Spreadsheet Woes – Limited Features For Easy Adoption of a Control Framework

Like it or not, regulations are here to stay and for a company to comply with them, its IT and financial systems will have to be equipped with a suitable control framework. One common stumbling block to such an implementation is a company?s over-reliance on spreadsheets.

Why is it so difficult to adopt controls for a system that’s reliant on spreadsheets? To understand this, let’s pinpoint some of the strongest, most powerful attributes of these User Developed Applications (UDA).

By nature, spreadsheets are the epitome of simplicity: easy to develop, easily accessible and easily altered. All computers in your workplace will most likely have them and everyone in your organization may be sharing them, making their own versions, and storing them in personal folders.

Sad to say though, these strengths are also control weaknesses and constitute the very reasons why spreadsheets require effective risk management.

Easy to develop. Being easy to develop, most spreadsheet systems are created by non-IT users who have limited knowledge on best control practices. Being constantly under time pressure, these ?developers? may also relegate documentation, security, and data verification to the back burner in favour of coming up with a timely report.

Easy to access. Information in a spreadsheet can be opened by practically anyone within the organization?s network. Who accessed what? And when? If anything goes wrong, it would be difficult to identify the culprit, and the failure to pinpoint responsibility for erroneous data could lead to bigger, more costly mistakes.

Easy to alter. Lastly, if the information is easy to access, then it can also be easily altered, consequently making reports more prone to both accidental errors and fraudulent modifications.

The rise of multimillion dollar scandals due to accidental and intentional spreadsheet errors have prompted regulatory bodies to publish guidelines for mitigating spreadsheet-associated risks. These controls include:

Change control
Version control
Access control
Input
Security and data integrity
Documentation
Development life cycle
Backup and archiving
Logic inspection/Testing
Segregation of duties/roles, and procedures
Analytics

In theory, these controls should be able to bring down risks considerably. However, because of the inherent nature of spreadsheets, such controls are rarely implemented effectively in the real world.

Take for example Security and Data Integrity. One of the most common causes of spreadsheet error is due to ?hardwiring?. This happens when values are inadvertently entered into a formula cell, naturally changing the logic of the spreadsheet.

As a way of control, cell locking can be applied on the formula cells to prevent users without the proper authority from making any changes. However, when reporting deadlines approach drawing spreadsheets to the forefront of data processing, more people are given access rights to the locked cells. Ironically, it is during these crunch times, when errors are most likely to happen.

Because the built-in features of a spreadsheet support none of the controls mentioned above, some companies are tempted to purchase control-enabling programs for spreadsheets just to continue using them for financial reporting. But although these programs can integrate the required controls, you?d still be interacting with the same complex and outdated interface: the spreadsheets.

Thus, these band-aid solutions may not suffice because the root cause of these problems are the spreadsheets themselves.

Learn more about our server application solutions and discover a better way to implement controls.

More Spreadsheet Blogs

Spreadsheet Risks in Banks

Top 10 Disadvantages of Spreadsheets

Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry

How Internal Auditors can win the War against Spreadsheet Fraud

Spreadsheet Reporting – No Room in your company in an age of Business Intelligence

Still looking for a Way to Consolidate Excel Spreadsheets?

Disadvantages of Spreadsheets

Spreadsheet woes – ill equipped for an Agile Business Environment

Spreadsheet Fraud

Spreadsheet Woes – Limited features for easy adoption of a control framework

Spreadsheet woes – Burden in SOX Compliance and other Regulations

Spreadsheet Risk Issues

Server Application Solutions – Don’t let Spreadsheets hold your Business back

Why Spreadsheets can send the pillars of Solvency II crashing down

amazon.co.uk

amazon.com

Check our similar posts

Is Your Project Agile, a Scrum or a Kanban?

Few projects pan out the way we expect when starting out. This is normal in any creative planning phase. We half suspect the ones that follow a straight line are the exceptions to the rule. Urban legend has it; Edison made a thousand prototypes before his first bulb lit up, and then went on to comment, ?genius is 1% inspiration, 99% perspiration?. Later, he added that many of life’s failures are people who did not realise just how close they were to success when they gave up.

So be it to this day, and so be it with project planning too. There is no one size fits all approach when it comes to it. Agile, Scrum and Kanban each have their supporters and places where they do well. Project planning often works best when we use a sequential combination of them, appropriate to what is currently happening on the ground.

Of the three, Agile is by far the most comprehensive. It provides a structure that begins with project vision / conceptualisation, and goes as far as celebration when the job is over, and retrospective discussion afterwards. However, the emphasis on daily planning meetings may dent freethinking, and even smother it.

Scrum on the other hand says ?forget all that bureaucracy?. There is a job to do and today is the day we are going to do it. Although the core Agile teamwork is still there it ignores macro project planning, and could not be bothered with staying in touch with customers. If using Scrum, it is best to give those jobs to someone else.

The joker in the pack is Kanban, It believes that rules are there to substitute for thought, and that true progress only comes from responsible freedom. It belongs in mature organisations that have passed through Scrum and Agile phases and have embarked on a voyage towards perfection.

That said, there can be no substitute for human leadership, especially when defined as the social influence that binds the efforts of others towards a single task.

