Which Services to Share?

It often makes sense to pool resources. Farmers have been doing so for decades by collectively owning expensive combine harvesters. France, Germany, the United Kingdom and Spain have successfully pooled their manufacturing power to take on Boeing with their Airbus. But does this mean that shared services are right in every situation?

The Main Reasons for Sharing

The primary argument is economies of scale. If the Airbus partners each made 25% of the engines their production lines would be shorter and they would collectively need more technicians and tools. The second line of reasoning is that shared processes are more efficient, because there are greater opportunities for standardisation.

Is This the Same as Outsourcing?

Definitely not! If France, Germany, the United Kingdom and Spain has decided to form a collective airline and asked Boeing to build their fleet of aircraft, then they would have outsourced airplane manufacture and lost a strategic industry. This is where the bigger picture comes into play.

The Downside of Sharing

Centralising activities can cause havoc with workflow, and implode decentralised structures that have evolved over time. The Airbus technology called for creative ways to move aircraft fuselages around. In the case of farmers, they had to learn to be patient and accept that they would not always harvest at the optimum time.

Things Best Not Shared

Core business is what brings in the money, and this should be tailor-made to its market. It is also what keeps the company afloat and therefore best kept on board. The core business of the French, German, United Kingdom and Spanish civilian aircraft industry is transporting passengers. This is why they are able to share an aircraft supply chain that spun off into a commercial success story.

Things Best Shared

It follows that activities that are neither core nor place bound – and can therefore happen anywhere ? are the best targets for sharing. Anything processed on a computer can be processed on a remote computer. This is why automated accounting, stock control and human resources are the perfect services to share.

So Case Closed Then?

No, not quite. ?Technology has yet to overtake our humanity, our desire to feel part of the process and our need to feel valued. When an employee, supplier or customer has a problem with our administration it’s just not good enough to abdicate and say ?Oh, you have to speak to Dublin, they do it there?.

Call centres are a good example of abdication from stakeholder care. To an extent, these have ?confiscated? the right of customers to speak to speak directly to their providers. This has cost businesses more customers that they may wish to measure. Sharing services is not about relinquishing the duty to remain in touch. It is simply a more efficient way of managing routine matters.

Check our similar posts

How Sustainable is Suez Environment

French-based Suez Environment works in the water and waste-management environment, with specific reference to water production, treatment, & pollution disposal, and waste treatment, recycling, incineration and site desensitisation. Its more than 65,000 employees distributed worldwide have participated in flagship projects like Renault’s goal of 95% reclamation of vehicle parts, and Lyonnaise des Eaux?s saving of 12 million cubic meters of water in a single year.

Suez Environment claims to have consistently increased the recovery rate of treated waste, decreased direct and indirect greenhouse gas emissions, and made significant inroads into the production of sustainable energy on behalf of its clients. But then surely that’s Suez Environment’s business, and with over 65,000 employees we are entitled to expect this. Given that there have been persistent allegations of privatised water distribution bumping prices up to the detriment of the poor, how effective is Suez Environment at practising what it preaches back home?

GDF Suez is its largest shareholder and includes it under its environmental and societal responsibility umbrella. This makes environmental performance an overarching goal alongside management systems, health and safety, risk and procurement, and ethics. Its environmental ambitions spin out into the following strategies:

  • Understand the interactions between our activities and the environment
  • Open dialogue with stakeholders and foster partnerships with them
  • Set quantitative and qualitative targets at all levels of the organisation
  • Achieve optimum balance between financial and environmental challenges
  • Be proactive; anticipate impacts on the environment and plan for them
  • Increase employee awareness through interactive training and education
  • Be constantly innovative; share successes within the organisation
  • Monitor progress continuously and publish measured results achieved.

These goals direct the Suez Environment management team?s attention towards optimising performance in key areas like greenhouse gases, energy management, renewable energy, biodiversity, responsible water management, pollution prevention and health and safety considerations.

