Spreadsheet Risk Issues

It is interesting to note that the riskiness of operational spreadsheets are overlooked even by companies with high standards of risk management. Only when errors amount to actual losses do they realize that these risks have been staring them in the face all along.

Common spreadsheet risk issues

Susceptibility to trivial manual errors

Due to the fundamental structure of spreadsheets, a slight change in the formula or value in any of their inhabited cells may already affect their overall output. An

  • accidental copy-paste,
  • omission of a negative sign,
  • erroneous range selection,
  • incorrect data input or
  • unintentional deletion of a character,cell, range, column, or row

are just some of the simple errors spreadsheet users frequently encounter. Rarely are there any counter-checking controls in place in a spreadsheet-based activity and manual errors therefore easily go undetected.

Possibility of the user working on the wrong version

How do you store spreadsheet files?

Since the most common reports are usually generated on a monthly basis, users tend to store them using variations of these two configurations:

spreadsheet storage

If you notice, a user can accidentally work on the wrong version with any of these structures.

Prone to inconsistent company-wide reporting

This happens when a summary or ?final? spreadsheet is fed information by different departments coming from their own spreadsheets. Even if most of the data in their spreadsheets come from one source (the company-wide database), erroneous copy-pasting and linking, or even different interpretations of the same data can result to contradicting information in the end.

Often defenceless against unauthorised access

Some spreadsheets contain information needed by various individuals or department units in an organisation. Hence, they are often shared via email or through shared folders in a network. Now, because spreadsheets don’t normally use any access control, any user can easily open a spreadsheet file and view or modify the contents as he wishes.

Highly vulnerable to fraud

A complex spreadsheet system with zero or very minimal controls provides the perfect setting for would-be fraudsters. Hidden cells with malicious formulas and links to bogus information can go unnoticed for a long time especially if the final figures don’t deviate much from expected values.

Spreadsheet risk mitigation solutions may not suffice

Inherent complexity makes testing and logic inspection very time consuming

Deep testing can uncover possible errors hidden in spreadsheet cells and consequently mitigate risks. But spreadsheets used to support financial reporting are normally large, complex, highly-personalised and, without ample supporting documentation, understandably hard to follow.

No clear ownership of risk management responsibilities

There?s always a dilemma when an organisation starts assigning risk management responsibilities for spreadsheets. IT personnel believe users in the business side of the organisation should be responsible since they are the ones who create, edit, store, duplicate, and share the spreadsheet files. On the other hand, users believe IT should be responsible since they have always been in-charge of managing IT infrastructure, applications, and files.

To get rid of spreadsheet risks, you’ll have to get rid of spreadsheets altogether

One remedy is to have a risk management activity that involves both IT personnel and spreadsheet users. But wouldn’t you want to get rid of the complexity of having to distribute the responsibilities between the two parties instead of just one?

Learn more about Denizon’s server application solutions and how you can get rid of spreadsheet risk issues.

More Spreadsheet Blogs


Spreadsheet Risks in Banks


Top 10 Disadvantages of Spreadsheets


Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry


How Internal Auditors can win the War against Spreadsheet Fraud


Spreadsheet Reporting – No Room in your company in an age of Business Intelligence


Still looking for a Way to Consolidate Excel Spreadsheets?


Disadvantages of Spreadsheets


Spreadsheet woes – ill equipped for an Agile Business Environment


Spreadsheet Fraud


Spreadsheet Woes – Limited features for easy adoption of a control framework


Spreadsheet woes – Burden in SOX Compliance and other Regulations


Spreadsheet Risk Issues


Server Application Solutions – Don’t let Spreadsheets hold your Business back


Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

The Future of Cloud Backup and Recovery

We came across a post on Docurated that pulled together thirty-seven suggestions for the top cloud storage mistakes user companies make. Given that cloud storage seems to be the best backup solution for now at least, we decided to turn these ideas around to sense the direction cloud backup and recovery needs to take, if it is still to be relevant in say ten years? time.

Has Cloud Storage Largely Saturated the West?
It probably has. Outside of major corporates who make their own arrangements ? and SME?s that use free services by email providers ? the middle band of companies in Europe and America have found their service providers, although they may have never tested the recovery process, to see if it works.

The new gold rush in the cloud backup and recovery business is, or should be emerging markets in Asia, Africa, South America, and the Middle East. There, connectivity is brittler than over here. To be relevant in these fragile, more populous areas our cloud backup and recovery industry need to be more agile and nimble.

? It must provide a simpler service emerging commerce can afford, refresh its user interfaces in third world languages, have more accessible help, and be patient to explain how cloud storage works to newbies. In other words, it must source its call centre operators in the areas it serves.

? It must adapt to local connectivity standards, and stop expecting someone with ADSL broadband to keep up with cloud server networks running at up to 1GBPS compared to their 10MBPS at best. For user sourcing and retention purposes, these new cloud backup and recovery services must be the ones who adapt.

? It must facilitate disaster recovery simulations among its clients in calmer moments when things are going well. Are they backing up the right files, are they updating these, and are their brittle ADSL networks able to cope with their cloud service providers? upload and download speeds?