How DevOps oils the Value Chain

DevOps ? a clipped compound of development and operations – is a way of working whereby software developers are in a team with project beneficiaries. A client centred approach extends the project plan to include the life cycle of the product or service, for which the software is developed.

We can then no longer speak of a software project for say Joe?s Accounting App. The software has no intrinsic value of its own. It follows that the software engineers are building an accounting app product. This is a small, crucially important distinction, because they are no longer in a silo with different business interests.

To take the analogy further, the developers are no longer contractors possibly trying to stretch out the process. They are members of Joe?s accounting company, and they are just as keen to get to market fast as Joe is to start earning income. DevOps uses this synergy to achieve the overarching business goal.

A Brief Introduction to OpsDev

You can skip this section if you already read this article. If not then you need to know that DevOps is a culture, not a working method. The three ?members? are the software developers, the beneficiaries, and a quality control mechanism. The developers break their task into smaller chunks instead of releasing the code to quality control as a single batch. As a result, the review process happens contiguously along these simplified lines.

Code	QC	Test	?	?	?
?	Code	QC	Test	?	?
?	?	Code	QC	Test	?
?	?	?	Code	QC	Test

Colour Key

Developers

Quality Control

Beneficiary

This is a marked improvement over the previously cumbersome method below.

Write the Code	?	Test the Code	?	Use the Code
?	Evaluate, Schedule for Next Review			?

Working quickly and releasing smaller amounts of code means the OpsDev team learns quickly from mistakes, and should come to product release ahead of any competitor using the older, more linear method. The shared method of working releases huge resources in terms of user experience and in-line QC practices. Instead of being in a silo working on its own, development finds it has a richer brief and more support from being ?on the same side of the organisation?.

The Key Role that Application Program Interfaces Play

Application Program Interfaces, or API?s for short, are building blocks for software applications. Using proprietary software-bridges speeds this process up. A good example would be the PayPal applications that we find on so many websites today. API?s are not just for commercial sites, and they can reduce costs and improve efficiency considerably.

The following diagram courtesy of TIBCO illustrates how second-party applications integrate with PayPal architecture via an API fa?ade.

The DevOps Revolution Continues ?

We close with some important insights from an interview with Jim Stoneham. He was general manager of the Yahoo Communities business unit, at the time Flickr became a part. ?Flickr was a codebase,? Jim recalls, ?that evolved to operate at high scale over 7 years – and continuing to scale while adding and refining features was no small challenge. During this transition, it was a huge advantage that there was such an integrated dev and ops team?

The ?maturity model? as engineers refer to DevOps status currently, enables developers to learn faster, and deploy upgrades ahead of their competitors. This means the client reaches and exceeds break-even sooner. DevOps lubricates the value chain so companies add value to a product faster. One reason it worked so well with Flickr, was the immense trust between Dev and Ops, and that is a lesson we should learn.

?We transformed from a team of employees to a team of owners. When you move at that speed, and are looking at the numbers and the results daily, your investment level radically changes. This just can’t happen in teams that release quarterly, and it’s difficult even with monthly cycles.? (Jim Stoneham)

Contact Us

(+353)(0)1-443-3807 – IRL
(+44)(0)20-7193-9751 – UK

Making Click-and-Collect click

In my previous post, I introduced you to integrated e-commerce and explained why it is the right way to extend your business online. If you already have a brick-and-mortar retailing business and you’re looking to improve your online presence, you could start offering a click-and-collect service.

With click-and-collect, customers order online and then collect their merchandise from one of the retailer?s local branches. Why would they want to do that?

Apparently, there are buyers who now prefer a click-and-collect service over the delivery service of a purely online retailer. With the latter, they sometimes have to wait forever for the delivery van to arrive or contend with a missed-delivery card.

Basically, customers who want both the convenience of placing orders online and better control of their time find click-and-collect a better option.

Last December 2011, IMRG (Interactive Media in Retail Group) reported a ?significant rise in the percentage of click-and-collect e-retail sales in the 3rd quarter of 2011?. This accounted for 10.4% of all e-retail sales in that quarter. More specifically, the gain was 7.4%, which was also the strongest quarterly gain since IMRG started collecting this data.

Clearly, this particular service is gaining popularity. But how do you meet the rising demand in this area?

A click-and-collect service requires a highly synchronised ecosystem. You don’t want to have a customer order items from your online store, drive a couple of minutes from his house to your nearest outlet, only to find out that one of the items is no longer available.

This can only work if all systems involved are interconnected. Changes in the inventory in your individual outlets should reflect on your database in real time. In turn, these changes have to be reflected instantly on your online store. Conversely, once a buyer has picked items online and is already directed to a local outlet, those items have to be reserved there.

But that’s not all. Your system has to be seamless enough to support fast and reliable service. You don’t want your buyer to have to wait a long time before the items are ready for pick-up. It also has to be capable of tracking the status of ordered products, handling uncollected orders, and monitoring inventory.

By implementing an integrated e-commerce system, these won’t be the only things you?d be able to do. You can even add more value to your service. For example, you can connect to your CRM and learn more about your customers? purchase history, buying habits, and preferences.

That way, it would be easier for you to provide a faster and more convenient buying experience for them in the future.

Click-and-collect is a very promising way to increase your sales and improve customer loyalty.