Among numerous other examples, its waste incineration programs convert hazardous and conventional waste into heat used to generate electricity without requiring virgin carbon products. Elsewhere, the same energy warms market-gardening tunnels and work places on winter days.

Suez Environment uses sophisticated energy management software to analyse information that’s transmitted by data logging devices online. ecoVaro provides a similar service in the cloud. ecoVaro adapts to your requirements providing fresh insights to your business.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
How COBIT helps you achieve SOX Compliance

First released way back in 1996, COBIT has already been around for quite a while. One reason why it never took off was because companies were never compelled to use it ? until now. Today, many CEOs and CIOs are finding it to be a vital tool for achieving SOX compliance in IT.

Thanks to SOX, COBIT (Control Objectives for Information and related Technology) is now one of the most widely accepted source of guidance among companies who have IT integrated with their accounting/financial systems. It has also gained general acceptability with third parties and regulators. But how did this happen?

Role of control frameworks in SOX compliance

You see, the Sarbanes-Oxley Act, despite having clearly manifested the urgency of establishing effective internal controls, does not provide a road map for you to follow nor does it specify a yardstick to help you determine whether an acceptable mileage in the right direction has already been achieved.

In other words, if you were a CIO and you wanted to find guidance on what steps you had to take to achieve compliance, you wouldn’t be able to find the answers in the legislation itself.

That can be a big problem. Two of your main SOX compliance obligations as a CEO or CIO is to assume responsibility in establishing internal controls over financial reporting and to certify their effectiveness. After that, the external auditors are supposed to attest to your assertions. Obviously, there has to be a well-defined basis before you can make such assertions and auditors can attest to anything.

In the language of auditors, this ?well-defined basis? is known as a control framework. Simply put, once you certify the presence of adequate internal controls in your organisation, the external auditor will ask, ?What control framework did you use??

Knowing what control framework you employed will help external auditors determine how to proceed with their evaluations and tests. For your part, a control framework can serve as a guide to help you work towards specific objectives for achieving compliance. Both of you can use it as a common reference point before drawing any conclusions regarding your controls.

But there are many control frameworks out there. What should you use?

How SOX, COSO, and COBIT fit together

Fortunately, despite SOX?s silence regarding control frameworks, you aren’t left entirely to your own devices. You could actually take a hint from the SEC and PCAOB, two of the lead organisations responsible for implementing SOX. SEC and PCAOB point to the adoption of any widely accepted control framework.

In this regard, they both highly endorse COSO, a well-established internal control framework formulated by the Committee of Sponsoring Organisations of the Treadway Commission (COSO). Now, I must tell you, if you’re looking specifically for instructions pertaining to IT controls, you won’t find those in COSO either.

Although COSO is the most established control framework for enterprise governance and risk management you’ll ever find (and in fact, it’s what we recommend for your general accounting processes), it lacks many IT-related details. What is therefore needed for your IT processes is a framework that, in addition to being highly aligned with COSO, also provides more detailed considerations for IT.

This is where COBIT fits the bill.

How COBIT can contribute to your regulatory compliance endeavors

COBIT builds upon and adheres with COSO while providing a finer grain of detail focused on IT. You can even find a mapping between COBIT IT processes and COSO components within the COBIT document itself.

Designed with regulatory compliance in mind, COBIT lays down a clear path for developing policies and good practice for IT control, thus enabling you to bridge the gap between control requirements, technical issues, and business risks.

Some of the components you’ll find in COBIT include:

IT control objectives

These are statements defining specific desired results that, as a whole, characterise a well-managed IT process. They come in two forms for each COBIT-defined IT process: a high-level control objective and a number of detailed control objectives. These objectives will enable you to have a sense of direction by telling you exactly what you need to aim for.

Maturity models

These are used as benchmarks that give you a relative measurement stating where your level of management or control over an IT process or high-level control objective stands. It serves as a basis for setting as-is and to-be positions and enables support for gap analysis, which determines what needs to be done to achieve a chosen level. Basically, if a control objective points you to a direction, then its corresponding maturity model tells you how far in that direction you’ve gone.