? It must develop lean and agile systems slim enough to accommodate a micro client starting out, but sufficiently elastic to transfer them seamlessly to big data performance. The Asian, African, South American, and Middle Eastern regions are volume driven, and individual economies of scale are still rare.

? It must not expect its users to know automatically what they need, and be honest to admit that Western solutions may be wrong-sized. Conversion funnels in the new gold rush are bound to be longer. Engagements there depend on trust, not elevator sales letters. Our competition in these countries already works this way.

? It must be honest and admit cloud storage is only part of the solution. To recruit and retain users it must step back to 1983, when Compuserve offered its customers 128k of disc space, and spent an amount of effort explaining how to filter what to put there.

Cloud Storage of Data is Only One Part of the Solution
Governance reports and stock certificates burn just as easily as do servers in a fire. We must not transfer bad habits to exciting new markets. We close this article with the thoughts of John Howie, COO of Cloud Security Alliance, as reported in the Docurated post we mentioned, and these apply across the globe, we believe.
There is no single most important thing to carry forward into the future of cloud backup and recovery. We must be mindful when moving data that this can be fragile too. We must also create layers of backup the way insurance companies re-insure, that make any one cloud backup and recovery business redundant if it happens.
We hold the trust of our customers in our hands but trust is delicate too. We must cease trying to make a pile of money quickly, and become more interested in ensuring that data transferred back and forth is synchronised. The cloud backup and recovery industry needs only one notorious mistake, to become redundant itself in the ten years we mentioned.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Eck Industries Sheds Fresh Light

William Eck began his business in 1948 in a 650m2 garage building. The aluminium foundry prospered, and now has an 18,500m2 factory in Manitowoc, Wisconsin employing 250 people casting a variety of casings. Like high-tech industries around the globe it needs effective illumination. After it measured its carbon footprint, it realised it needed energy efficient lighting too.

When Eck Industries began its review it had around 360 high-pressure sodium lights throughout the plant. Their operating cost was substantial. After taking independent advice from an independent agency they realised they needed to replace these with more energy-efficient fluorescent lights that consume half as much energy.

The feasibility team conducted performance tests to determine the optimum solution. After selecting enclosed, gasketed and waterproof T8 fluorescents (available in G13 bipin, single pin and recessed double contacts) they collaborated with the supplier to calculate the best combination of 4 and 6 bulb fixtures.

The fittings they chose cost $60,000 plus $10,000 installation. However a $33,000 energy rebate wrote down 47% of this immediately. They achieved further energy savings by attaching motion sensors to lights over low-traffic walkways.

The retrofit was a huge success, with an 8 month payback via a direct operating saving of $55,000 a year. Over and above enhanced illumination Eck Industries slashed 674,000 kilowatt hours off its annual lighting bill. During the 20 year design life, this equates to a total 13.5 million kilowatt hours. Other quantifiable benefits include 443 tons less carbon, 2 tons less sulphur dioxide, and 1 ton less nitrogen oxide per year.

Many companies face similar opportunities but fail to capitalise on them for a number of reasons. These may include not being aware of what is available, lacking technical insight, being short of working capital and simply being too busy to focus on them.

Eck Industries got several things right. Firstly, they consulted an independent specialist; secondly they trusted their supplier to provide honest advice, and thirdly they accepted that any significant saving is worth chasing down. Other spin-offs were safer, more attractive working conditions and an opportunity to take their foot off the carbon pedal. This is an excellent example of what is possible when you try.

If you have measured your illumination cost and are concerned about it (but are unsure what the metric means within the bigger picture) then Ecovaro offers online reports comparing it with your industry average, and highlights the cost-benefits of alternative lighting. 

Authentication and Access Control

Threats to your data can come from external or internal sources.

  1. There are individuals who don’t have the authorisation but are driven by malicious intentions to gain access to certain information. This may refer to individuals who already belong to your organisation (but don’t have the necessary access rights) as well as those who don’t.
  2. There are individuals who have both the authorisation and, unfortunately, the malicious intentions over certain information.
  3. Finally, there are individuals who have the authorisation, no malicious intentions, but have accidentally exposed the information in question to those without the proper authority.

While curbing threats 2 and 3 would require other methods, threat #1 can be countered if the right authentication and access control systems are in place.

Here’s what we can do for you:

  • Work with your key personnel to determine who gets access to what.
  • Help you decide whether a single factor or a two-factor authentication (2FA) is appropriate for your organisation and recommend which factors are most suitable. Login methods may include but are not limited to the following:
    • biometric devices
    • Kerberos tickets
    • mobile phones
    • passwords
    • PKI certificates
    • proximity cards
    • smart cards
    • tokens
  • Install the necessary infrastructure needed for the factors chosen. For instance, if you opt to use biometrics, then biometric scanners will be installed. We’ll make sure that the authentication terminals are situated in places where achieving optimal traffic and work flow has been taken into consideration.

Other defences we’re capable of putting up include:

Ready to work with Denizon?

Contact Us Today