Spreadsheet Fraud

To any company executive or business owner, the mere possibility of fraud can be enough to send alarm bells ringing – for good reason. In a prolonged recession, the last thing investors would want to discover is a huge, gaping hole where supposedly a neat profit should have been. Also to find out that such loss was brought about by deliberately falsified accounting and poor spreadsheet controls only makes the situation even more regrettable.

Why?

Because these losses would not have occurred had there been a stronger risk management program in place and more stringent quality control on critical data to begin with.

But given the nature of a spreadsheet system i.e. its sheer flexibility and easy accessibility, plus the fact that they were never intended to be enterprise-level tools, there are no hard and fast rules for auditing spreadsheets. Also because of the lack of internal controls for end user computing (EUC) applications, in this case spreadsheets, you can’t expect these systems to yield consistently accurate results.

In fact, most managers assume that major spreadsheet errors should result in figures that are blatantly out of touch with how things stand in the real world, making these errors easily detectable.

Well they assumed wrong. You’ll find cases where the losses ran to millions of dollars without anyone being the wiser.

In instances of fraud, the problem becomes more complicated as these errors are deliberately hidden and cleverly disguised, perhaps one erroneous cell at a time. Even if these cover-ups started out with smaller figures that may have had negligible impact on a company?s operation, the cumulative costs of these ?insignificant? errors multiply exponentially as the spreadsheets are reused and utilised as bases for other related reports.

While there is no generally accepted definition of the term ?spreadsheet fraud?, its quite easy to identify one when a case crops up. Fraud arising from spreadsheets are typically characterised by:

Fallacious inputs – correct figures are deliberately replaced with false values.

Erroneous outputs owing to data alteration – hyperlinks are linking to the wrong spreadsheets or cells; use of macros or special lines of code which are understandable only to the person who developed the code.

Concealment of critical information – can be done with easy ?tweaks? such as hidden rows and columns, using the same colour for both the font and the background, or hard coding additional values into a cell.

There is nothing really highly-sophisticated or technical in any of these methodologies. But without internal spreadsheet controls in place, it would take a discerning eye and a thorough review to catch the inconsistencies contained in a spreadsheet fraught with errors. Also, if these errors are knowingly placed there, the chances of finding them are close to nil.

Learn more about our server application solutions and discover a better way to protect your company from spreadsheet fraud.

More Spreadsheet Blogs


Spreadsheet Risks in Banks


Top 10 Disadvantages of Spreadsheets


Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry


How Internal Auditors can win the War against Spreadsheet Fraud


Spreadsheet Reporting – No Room in your company in an age of Business Intelligence


Still looking for a Way to Consolidate Excel Spreadsheets?


Disadvantages of Spreadsheets


Spreadsheet woes – ill equipped for an Agile Business Environment


Spreadsheet Fraud


Spreadsheet Woes – Limited features for easy adoption of a control framework


Spreadsheet woes – Burden in SOX Compliance and other Regulations


Spreadsheet Risk Issues


Server Application Solutions – Don’t let Spreadsheets hold your Business back


Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

Check our similar posts

How COBIT helps you achieve SOX Compliance

First released way back in 1996, COBIT has already been around for quite a while. One reason why it never took off was because companies were never compelled to use it ? until now. Today, many CEOs and CIOs are finding it to be a vital tool for achieving SOX compliance in IT.

Thanks to SOX, COBIT (Control Objectives for Information and related Technology) is now one of the most widely accepted source of guidance among companies who have IT integrated with their accounting/financial systems. It has also gained general acceptability with third parties and regulators. But how did this happen?

Role of control frameworks in SOX compliance

You see, the Sarbanes-Oxley Act, despite having clearly manifested the urgency of establishing effective internal controls, does not provide a road map for you to follow nor does it specify a yardstick to help you determine whether an acceptable mileage in the right direction has already been achieved.

In other words, if you were a CIO and you wanted to find guidance on what steps you had to take to achieve compliance, you wouldn’t be able to find the answers in the legislation itself.

That can be a big problem. Two of your main SOX compliance obligations as a CEO or CIO is to assume responsibility in establishing internal controls over financial reporting and to certify their effectiveness. After that, the external auditors are supposed to attest to your assertions. Obviously, there has to be a well-defined basis before you can make such assertions and auditors can attest to anything.

In the language of auditors, this ?well-defined basis? is known as a control framework. Simply put, once you certify the presence of adequate internal controls in your organisation, the external auditor will ask, ?What control framework did you use??

Knowing what control framework you employed will help external auditors determine how to proceed with their evaluations and tests. For your part, a control framework can serve as a guide to help you work towards specific objectives for achieving compliance. Both of you can use it as a common reference point before drawing any conclusions regarding your controls.

But there are many control frameworks out there. What should you use?

How SOX, COSO, and COBIT fit together

Fortunately, despite SOX?s silence regarding control frameworks, you aren’t left entirely to your own devices. You could actually take a hint from the SEC and PCAOB, two of the lead organisations responsible for implementing SOX. SEC and PCAOB point to the adoption of any widely accepted control framework.

