Spreadsheet Woes – Limited Features For Easy Adoption of a Control Framework

Like it or not, regulations are here to stay and for a company to comply with them, its IT and financial systems will have to be equipped with a suitable control framework. One common stumbling block to such an implementation is a company?s over-reliance on spreadsheets.

Why is it so difficult to adopt controls for a system that’s reliant on spreadsheets? To understand this, let’s pinpoint some of the strongest, most powerful attributes of these User Developed Applications (UDA).

By nature, spreadsheets are the epitome of simplicity: easy to develop, easily accessible and easily altered. All computers in your workplace will most likely have them and everyone in your organization may be sharing them, making their own versions, and storing them in personal folders.

Sad to say though, these strengths are also control weaknesses and constitute the very reasons why spreadsheets require effective risk management.

Easy to develop. Being easy to develop, most spreadsheet systems are created by non-IT users who have limited knowledge on best control practices. Being constantly under time pressure, these ?developers? may also relegate documentation, security, and data verification to the back burner in favour of coming up with a timely report.

Easy to access. Information in a spreadsheet can be opened by practically anyone within the organization?s network. Who accessed what? And when? If anything goes wrong, it would be difficult to identify the culprit, and the failure to pinpoint responsibility for erroneous data could lead to bigger, more costly mistakes.

Easy to alter. Lastly, if the information is easy to access, then it can also be easily altered, consequently making reports more prone to both accidental errors and fraudulent modifications.

The rise of multimillion dollar scandals due to accidental and intentional spreadsheet errors have prompted regulatory bodies to publish guidelines for mitigating spreadsheet-associated risks. These controls include:

  • Change control
  • Version control
  • Access control
  • Input
  • Security and data integrity
  • Documentation
  • Development life cycle
  • Backup and archiving
  • Logic inspection/Testing
  • Segregation of duties/roles, and procedures
  • Analytics

In theory, these controls should be able to bring down risks considerably. However, because of the inherent nature of spreadsheets, such controls are rarely implemented effectively in the real world.

Take for example Security and Data Integrity. One of the most common causes of spreadsheet error is due to ?hardwiring?. This happens when values are inadvertently entered into a formula cell, naturally changing the logic of the spreadsheet.

As a way of control, cell locking can be applied on the formula cells to prevent users without the proper authority from making any changes. However, when reporting deadlines approach drawing spreadsheets to the forefront of data processing, more people are given access rights to the locked cells. Ironically, it is during these crunch times, when errors are most likely to happen.

Because the built-in features of a spreadsheet support none of the controls mentioned above, some companies are tempted to purchase control-enabling programs for spreadsheets just to continue using them for financial reporting. But although these programs can integrate the required controls, you?d still be interacting with the same complex and outdated interface: the spreadsheets.

Thus, these band-aid solutions may not suffice because the root cause of these problems are the spreadsheets themselves.

Learn more about our server application solutions and discover a better way to implement controls.

More Spreadsheet Blogs


Spreadsheet Risks in Banks


Top 10 Disadvantages of Spreadsheets


Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry


How Internal Auditors can win the War against Spreadsheet Fraud


Spreadsheet Reporting – No Room in your company in an age of Business Intelligence


Still looking for a Way to Consolidate Excel Spreadsheets?


Disadvantages of Spreadsheets


Spreadsheet woes – ill equipped for an Agile Business Environment


Spreadsheet Fraud


Spreadsheet Woes – Limited features for easy adoption of a control framework


Spreadsheet woes – Burden in SOX Compliance and other Regulations


Spreadsheet Risk Issues


Server Application Solutions – Don’t let Spreadsheets hold your Business back


Why Spreadsheets can send the pillars of Solvency II crashing down

Advert-Book-UK

amazon.co.uk

Advert-Book-USA

amazon.com

Check our similar posts

Implementing Matrix Management

Matrix management is a culture change. More than the hierarchical structures, lines of responsibilities, modes of communication and channels of decision-making, it is a concept that needs to be planned ahead and managed appropriately over time.

Implementing matrix management to any organization can be confusing. It is essential to ensure that it fits right to your business strategies, skills and competencies. With this, realizing matrix management should not be taken lightly. Careful stages should be considered, instead.

Here are the steps to proper implementation of matrix management:

Consider Your Business Context

You need to evaluate your organisation to analyse what are your development needs with regards to skills, products, services and market environment. This will help you decide on what type of matrix structure you will apply in your organisation. Consider the following questions in building up your context:

  • What is our strategy?
  • Where are the demands in our business?
  • What are the structures that our competitors currently employ?
  • What are the talents that my people possess?
  • What are other business organizations doing?

Set Your Implementation Scope

Next, you need to define the parameter and set the scope of your implementation. What area in your business do you think matrix management will successfully work? There are several things that you need to consider in setting your scope. You have to make sure that it works well with your overall business strategies, that it can be excellently communicated and easily understood. Also, you must ensure that you acquire the necessary talents and skills in the business to deliver the new system of responsibilities.

