Spreadsheet Woes – Burden in SOX Compliance and Other Regulations

End User Computing (EUC) or end User Developed Application (UDA) systems like spreadsheets used to be ideal ad-hoc solutions for data processing and financial reporting. But those days are long gone.

Today, due to regulations like the:

  • Sarbanes-Oxley (SOX) Act,
  • Dodd-Frank Act,
  • IFRS (International Financial Reporting Standards),
  • E.U. Data Protection Directive,
  • Basel II,
  • NAIC Model Audit Rules,
  • FAS 157,
  • yes, there?s more ? and counting

a company can be bogged down when it tries to comply with such regulations while maintaining spreadsheet-reliant financial and information systems.

In an age where regulatory compliance have become part of the norm, companies need to enforce more stringent control measures like version control, access control, testing, reconciliation, and many others, in order to pass audits and to ensure that their spreadsheets are giving them only accurate and reliable information.

Now, the problem is, these control measures aren’t exactly tailor-made for a spreadsheet environment. While yes, it is possible to set up a spreadsheet and EUC control environment that utilises best practices, this is a potentially expensive, laborious, and time-consuming exercise, and even then, the system will still not be as foolproof or efficient as the regulations call for.

Testing and reconciliation alone can cost a significant amount of time and money to be effective:

  1. It requires multiple testers who need to test spreadsheets down to the cell level.
  2. Testers will have to deal with terribly disorganized and complicated spreadsheet systems that typically involve single cells being fed information by other cells in other sheets, which in turn may be found in other workbooks, or in another folder.
  3. Each month, an organisation may have new spreadsheets with new links, new macros, new formulas, new locations, and hence new objects to test.
  4. Spreadsheets rarely come with any kind of supporting documentation and version control, further hampering the verification process.
  5. Because Windows won’t allow you to open two Excel files with the same name simultaneously and because a succession of monthly-revised spreadsheets separated by mere folders but still bearing the same name is common in spreadsheet systems, it would be difficult to compare one spreadsheet with any of its older versions.

But testing and reconciliation are just two of the many activities that make regulatory compliance terribly tedious for a spreadsheet-reliant organisation. Therefore, the sheer intricacy of spreadsheet systems make examining and maintaining them next to impossible.

On the other hand, you can’t afford not to take these regulations seriously. Non-compliance with regulatory mandates can have dire consequences, not the least of which is the loss of investor confidence. And when investors start to doubt the management’s capability, customers will start to walk away too. Now that is a loss your competitors will only be too happy to gain.

Learn more about our server application solutions and discover a better way to comply with regulations.

More Spreadsheet Blogs


Spreadsheet Risks in Banks


Top 10 Disadvantages of Spreadsheets


Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry


How Internal Auditors can win the War against Spreadsheet Fraud


Spreadsheet Reporting – No Room in your company in an age of Business Intelligence


Still looking for a Way to Consolidate Excel Spreadsheets?


Disadvantages of Spreadsheets


Spreadsheet woes – ill equipped for an Agile Business Environment


Spreadsheet Fraud


Spreadsheet Woes – Limited features for easy adoption of a control framework


Spreadsheet woes – Burden in SOX Compliance and other Regulations


Spreadsheet Risk Issues


Server Application Solutions – Don’t let Spreadsheets hold your Business back


Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Excel Spreadsheet Conversion to SQL Reports

Spreadsheets are flexible, inexpensive and easy to use. They are especially handy when it comes to beating report submission deadlines or making impromptu data computations.

Unfortunately, organisations heavy reliance on spreadsheets have made these User Developed Applications (UDA) into high-risk office tools. Simple spreadsheet errors like leaving out a negative sign or a cut-and-paste mistake have already caused million-dollar discrepancies. Also, when a fraudulent employee enters into the picture, the risks become unimaginable.
Think TransAlta’s spreadsheet cut-and-paste glitch (the company later called this a ‘simple clerical error’) which caused the energy firm a whopping $24 million loss or Fidelity’s overstatement of its earnings owing to the omission of the minus sign on the spreadsheet of a $1.3 billion net capital loss.

Denizon can convert your Excel Spreadsheets to a web based SQL Server Reporting Services (SSRS). It does not import Excel data, rather it allows the creation and deployment of reports in a more efficient manner by querying the data.

So what is the problem with Spreadsheets?

