Spreadsheet Woes – Limited Features For Easy Adoption of a Control Framework

Like it or not, regulations are here to stay and for a company to comply with them, its IT and financial systems will have to be equipped with a suitable control framework. One common stumbling block to such an implementation is a company?s over-reliance on spreadsheets.

Why is it so difficult to adopt controls for a system that’s reliant on spreadsheets? To understand this, let’s pinpoint some of the strongest, most powerful attributes of these User Developed Applications (UDA).

By nature, spreadsheets are the epitome of simplicity: easy to develop, easily accessible and easily altered. All computers in your workplace will most likely have them and everyone in your organization may be sharing them, making their own versions, and storing them in personal folders.

Sad to say though, these strengths are also control weaknesses and constitute the very reasons why spreadsheets require effective risk management.

Easy to develop. Being easy to develop, most spreadsheet systems are created by non-IT users who have limited knowledge on best control practices. Being constantly under time pressure, these ?developers? may also relegate documentation, security, and data verification to the back burner in favour of coming up with a timely report.

Easy to access. Information in a spreadsheet can be opened by practically anyone within the organization?s network. Who accessed what? And when? If anything goes wrong, it would be difficult to identify the culprit, and the failure to pinpoint responsibility for erroneous data could lead to bigger, more costly mistakes.

Easy to alter. Lastly, if the information is easy to access, then it can also be easily altered, consequently making reports more prone to both accidental errors and fraudulent modifications.

The rise of multimillion dollar scandals due to accidental and intentional spreadsheet errors have prompted regulatory bodies to publish guidelines for mitigating spreadsheet-associated risks. These controls include:

Change control
Version control
Access control
Input
Security and data integrity
Documentation
Development life cycle
Backup and archiving
Logic inspection/Testing
Segregation of duties/roles, and procedures
Analytics

In theory, these controls should be able to bring down risks considerably. However, because of the inherent nature of spreadsheets, such controls are rarely implemented effectively in the real world.

Take for example Security and Data Integrity. One of the most common causes of spreadsheet error is due to ?hardwiring?. This happens when values are inadvertently entered into a formula cell, naturally changing the logic of the spreadsheet.

As a way of control, cell locking can be applied on the formula cells to prevent users without the proper authority from making any changes. However, when reporting deadlines approach drawing spreadsheets to the forefront of data processing, more people are given access rights to the locked cells. Ironically, it is during these crunch times, when errors are most likely to happen.

Because the built-in features of a spreadsheet support none of the controls mentioned above, some companies are tempted to purchase control-enabling programs for spreadsheets just to continue using them for financial reporting. But although these programs can integrate the required controls, you?d still be interacting with the same complex and outdated interface: the spreadsheets.

Thus, these band-aid solutions may not suffice because the root cause of these problems are the spreadsheets themselves.

Learn more about our server application solutions and discover a better way to implement controls.

More Spreadsheet Blogs

Spreadsheet Risks in Banks

Top 10 Disadvantages of Spreadsheets

Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry

How Internal Auditors can win the War against Spreadsheet Fraud

Spreadsheet Reporting – No Room in your company in an age of Business Intelligence

Still looking for a Way to Consolidate Excel Spreadsheets?

Disadvantages of Spreadsheets

Spreadsheet woes – ill equipped for an Agile Business Environment

Spreadsheet Fraud

Spreadsheet Woes – Limited features for easy adoption of a control framework

Spreadsheet woes – Burden in SOX Compliance and other Regulations

Spreadsheet Risk Issues

Server Application Solutions – Don’t let Spreadsheets hold your Business back

Why Spreadsheets can send the pillars of Solvency II crashing down

amazon.co.uk

amazon.com

Check our similar posts

Matrix Management: Benefits and Pitfalls

Matrix management brings together managers and employees from different departments to collaborate with each other towards the accomplishment of the organizational goals. As much as it is beneficial, matrix management also has limitations. Hence, companies should understand its benefits and pitfalls before implementing this management technique.

Benefits

The following are some of the advantages of matrix management:

Effective Communication of Information

Because of the hybrid nature of the matrix structure, it enables different departments to closely work together and communicate frequently in order to solve project issues. This leads to a proficient information exchange among leaders and subordinates. Consequently, it results to developed strategies, enhanced performance and quick productivity.

Efficient Use of Resources

Resources can be used efficiently in the organisation since it can be shared among functions and projects. As the communication line is more open, the valuable knowledge and highly skilled resources are easily distributed within the organisation.

Increased Motivation

The matrix structure promotes democracy. And with the employees working on a team, they are motivated to perform their duties better. The opinions and expertise of the employees are brought to the table and considered by the managers before they make decisions. This leads to employee satisfaction, empowerment and improved performance.

Flexibility

Since the employees communicate with each other more frequently, decision making becomes speedy and response is adaptive. They can easily adjust with diverse situations that the company encounters.

Skills Development

Matrix employees are pooled out for work assignments, even to projects that are not necessarily in line with their skill background. With this approach to management, employees have the chance to widen their skills and expertise.

Discipline Retention

One significant advantage of matrix management is that it enables the employees to maintain their skills in functional areas while working with multidisciplinary projects. Once the project is completed and the team wraps up, the members remain sharp in their discipline technically and return to their home functions.

Pitfalls

Here are some disadvantages of matrix management:

Power Struggle

In the matrix structure, there is always tension between the functional and project manager. Although their intent is polite, their conflicting demands and competition for control over the same resources make it more difficult.

