?

Since the most common reports are usually generated on a monthly basis, users tend to store them using variations of these two configurations:

spreadsheet storage

If you notice, a user can accidentally work on the wrong version with any of these structures.

Prone to inconsistent company-wide reporting

This happens when a summary or ?final? spreadsheet is fed information by different departments coming from their own spreadsheets. Even if most of the data in their spreadsheets come from one source (the company-wide database), erroneous copy-pasting and linking, or even different interpretations of the same data can result to contradicting information in the end.

Often defenceless against unauthorised access

Some spreadsheets contain information needed by various individuals or department units in an organisation. Hence, they are often shared via email or through shared folders in a network. Now, because spreadsheets don’t normally use any access control, any user can easily open a spreadsheet file and view or modify the contents as he wishes.

Highly vulnerable to fraud

A complex spreadsheet system with zero or very minimal controls provides the perfect setting for would-be fraudsters. Hidden cells with malicious formulas and links to bogus information can go unnoticed for a long time especially if the final figures don’t deviate much from expected values.

Spreadsheet risk mitigation solutions may not suffice

Inherent complexity makes testing and logic inspection very time consuming

Deep testing can uncover possible errors hidden in spreadsheet cells and consequently mitigate risks. But spreadsheets used to support financial reporting are normally large, complex, highly-personalised and, without ample supporting documentation, understandably hard to follow.

No clear ownership of risk management responsibilities

There?s always a dilemma when an organisation starts assigning risk management responsibilities for spreadsheets. IT personnel believe users in the business side of the organisation should be responsible since they are the ones who create, edit, store, duplicate, and share the spreadsheet files. On the other hand, users believe IT should be responsible since they have always been in-charge of managing IT infrastructure, applications, and files.

To get rid of spreadsheet risks, you’ll have to get rid of spreadsheets altogether

One remedy is to have a risk management activity that involves both IT personnel and spreadsheet users. But wouldn’t you want to get rid of the complexity of having to distribute the responsibilities between the two parties instead of just one?

Learn more about Denizon’s server application solutions and how you can get rid of spreadsheet risk issues.

More Spreadsheet Blogs


Spreadsheet Risks in Banks


Top 10 Disadvantages of Spreadsheets


Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry


How Internal Auditors can win the War against Spreadsheet Fraud


Spreadsheet Reporting – No Room in your company in an age of Business Intelligence


Still looking for a Way to Consolidate Excel Spreadsheets?


Disadvantages of Spreadsheets


Spreadsheet woes – ill equipped for an Agile Business Environment


Spreadsheet Fraud


Spreadsheet Woes – Limited features for easy adoption of a control framework


Spreadsheet woes – Burden in SOX Compliance and other Regulations


Spreadsheet Risk Issues


Server Application Solutions – Don’t let Spreadsheets hold your Business back


Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

The Better Way of Applying Benford’s Law for Fraud Detection

Applying Benford’s Law on large collections of data is an effective way of detecting fraud. In this article, we?ll introduce you to Benford’s Law, talk about how auditors are employing it in fraud detection, and introduce you to a more effective way of integrating it into an IT solution.

Benford’s Law in a nutshell

Benford’s Law states that certain data sets – including certain accounting numbers – exhibit a non-uniform distribution of first digits. Simply put, if you gather all the first digits (e.g. 8 is the first digit of ?814 and 1 is the first digit of ?1768) of all the numbers that make up one of these data sets, the smallest digits will appear more frequently than the larger ones.

That is, according to Benford’s Law,

1 should comprise roughly 30.1% of all first digits;
2 should be 17.6%;
3 should be 12.5%;
4 should be 9.7%, and so on.

Notice that the 1s (ones) occur far more frequently than the rest. Those who are not familiar with Benford’s Law tend to assume that all digits should be distributed uniformly. So when fraudulent individuals tinker with accounting data, they may end up putting in more 9s or 8s than there actually should be.

Once an accounting data set is found to show a large deviation from this distribution, then auditors move in to make a closer inspection.

