Spreadsheet Woes – Burden in SOX Compliance and Other Regulations

End User Computing (EUC) or end User Developed Application (UDA) systems like spreadsheets used to be ideal ad-hoc solutions for data processing and financial reporting. But those days are long gone.

Today, due to regulations like the:

  • Sarbanes-Oxley (SOX) Act,
  • Dodd-Frank Act,
  • IFRS (International Financial Reporting Standards),
  • E.U. Data Protection Directive,
  • Basel II,
  • NAIC Model Audit Rules,
  • FAS 157,
  • yes, there?s more ? and counting

a company can be bogged down when it tries to comply with such regulations while maintaining spreadsheet-reliant financial and information systems.

In an age where regulatory compliance have become part of the norm, companies need to enforce more stringent control measures like version control, access control, testing, reconciliation, and many others, in order to pass audits and to ensure that their spreadsheets are giving them only accurate and reliable information.

Now, the problem is, these control measures aren’t exactly tailor-made for a spreadsheet environment. While yes, it is possible to set up a spreadsheet and EUC control environment that utilises best practices, this is a potentially expensive, laborious, and time-consuming exercise, and even then, the system will still not be as foolproof or efficient as the regulations call for.

Testing and reconciliation alone can cost a significant amount of time and money to be effective:

  1. It requires multiple testers who need to test spreadsheets down to the cell level.
  2. Testers will have to deal with terribly disorganized and complicated spreadsheet systems that typically involve single cells being fed information by other cells in other sheets, which in turn may be found in other workbooks, or in another folder.
  3. Each month, an organisation may have new spreadsheets with new links, new macros, new formulas, new locations, and hence new objects to test.
  4. Spreadsheets rarely come with any kind of supporting documentation and version control, further hampering the verification process.
  5. Because Windows won’t allow you to open two Excel files with the same name simultaneously and because a succession of monthly-revised spreadsheets separated by mere folders but still bearing the same name is common in spreadsheet systems, it would be difficult to compare one spreadsheet with any of its older versions.

But testing and reconciliation are just two of the many activities that make regulatory compliance terribly tedious for a spreadsheet-reliant organisation. Therefore, the sheer intricacy of spreadsheet systems make examining and maintaining them next to impossible.

On the other hand, you can’t afford not to take these regulations seriously. Non-compliance with regulatory mandates can have dire consequences, not the least of which is the loss of investor confidence. And when investors start to doubt the management’s capability, customers will start to walk away too. Now that is a loss your competitors will only be too happy to gain.

Learn more about our server application solutions and discover a better way to comply with regulations.

More Spreadsheet Blogs


Spreadsheet Risks in Banks


Top 10 Disadvantages of Spreadsheets


Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry


How Internal Auditors can win the War against Spreadsheet Fraud


Spreadsheet Reporting – No Room in your company in an age of Business Intelligence


Still looking for a Way to Consolidate Excel Spreadsheets?


Disadvantages of Spreadsheets


Spreadsheet woes – ill equipped for an Agile Business Environment


Spreadsheet Fraud


Spreadsheet Woes – Limited features for easy adoption of a control framework


Spreadsheet woes – Burden in SOX Compliance and other Regulations


Spreadsheet Risk Issues


Server Application Solutions – Don’t let Spreadsheets hold your Business back


Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

The Better Way of Applying Benford’s Law for Fraud Detection

Applying Benford’s Law on large collections of data is an effective way of detecting fraud. In this article, we?ll introduce you to Benford’s Law, talk about how auditors are employing it in fraud detection, and introduce you to a more effective way of integrating it into an IT solution.

Benford’s Law in a nutshell

Benford’s Law states that certain data sets – including certain accounting numbers – exhibit a non-uniform distribution of first digits. Simply put, if you gather all the first digits (e.g. 8 is the first digit of ?814 and 1 is the first digit of ?1768) of all the numbers that make up one of these data sets, the smallest digits will appear more frequently than the larger ones.

That is, according to Benford’s Law,

1 should comprise roughly 30.1% of all first digits;
2 should be 17.6%;
3 should be 12.5%;
4 should be 9.7%, and so on.

Notice that the 1s (ones) occur far more frequently than the rest. Those who are not familiar with Benford’s Law tend to assume that all digits should be distributed uniformly. So when fraudulent individuals tinker with accounting data, they may end up putting in more 9s or 8s than there actually should be.

Once an accounting data set is found to show a large deviation from this distribution, then auditors move in to make a closer inspection.

Benford’s Law spreadsheets and templates

Because Benford’s Law has been proven to be effective in discovering unnaturally-behaving data sets (such as those manipulated by fraudsters), many auditors have created simple software solutions that apply this law. Most of these solutions, owing to the fact that a large majority of accounting departments use spreadsheets, come in the form of spreadsheet templates.

You can easily find free downloadable spreadsheet templates that apply Benford’s Law as well as simple How-To articles that can help you to implement the law on your own existing spreadsheets. Just Google “Benford’s law template” or “Benford’s law spreadsheet”.

I suggest you try out some of them yourself to get a feel on how they work.

The problem with Benford’s Law when used on spreadsheets

There’s actually another reason why I wanted you to try those spreadsheet templates and How-To’s yourself. I wanted you to see how susceptible these solutions are to trivial errors. Whenever you work on these spreadsheet templates – or your own spreadsheets for that matter – when implementing Benford’s Law, you can commit mistakes when copy-pasting values, specifying ranges, entering formulas, and so on.

Furthermore, some of the data might be located in different spreadsheets, which can likewise by found in different departments and have to be emailed for consolidation. The departments who own this data will have to extract the needed data from their own spreadsheets, transfer them to another spreadsheet, and send them to the person in-charge of consolidation.