  • Plagued with risk issues and vulnerable to fraud
  • Lacking in control features especially when copied, edited and emailed between many users
  • A burden to regulation compliance e.g. SOX (Sarbanes-Oxley)
Moreover:
  • Accidental copy-paste/Omission of a negative sign/Erroneous range selection
  • Incorrect data input or unintentional deletion of a character, cell, range, column, or row
  • Possibility of the user working on the wrong version
  • Prone to inconsistent company-wide reporting
  • Often ‘defenceless’ against unauthorised access

See Top 10 Disadvantages of Spreadsheets

What makes SQL Server Reporting Services better than Spreadsheets?

  • Free from spreadsheet risks & equipped with built-in controls that substantially reduce risks to data
  • Less prone to fraud
  • More suitable for regulatory compliance e.g. SOX
  • Designed for an agile business environment

Automatic consolidation eliminates errors and wasted time caused by tedious copy-pasting of data and linking of cells
Better collaboration capabilities allows team members to bring their heads together for planning, budgeting, and reporting even while on the go
Mobility support enables users to input data or retrieve information through their wireless mobile device

Superior sharing features ensures that everyone is exactly on the same page and viewing real-time information
Dashboards provide insightful information at-a-glance through KPIs, graphs, and various metrics
Drill-downs enable users to investigate unusual figures and gain a better understanding of the details that contribute to the big picture
Easy to learn interfaces allow your organisation to cope with fast personnel turnaround or Mergers & Acquisitions

Don’t know how to shift from Spreadsheets to SQL Server Reporting Services?

We’ve got the knowledge and expertise to assist you in:

  • Making a smooth and cost-efficient transition from risky spreadsheets to reliable reports
  • Designing and implementing SOX-compliant report-generating methods and procedures
  • Putting exposure to high-risk reporting methods a thing of the past
The Rights of Individuals Under The General Data Protection Regulation

The General Data Protection Regulation or GDPR is a European Union law reinforcing the rights of citizens concerning the confidentiality of their information, and confirming that they own it. We thought it would be interesting to examine the GDPR effective 25 May 2018 from an Irish citizen?s perspective. This article is a summary of information on the Data Protection Commissioner?s website, but as viewed through a businessperson?s lens.

How the Office Defines Data Protection

The Office believes that organisations receiving personal details have a duty to keep them private and safe. This applies inter alia to information that individuals supply to government, financial institutions, insurance companies, medical providers, telecoms services, and lenders. It also applies to information provided when they open accounts.

This information may be on paper, on computers, or in video, voice, or photographic records. The true owners of this information, the individuals have a right:

  • To make sure that it is factually correct
  • To the assurance that it is shared responsibly
  • That all with access only use it for stated purposes

Any organisation requesting personal information must state who they are, what the information is for, why they need to have it, and to whom else they may provide it.

Consumer Rights to Access Their Personal Information

Private persons have a right under the GDPR to a copy of all their information held or processed by a business. The regulation refers to such businesses as ?data controllers? as opposed to owners, which is interesting. They have to provide both paper and digital data, and ‘related information?.

Data controller fees for this are discretionary within limits. The request may be denied under certain circumstances. The data controller may release information about children to parents and guardians, only if it considers a minor too young to understand its significance. Other third parties such as attorneys must prove they have consent.

Consumer Rights to Port Their Data to Different Services

Since the personal information belongs to the individual, they have a right not only to access it, but also to copy or move it from one digital environment to another. The GDPR requires this be ?in a safe way, without hindrance to usability?. An application could be a banking client that wants to upload their transaction history to a third party price comparison website.

However, the right to data portability only applies to data originally provided by the consumer. Moreover, an automated method must be available for porting. Data controllers must release the information in an open format, and may not charge for the porting service.

Consumer Rights to Complain About Personal Data Abuse

Individuals have a right under the General Data Protection Regulation to have their information rectified if they discover errors. This right extends to an assurance that third parties know about the changes – and who these third party entities are. Data controllers must respond within one month. If they decline the request, they must inform the complainant of their right to further remedial action.

If a data controller refuses to release personal information to the owner, or to correct errors, then the Data Protection Office has legal power to enforce the consumer?s rights. The complainant must make full disclosure of the history of their complaint, and the steps they have taken themselves to attempt to set things right.

Further Advice on Getting Things Ready for 25 May 2018

The General Data Protection Regulation has the full force of law from 25 May 2018 onward, and supersedes all applicable Irish laws, regulations, and policies from that date. We recommend incorporating rights of data owners who are also your customers into your immediate plans. We doubt that forgetting to do so will cut much sway with the Data Commissioner. Remember, you have one month to respond to consumer requests, and only one more month to close things out subject to the matter being complex.

Ready to work with Denizon?

Contact Us Today