In this regard, they both highly endorse COSO, a well-established internal control framework formulated by the Committee of Sponsoring Organisations of the Treadway Commission (COSO). Now, I must tell you, if you’re looking specifically for instructions pertaining to IT controls, you won’t find those in COSO either.

Although COSO is the most established control framework for enterprise governance and risk management you’ll ever find (and in fact, it’s what we recommend for your general accounting processes), it lacks many IT-related details. What is therefore needed for your IT processes is a framework that, in addition to being highly aligned with COSO, also provides more detailed considerations for IT.

This is where COBIT fits the bill.

How COBIT can contribute to your regulatory compliance endeavors

COBIT builds upon and adheres with COSO while providing a finer grain of detail focused on IT. You can even find a mapping between COBIT IT processes and COSO components within the COBIT document itself.

Designed with regulatory compliance in mind, COBIT lays down a clear path for developing policies and good practice for IT control, thus enabling you to bridge the gap between control requirements, technical issues, and business risks.

Some of the components you’ll find in COBIT include:

IT control objectives

These are statements defining specific desired results that, as a whole, characterise a well-managed IT process. They come in two forms for each COBIT-defined IT process: a high-level control objective and a number of detailed control objectives. These objectives will enable you to have a sense of direction by telling you exactly what you need to aim for.

Maturity models

These are used as benchmarks that give you a relative measurement stating where your level of management or control over an IT process or high-level control objective stands. It serves as a basis for setting as-is and to-be positions and enables support for gap analysis, which determines what needs to be done to achieve a chosen level. Basically, if a control objective points you to a direction, then its corresponding maturity model tells you how far in that direction you’ve gone.

RACI charts

These charts tell you who (e.g. CEO, CFO, Head of Operations, Head of IT Administration) should be Responsible, Accountable, Consulted, and Informed for each activity.

Goals and Metrics

These are sets of goals along with the corresponding metrics that allow you to measure against those goals. Goals and metrics are defined in three levels: IT goals and metrics, which define what business expects from IT; process goals and metrics, which define what the IT process should deliver to support It’s objectives; and activity goals and metrics, which measure how well the process is performing.

In addition to those, you’ll also find mappings of each process to the information criteria involved, IT resources that need to be leveraged, and the governance focus areas that are affected.

Everything is presented in a logical and manageable structure, so that you can easily draw connections between IT processes and business goals, which will in turn help you decide what appropriate governance and control is needed. Ultimately, COBIT can equip you with the right tools to maintain a cost-benefit balance as you work towards achieving SOX compliance.

How to carry out an Operational Review

A mobile workforce management software is key to managing an efficient field workforce.? Managing a staff of people can be tricky in any industry. Try keeping track of employees on shifting jobsites, many whom are paid hourly or temporary workers. The added pressure of ensuring the right workers get to the right sites at the right times, but they also need to track hours, parts used, vehicles and equipment assets.

In a previous post, we defined what is an operational review and why they play a key process in the continual evolution of successful businesses.?

Operational reviews allow the organization members to evaluate their performance, according to the procedures, resources properly, timescales and budgets.

Denizon – Operational Reviews Defined

Tweet

In this post, we’ll take a closer look at how to implement an operational review and the steps typically undertaken to help you and your organisation to implement an operational review.

What the steps in a Operational Review Process

There are typically six steps in an operational review that range from preparatory work conducting interviews and collecting documents to the presentation of the final written report.

An audit should be customized to meet a organisatons specific needs, so standard steps can and should only serve as a guideline.? Management and internal and external auditors should adjust the process to address the company’s particular goals and objectives.

Initial Management Meeting

Understanding the problem is the first crucial step of an operational review. This is one of major areas of discussions when the audit team meets with the management, and department heads will be asked to identify any specific areas of concern. Once the problem is identified, it would be easier to come up with workable solutions.

Conduct Interviews

The next step in the evaluation is carried out with experienced teams doing interviews and keeping close observation. Each team essentially watches how employees carry out their responsibilities. This is considered a key part of the process.

When doing the interview, it is also vital that the observing team gains the employees? trust and confidence. Likewise, the staff must be assured that whatever transpires between the team and the employee will be kept confidential. Management must therefore guarantee anonymity to anyone who offers critical information, lest employees withhold vital information and render the data gathered inaccurate.

Systems Review

Employees and management practices will be reviewed by the assessing team according to the standard policies and guidelines of the company. The effectiveness of the controls in place as well as their appropriateness to the current operating conditions will also be evaluated.

Reporting

A documentation of the data gathered and the assessment of the evaluating team, will be submitted to the management after the review process. Flow charts and written narratives of departmental activities are usually part of this report. This is also where observations and recommendations of the team will be presented to the department heads concerned.

Review Results

While the operational review is being conducted, it is important to take into account the vital factors that affect the company: the people, processes, procedures, and strategies. These four factors can determine the company?s progress in the future.