Implement the New Structure

When you have already decided what structure type you will implement, you are ready to give it a go. You will need to establish new communication channels so you can monitor the progress and receive feedback effectively.

Here?s how to apply the matrix structure:

  • Highlight your development needs
  • Define roles based on outputs and not inputs
  • Line up procedures and systems to support the structure and the behaviour that comes with it.
  • Invest in training and development
  • Support the key people in the structure by coaching them to better adapt in changes
  • Communicate regularly
  • Monitor progress and make necessary adjustments

Review the Matrix Structure, Roles and Responsibilities

Organisations that successfully implement matrix management adapt to the changes in their environment. With this, they do regular evaluations to highlight the need for changes and revisions. The review can either focus on the structure only or to the entire process as a whole. The results can alter the structure, the roles involved and the responsibilities taken.

The process of implementing matrix management follows a step-by step method. Each stage is equally important with the rest. Hence, if you plan to exploit it in your organisation, you have to recognise the purpose of each step and follow it appropriately. Balance is the key. And when you achieve stability in matrix management, amidst the complex changes in the world of business, then your organisational success is just around the corner.

How Bombardier Inc. scored a Bulls Eye

When travelling anywhere in the world on land, sea or air, chances are, you will travel courtesy of something made by aerospace and transportation company Bombardier based in Montreal, Canada. In 2009, it set itself the goal of carbon neutrality by 2020. In other words, it hoped to remove as much carbon dioxide from the atmosphere as it was putting in.

By 2012, Bombardier concluded it was not going to become carbon neutral by 2020 at its current rate of progress. It discounted purchasing carbon offsets because it believed it would serve its interests better by introducing new energy-saving products to market faster. That way, it would achieve its objectives vicariously through the decisions of its customers. But that was not all that forward-thinking Bombardier did. It also set itself the following inward-facing objectives:

  • Reduce carbon footprint through efficient use of energy and less emissions
  • Involve the Bombardier workforce to raise awareness of behaving responsibly
  • Implement sustainable initiatives to further reduce the company carbon footprint

Specific Examples

At its Wichita site, Bombardier (a) fitted a white roof and insulation reducing summer energy consumption by 40%, (b) added an energy recovery wheel to balance air circulation, and (c) introduced skylights with integrated controllers to lower energy consumption by lighting.

At Mirabel, it enhanced the flue-gas management system by adding a pressure differential damper.

At Belfast, Bombardier (a) optimised HVAC systems to reduce pressure on chilling and air-handling plants, (b) installed solar panels on the roof, and (c) obtained approval for a waste-to-energy plant that will convert 120,000 tonnes of non-recyclable waste material annually.

By the end of 2013, Bombardier had already beaten its immediate targets by:

  • Reducing energy consumption by 11% against 2009
  • Reducing greenhouse gas emission by 23% against 2009
  • Reducing water consumption by 6% against 2012

Future Plans

Bombardier will never stop striving to reach its goal of carbon neutrality by 2020. It has a number of other projects in the pipeline waiting for scarce resources to fund them. During 2014, it continued with energy efficient upgrades at its French, Hungarian, Polish, Swiss, and UK plants.

These include consumption monitoring systems, LEDs for workshop lighting, new heating systems, and outdoor energy-saving tower lighting. The monitoring is important because it helps Bombardier focus effort, and provides measured proof of progress.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Mobile Security

Today’s advanced enterprises make extensive use of mobile devices in order for team members to exchange information, collaborate, and carry out business whenever and wherever they need to. BlackBerries, iPhones, Google Phones, and other smartphones as well as PocketPCs and PDAs are now allowed wireless remote access to the enterprise network.

As a result, they introduce additional vulnerabilities into the system.

  • Bluetooth exploits and unencrypted passwords can allow malicious individuals to gain access to private information.
  • Various wireless technologies that have substantially simplified the task of transferring data have provided openings for malicious code. In addition, the diversity of these wireless technologies combined with the constrained environments of these devices have made it difficult to come up with an all-in-one solution.
  • All PocketPCs, PDAs and smartphones can be synchronised with PCs and laptops, giving malware an entry point into computers and networks. Memory cards are guilty of this too.
  • VoIP, which are usually unencrypted, allow other people to perform unauthorised capture and recording of private conversations.

Mobile security is still an emerging discipline. Because of this, many organisations that allow members’ mobile phone access into the network don’t actually have a specific security policy for such devices.

That’s why we’re here to help. We’ll conduct a thorough evaluation of your security policies and systems in relation to mobile devices and seal gaps we spot along the way. If you don’t have the needed policies or if what you have needs an overhaul, we’ll set everything up (including the needed applications and infrastructure) for you.

Once we’ve got everything in place, you won’t have to worry about the vulnerabilities mentioned earlier. In addition to that, your organisation will already be capable of preventing the following:

  • Access to company information when the phone ends up in the hands of anyone other than the authorised user.
  • Being billed for phone usage due to virus activity
  • Unauthorised phone activity monitoring through spyware
  • Other disruptions caused by mobile-based malware

Other defences we’re capable of putting up include:

Ready to work with Denizon?

Contact Us Today