Benford’s Law spreadsheets and templates

Because Benford’s Law has been proven to be effective in discovering unnaturally-behaving data sets (such as those manipulated by fraudsters), many auditors have created simple software solutions that apply this law. Most of these solutions, owing to the fact that a large majority of accounting departments use spreadsheets, come in the form of spreadsheet templates.

You can easily find free downloadable spreadsheet templates that apply Benford’s Law as well as simple How-To articles that can help you to implement the law on your own existing spreadsheets. Just Google “Benford’s law template” or “Benford’s law spreadsheet”.

I suggest you try out some of them yourself to get a feel on how they work.

The problem with Benford’s Law when used on spreadsheets

There’s actually another reason why I wanted you to try those spreadsheet templates and How-To’s yourself. I wanted you to see how susceptible these solutions are to trivial errors. Whenever you work on these spreadsheet templates – or your own spreadsheets for that matter – when implementing Benford’s Law, you can commit mistakes when copy-pasting values, specifying ranges, entering formulas, and so on.

Furthermore, some of the data might be located in different spreadsheets, which can likewise by found in different departments and have to be emailed for consolidation. The departments who own this data will have to extract the needed data from their own spreadsheets, transfer them to another spreadsheet, and send them to the person in-charge of consolidation.

These activities can introduce errors as well. That’s why we think that, while Benford’s Law can be an effective tool for detecting fraud, spreadsheet-based working environments can taint the entire fraud detection process.

There?s actually a better IT solution where you can use Benford’s Law.

Why a server-based solution works better

In order to apply Benford’s Law more effectively, you need to use it in an environment that implements better controls than what spreadsheets can offer. What we propose is a server-based system.

In a server-based system, your data is placed in a secure database. People who want to input data or access existing data will have to go through access controls such as login procedures. These systems also have features that log access history so that you can trace who accessed which and when.

If Benford’s Law is integrated into such a system, there would be no need for any error-prone copy-pasting activities because all the data is stored in one place. Thus, fraud detection initiatives can be much faster and more reliable.

You can get more information on this site regarding the disadvantages of spreadsheets. We can also tell you more about the advantages of server application solutions.

Cloud Computing Trends: Where is the Cloud Headed Next?

Cloud adoption has been quick and painless at the consumer level. For instance, everyone’s on Gmail, YouTube, Facebook and Twitter on a daily basis yet most think nothing of the fact that they’re already using cloud-based services. Small businesses have also discovered how cloud solutions have raised efficiency in the workplace up a notch or two, while also bringing about significant cost savings. Cloud applications, particularly those for communication, file sharing, office software, backup and storage, and customer management, have rapidly grown in usage among SMBs.

In the same manner, large corporations are starting to see the potential of moving some of their IT department, whether its infrastructure or network management, to the cloud. By all indications it would seem that whether we are ready for it or not, cloud computing technology is here for the long haul.

So where is the cloud headed to next? In this post we examine the trends in the world of cloud computing and what likely lies in store in the near future for cloud users.

Focus on Security

Security has always been a key concern in the cloud computing industry and this will not go away anytime soon. If anything, data security in the cloud will only get to be in the limelight even more as cloud adopters grow in number. That’s why we expect professional cloud services providers to start implementing measures that will help slowly build up confidence in cloud security.

We should soon see more advanced security techniques and protocols that would increase the overall level of privacy and protection for cloud-stored information. Tighter security for login encryptions and prevention of unauthorized access are priority although there are a lot more issues that may need to be addressed. Now it remains to be seen whether these moves are enough for corporate clients to put their full trust in the cloud. But then again, they can always find ways to stay secure while making use of cloud computing where they can, which brings us to the next cloud trend.

Hybrid Approach

Large businesses are taking a longer time to get used to and actually use cloud services, and understandably so. After all, these companies have more at stake when it comes to dealing with such valid issues as security, compliance, outages, legacy systems, and more. However, they also cannot ignore the very appealing characteristics of the cloud. For big companies that have substantial IT needs, scalability, business agility, and faster deployment are listed as the biggest draws of the cloud.

This is why analysts predict that as as these businesses look toward leveraging the benefits of the cloud while at the same time maintaining control over mission critical data and systems, the use of a hybrid approach, i.e. putting some services in a public and at the same time opting to utilize a private cloud for other applications, will see enormous growth.