Internal Complexity

Having more than one manager, the employees might become confused to who their immediate leader is. The dual authority can lead to internal complexity and possible communication problems. Worst, employee dissatisfaction and high employee turnover.

Heightened Conflict

In any given situation where people and resources are shared across projects, there would always be competition and conflict. When these issues are prolonged, conflicts will heightened and will lead to more internal problems.

Increased Stress

For the employees, being part of a matrix structure can be stressful. Their commitment is divided among the projects and their relationship with multiple managers requires various adjustments. Increased stress can negatively affect their performance in the long run.

Excessive Overhead Expenses

Overhead administrative costs, such as salaries, increase in a matrix structure. More expenses, more burden to the organisation. This is a challenge to matrix management that leaders should consider carefully.

These are just some of the advantages and disadvantages of matrix management. The list could go on, depending on the unique circumstances that organisations have. The key is that when you decide to implement matrix management, you should recognise how to take full advantage of its benefits and understand how to lessen, if not eradicate, the pitfalls of this approach to management.

A Definitive List of the Business Benefits of Cloud Computing ? Part 3

Strengthens business continuity/disaster recovery capabilities

Today’s business landscape calls for companies to have reliable business continuity and disaster recovery capabilities. After all, when the system goes down, customers and even employees would rarely ask ‘why‘ or ‘what happened‘ but instead go directly to the ‘how soon can we get back up‘ part.

So unless they’ve been struck by the same unforeseen disaster your business is also experiencing, a couple of hours downtime is plenty enough for most of these people. What’s worse is when they simply don’t wait until they get access again and just go to other providers that can offer the same services. In short, your inability to provide continuous IT and business services could translate to lost opportunities which your competition would only be too willing to gain. And that’s not even counting the possibility of losing essential data and other potential negative impact that critical IT failure can bring about.

The answer to avoiding such a scenario is of course, having a sound business continuity and disaster recovery plan in place. But this is actually easier said than done.

Traditionally, setting up a business continuity plan entailed some tedious procedures in addition to very costly infrastructure. We’re talking here about acquiring and maintaining practically a replication of the hardware infrastructure and environments currently existing for business-critical systems and data. Note that these mirror systems should be set-up, housed, and maintained in a remote facility or location.

Making the deployment even more complex is the constant need to update the data in storage as well as keep software applications in sync between the system in use and the one on standby mode. This process would involve the physical transfer of data and syncing of applications, which is cumbersome and again, expensive.

While large enterprises would not even think twice about having to spend so much to ensure that operations would never come to a grinding halt, most small and mid-sized organisations would not have the required financial means for them to even start considering this option. Often, the bulk of their disaster recovery plan would simply consist of some tape backups, and a lot of hoping that they would never have to suffer from any outage or IT failure.

But all that can be changed with the arrival of cloud computing.

A cloud strategy offers an affordable solution for business continuity and disaster recovery for SMBs with limited resources and even big companies trying to minimise expenses by looking for alternative options.

A reliable service provider would already have the required infrastructure and software vital to a viable BC/DR plan and complete with the appropriate security measures. Organisations need not spend upfront for these facilities, but get to benefit from having updated data backup and a virtualised mirror system that would allow them to quickly get back up in the event of an outage or catastrophic disaster.

When looking to the cloud for a cost-effective BC/DR plan however, it’s worth keeping in mind that not all cloud providers are created equal. That’s why businesses also have many important factors to take into account before signing cloud contracts.

Yes, provision for continuity and and taking necessary precautions against outages are inherent in the cloud service itself, but you’d be surprised how many of these providers don’t actually take responsibility for service interruption. To give organisations some assurance of the cloud company’s capacity for continued service, contracts should stipulate availability guarantees and liability for downtime that the provider is willing to answer for.

Once these relevant issues are ironed out however, it’s easy for business to see how cloud-based data storage and computing can significantly lower the costs involved for SMB BC/DR while greatly improving efficiency, mobility, and collaboration capabilities.

Contact Us

(+353)(0)1-443-3807 – IRL
(+44)(0)20-7193-9751 – UK

2015 ESOS Guidelines Chapter 2 – Deadlines and Status Changes

The ESOS process is deadline driven and meeting key dates is a non-negotiable. The penalties for not complying / providing false or misleading information are ?50,000 each. Simply not maintaining adequate records could cost you ?5,000. The carrot on the end of the stick is the financial benefits you stand to gain.

Qualifying for inclusion under the ESOS umbrella depends on the status of your company in terms of employee numbers, turnover and balance sheet on 31 December 2014. Regardless of whether you meet the 2014 threshold or not, you must reconsider your situation on 31 December 2018, 2022 and 2026.

Compliance Period	Qualification Date	Compliance Period	Compliance Date
1	31 December 2014	From 17 July 2014* to 5 December 2015	5 December 2015
2	31 December 2018	From 6 December 2015 to 5 December 2019	5 December 2019
3	31 December 2022	From 6 December 2019 to 5 December 2023	5 December 2023
4	31 December 2026	From 6 December 2023 to 5 December 2027	5 December 2027

Notes:

1. The first compliance period begins on the date the regulations became effective

2. Energy audits from 6 December 2011 onward may go towards the first compliance report

Changes in Organisation Status

If your organisation status changes after a qualification date when you met compliance thresholds, you are still bound to complete your ESOS assessment for that compliance period. This is regardless of any change in size or structure. Your qualification status then remains in force until the next qualification date when you must reconsider it.