RACI charts

These charts tell you who (e.g. CEO, CFO, Head of Operations, Head of IT Administration) should be Responsible, Accountable, Consulted, and Informed for each activity.

Goals and Metrics

These are sets of goals along with the corresponding metrics that allow you to measure against those goals. Goals and metrics are defined in three levels: IT goals and metrics, which define what business expects from IT; process goals and metrics, which define what the IT process should deliver to support It’s objectives; and activity goals and metrics, which measure how well the process is performing.

In addition to those, you’ll also find mappings of each process to the information criteria involved, IT resources that need to be leveraged, and the governance focus areas that are affected.

Everything is presented in a logical and manageable structure, so that you can easily draw connections between IT processes and business goals, which will in turn help you decide what appropriate governance and control is needed. Ultimately, COBIT can equip you with the right tools to maintain a cost-benefit balance as you work towards achieving SOX compliance.

Spreadsheet Fraud

To any company executive or business owner, the mere possibility of fraud can be enough to send alarm bells ringing – for good reason. In a prolonged recession, the last thing investors would want to discover is a huge, gaping hole where supposedly a neat profit should have been. Also to find out that such loss was brought about by deliberately falsified accounting and poor spreadsheet controls only makes the situation even more regrettable.

Why?

Because these losses would not have occurred had there been a stronger risk management program in place and more stringent quality control on critical data to begin with.

But given the nature of a spreadsheet system i.e. its sheer flexibility and easy accessibility, plus the fact that they were never intended to be enterprise-level tools, there are no hard and fast rules for auditing spreadsheets. Also because of the lack of internal controls for end user computing (EUC) applications, in this case spreadsheets, you can’t expect these systems to yield consistently accurate results.

In fact, most managers assume that major spreadsheet errors should result in figures that are blatantly out of touch with how things stand in the real world, making these errors easily detectable.

Well they assumed wrong. You’ll find cases where the losses ran to millions of dollars without anyone being the wiser.

In instances of fraud, the problem becomes more complicated as these errors are deliberately hidden and cleverly disguised, perhaps one erroneous cell at a time. Even if these cover-ups started out with smaller figures that may have had negligible impact on a company?s operation, the cumulative costs of these ?insignificant? errors multiply exponentially as the spreadsheets are reused and utilised as bases for other related reports.

While there is no generally accepted definition of the term ?spreadsheet fraud?, its quite easy to identify one when a case crops up. Fraud arising from spreadsheets are typically characterised by:

Fallacious inputs – correct figures are deliberately replaced with false values.

Erroneous outputs owing to data alteration – hyperlinks are linking to the wrong spreadsheets or cells; use of macros or special lines of code which are understandable only to the person who developed the code.

Concealment of critical information – can be done with easy ?tweaks? such as hidden rows and columns, using the same colour for both the font and the background, or hard coding additional values into a cell.

There is nothing really highly-sophisticated or technical in any of these methodologies. But without internal spreadsheet controls in place, it would take a discerning eye and a thorough review to catch the inconsistencies contained in a spreadsheet fraught with errors. Also, if these errors are knowingly placed there, the chances of finding them are close to nil.

Learn more about our server application solutions and discover a better way to protect your company from spreadsheet fraud.

More Spreadsheet Blogs


Spreadsheet Risks in Banks


Top 10 Disadvantages of Spreadsheets


Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry


How Internal Auditors can win the War against Spreadsheet Fraud


Spreadsheet Reporting – No Room in your company in an age of Business Intelligence


Still looking for a Way to Consolidate Excel Spreadsheets?


Disadvantages of Spreadsheets


Spreadsheet woes – ill equipped for an Agile Business Environment


Spreadsheet Fraud


Spreadsheet Woes – Limited features for easy adoption of a control framework


Spreadsheet woes – Burden in SOX Compliance and other Regulations


Spreadsheet Risk Issues


Server Application Solutions – Don’t let Spreadsheets hold your Business back


Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

Ready to work with Denizon?

Contact Us Today