These activities can introduce errors as well. That’s why we think that, while Benford’s Law can be an effective tool for detecting fraud, spreadsheet-based working environments can taint the entire fraud detection process.

There?s actually a better IT solution where you can use Benford’s Law.

Why a server-based solution works better

In order to apply Benford’s Law more effectively, you need to use it in an environment that implements better controls than what spreadsheets can offer. What we propose is a server-based system.

In a server-based system, your data is placed in a secure database. People who want to input data or access existing data will have to go through access controls such as login procedures. These systems also have features that log access history so that you can trace who accessed which and when.

If Benford’s Law is integrated into such a system, there would be no need for any error-prone copy-pasting activities because all the data is stored in one place. Thus, fraud detection initiatives can be much faster and more reliable.

You can get more information on this site regarding the disadvantages of spreadsheets. We can also tell you more about the advantages of server application solutions.

2015 ESOS Guidelines Chapter 3 to 5 ? The ESOS Assessment

ESOS operates in tandem with the ISO 50001 (Energy Management) system that encourages continual improvement in the efficient use of energy. Any UK enterprise qualifying for ESOS that has current ISO 50001 certification on the compliance date by an approved body (and that covers the entire UK corporate group) may present this as evidence of having completed its ESOS assessment. It does however still require board-level certification, following which it must notify the Environment Agency accordingly.

The Alternate ESOS Route

In the absence of an ISO 50001 energy management certificate addressing comprehensive energy use, a qualifying UK enterprise must:

  1. Measure Total Energy Consumption in either kWh or energy spend in pounds sterling, and across the entire operation including buildings, industrial processes and transport.
  2. Identify Areas of Significant Energy Consumption that account for at least 90% of the total. The balance falls into a de minimis group that is officially too trivial to merit consideration.
  1. Consider Available Routes to Compliance. These could include ISO 500001 part-certification, display energy certificates, green deal assessments, ESOS compliant energy audits, self-audits and independent assessments
  1. Do an Internal Review to make sure that you have covered every area of significant consumption. This is an important strategic step to avoid the possibility of failing to comply completely.
  1. Appoint an Approved Lead Assessor who may be internal or external to your enterprise, but must have ESOS approval. This person confirms you have met all ESOS requirements (unless you have no de minimis exceptions).
  1. Obtain Internal Certification by one of more board-level directors. They must certify they are satisfied with the veracity of the reports. They must also confirm that the enterprise is compliant with the scheme.
  1. Notify the Environment Agency of Compliance within the deadline using the online notification system as soon as the enterprise believes is fully compliant.
  1. Assemble your ESOS Evidential Pack and back it up in a safe place. Remember, it is your responsibility to provide proof of the above. Unearthing evidence a year later it not something to look forward to.

The ESOS assessment process is largely self-regulatory, although there are checks and balances in place including lead assessor and board-level certifications. As you work through what may seem to be a nuisance remember the primary objectives. These are saving money and reducing carbon emissions. Contact ecoVaro if we can assist in any way.

Competencies, Roles and Responsibilities of Lead Assessors

Any organisation that opts for energy audits, Display of Energy Certificates and Green Deal Assessments needs a lead assessor to review the chosen ESOS compliance routes. The Derivative provides that energy audits should be carried out independently by qualified and accredited experts. Additionally, these audits should be implemented as well as supervised by independent authorities under the national legislation.

Lead assessors undertake several roles in ESOS assessments. He or she is the one responsible to take the lead of the entire assessment team, prepare the plan, conduct the meetings and submit the formal report to governing authorities. Nevertheless, selecting an appropriate lead assessor is an important element that every organisation should carefully consider.

Competencies Requirements of Lead Assessors

Lead assessors should be knowledgeable enough with in-depth expertise in carrying out energy efficiency assessment. They should also possess foundational, functional and technical competencies to deliver the task effectively. Likewise, consider the assessors? sector experiences, familiarity with your business? technologies and properties, and accreditation with prescribed standards.

As you choose your lead assessor, contemplate on the skills and qualifications that would give your organisation benefits.

Roles and Responsibilities of Lead Assessors

The business organisation is responsible for the overall legal ESOS compliance. Moreover, here are some of the roles and responsibilities that lead assessors should assume in ESOS assessments.

The lead assessor agrees on the audit methodologies that the organisation would undergo in new audits. He or she agrees with the ESOS participant regarding the audit timetable, sampling approach and visits required. It is also the lead assessor?s role to identify the opportunities on energy saving and assist in calculating the cost savings from the measures taken. During the ESOS audits, the lead assessor determines the energy use profiles, presents the recommendations and reviews the entire assessment as a whole. Furthermore, he or she should maintain the evidence pack of the ESOS to uphold the audit’s credibility, its findings and recommendations.

Finding Lead Assessors

Energy and environment professionals would only be able to demonstrate their expertise as lead assessors upon registering in a professional body accredited by the Environment Agency. Any business that needs a lead assessor is advised to check on the EA?s website to see the details of approved registers.

Lead assessors can either be in-house experts or external professionals. However, they should be able to provide proof of membership as an approved register to take the role of a lead assessor. If the organisation has an internal lead assessor, the company should then take the final ESOS assessment to two board-level directors that would sign the formal report.

Indeed, the lead assessor is an organisation’s partner when it comes to delivering great results. With good professional conduct and excellent management of an assessment team, the lead assessor can help achieve breakthrough energy efficiency strategies. More than anything else, the organisation will benefit from maximum energy savings opportunities ahead. Thus, every qualified business enterprise should invest in finding the best lead assessor to guide them towards success.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today