Mobile Cloud Computing

The BYOD or Bring Your Own Device business policy is another emerging trend that would not have been possible if not for cloud technology. This practice involves having employees bring their mobile devices to work, allowing them to access company files, data, and applications from their personally-owned gadgets in and out of the workplace.

As with any new business practice, the concept of BYOD can be both advantageous and disadvantageous. On the one hand, some believe it helps increase employee productivity and lifts their morale, while reducing overall IT costs. On the other hand, BYOD also opens up a whole new set of problems that are quite consistent with what many businesses take issue with with cloud technology: security. Do the pros outweigh the cons or vice versa? This much isn’t clear yet but what is evident is that more cloud apps are going mobile.

Efficiency, Innovation

While cost savings has always been one benefit that cloud proponents are quick to point out, its capability to improve and streamline business processes, thereby increasing efficiency and agility within the organization, is another key opportunity that the cloud offers. This is evident when you take a look at the most commonly used cloud services: backup and archiving, business continuity, collaboration tools, and big data processing.

Moreover, the cloud is making it easier for individuals to create new products and produce new lines of business. With access to higher IT capacity at lesser cost and at faster deployment rates, businesses can scale into more innovation without having to worry about the availability of computing resources.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Excel Spreadsheet Conversion to SQL Reports

Spreadsheets are flexible, inexpensive and easy to use. They are especially handy when it comes to beating report submission deadlines or making impromptu data computations.

Unfortunately, organisations heavy reliance on spreadsheets have made these User Developed Applications (UDA) into high-risk office tools. Simple spreadsheet errors like leaving out a negative sign or a cut-and-paste mistake have already caused million-dollar discrepancies. Also, when a fraudulent employee enters into the picture, the risks become unimaginable.
Think TransAlta’s spreadsheet cut-and-paste glitch (the company later called this a ‘simple clerical error’) which caused the energy firm a whopping $24 million loss or Fidelity’s overstatement of its earnings owing to the omission of the minus sign on the spreadsheet of a $1.3 billion net capital loss.

Denizon can convert your Excel Spreadsheets to a web based SQL Server Reporting Services (SSRS). It does not import Excel data, rather it allows the creation and deployment of reports in a more efficient manner by querying the data.

So what is the problem with Spreadsheets?

  • Plagued with risk issues and vulnerable to fraud
  • Lacking in control features especially when copied, edited and emailed between many users
  • A burden to regulation compliance e.g. SOX (Sarbanes-Oxley)
Moreover:
  • Accidental copy-paste/Omission of a negative sign/Erroneous range selection
  • Incorrect data input or unintentional deletion of a character, cell, range, column, or row
  • Possibility of the user working on the wrong version
  • Prone to inconsistent company-wide reporting
  • Often ‘defenceless’ against unauthorised access

See Top 10 Disadvantages of Spreadsheets

What makes SQL Server Reporting Services better than Spreadsheets?

  • Free from spreadsheet risks & equipped with built-in controls that substantially reduce risks to data
  • Less prone to fraud
  • More suitable for regulatory compliance e.g. SOX
  • Designed for an agile business environment

Automatic consolidation eliminates errors and wasted time caused by tedious copy-pasting of data and linking of cells
Better collaboration capabilities allows team members to bring their heads together for planning, budgeting, and reporting even while on the go
Mobility support enables users to input data or retrieve information through their wireless mobile device

Superior sharing features ensures that everyone is exactly on the same page and viewing real-time information
Dashboards provide insightful information at-a-glance through KPIs, graphs, and various metrics
Drill-downs enable users to investigate unusual figures and gain a better understanding of the details that contribute to the big picture
Easy to learn interfaces allow your organisation to cope with fast personnel turnaround or Mergers & Acquisitions

Don’t know how to shift from Spreadsheets to SQL Server Reporting Services?

We’ve got the knowledge and expertise to assist you in:

  • Making a smooth and cost-efficient transition from risky spreadsheets to reliable reports
  • Designing and implementing SOX-compliant report-generating methods and procedures
  • Putting exposure to high-risk reporting methods a thing of the past

Ready to work with Denizon?

Contact Us Today