Key Areas of focus in operation reviews

At a minimum an operational review should include the following key ares of assessment

Management Control

Responsibilities, authority, and the scope in which an employee has the freedom to act must be clearly defined and documented. A complete and specific job description for instance, would give the employee a clear perspective on how he acts and functions within the company.

Boundaries should be set not only to benefit the employer but more so the employee as well.

Moral and Ethical Guidelines

Moral and ethical guidelines are just as important to ensure for a smoother employer?employee relationship. Otherwise, personal issues such as work ethics, work attitude and personal values may post problems in the long run if such guidelines are not drawn properly before relationships are established.

Processes and procedures

Evaluating processes is only beneficial if the company itself updates its processes and procedural manuals regularly, or at least when needed. Such protocols may need revision and some steps may be obsolete already. Improving a company?s processes and procedures doesn’t always entail cost. In fact, improvised procedures may even be cost-effective and could make the processes more manageable.

Communication and reporting standards

Gaps in communication could result in serious lapses in internal controls, putting the company and/or its assets at risk. This is where the importance of timely and clear communication comes in. Likewise, reports must be useful, and the flow of information and how it is processed must keep pace with the company?s growth.

Information technology (IT) and security controls can also be included under the communication clause. Proper IT security policies must be in place, state-of-the-art protection techniques employed, and everything be documented, periodically updated, and continually monitored.

Strategic planning and tactics

No company can ever be complete without its strategies. It would unwise for any organization to proceed without first knowing where it stands and what direction it wants to take. Strategic planning draws such a map. It must be aligned to the mission and vision of the company, and should also coincide with the organizational goals set. Strategic planning deals with these three key questions:

  • What do we do now
  • Whom do we do it for?
  • How can we overcome competition

Without clear strategic direction, expectations would likely differ between ownership and management.

Contingency planning, testing and recovery

Contingency plans must be up-to-date, and are essential to the organization. If one course of action fails, the company should have plan B, C and so on. In addition, an organization should be prepared to respond to interference’s.

This includes establishing a formal process to review transactions processing during both disruption and recovery.

Presentation of Report

Based on your objectives and our findings, we will develop detailed recommendations to improve your company?s performance and productivity. Our written report will include a list of both short-term and long-term projected improvements and courses of action, to be mutually agreed upon by both parties.

To ensure the achievement of the improvements we outlined, our team will also assist in the implementation of these modifications.

The plan has three levels of recommendations: one for executives, another for management, and a third one for staff.

The executive summary concentrates on your company?s strengths, weaknesses, opportunities and threats to its entirety. It includes recommendations for any needed changes in policy or governance.

The management plan is based on employee feedback and includes areas of immediate improvement as well as identification of potential problem areas. Concerns from the bottom level management can now be forwarded to the top level management in formal writing. Better working relationships may evolve from this, thereby setting the work environment for a higher productivity ratio.

Lastly, the staff report deals with topics like charting the hierarchy of the organization, and discussing in detail specific control objectives that are critical to the company?s mission. Part of our goal is to encourage personnel to pay close attentions to such changes, if any, as these efforts are essential if they want to bring about both organizational and personal success.

If you would like to further discuss how our operational review services can benefit your company, please feel free to contact us at your convenience to schedule an initial consultation. We?ll be more than happy to assist you.

More Operational Review Blogs


Carrying out an Operational Review


Operational Reviews


Operational Efficiency Initiatives


Operational Review Defined

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Why Predictive Maintenance is More Profitable than Reactive Maintenance

Regular maintenance is needed to keep the equipment in your facility operating normally. All machinery has a design lifespan, and your goal is to extend this as long as possible, while maintaining optimal production levels. How you go about the maintenance matters, from routine checks to repairing the damaged component parts?all before the whole unit needs to be tossed away and a new one purchased and installed. Here, we will break down the different approaches used, and show you why more industries and businesses are turning to proactive maintenance modes as opposed to the traditional reactive approaches for their?field service operations.?

Reactive Maintenance: A wait and see game

Here, you basically wait for a problem to occur, then fix it. It’s also commonly referred to as a “Run-to-Failure” approach, where you operate the machines and systems until they break. Repairs are then carried out, restoring it to operational condition.?

At face value, it appears cost-effective, but the reality on the ground is far much different. Sure, when the equipment is new, you can expect minimal cases of maintenance. During this time, there?ll be money saved. However, as time progresses there?ll be increased wear, making reliance on a reactive maintenance approach a costly endeavour. The breakdowns are more frequent, and inconsistent as well. Unplanned expenses increase operational costs, and there will be lost productivity during the periods in which the affected machinery won’t be in operation.?

While reactive maintenance makes sense when you’re changing a faulty light bulb at home, things are more complicated when it comes to dealing with machinery in industries, or for those managing multiple residential and commercial properties. For the light bulb, it’s easier to replace it, and failure doesn’t have a ripple effect on the rest of the structures in the household. For industries, each time there is equipment failure, you end up with downtime, production can grind to a halt, and there will be increased environmental risks during equipment start-up and shutdown. If spare parts are not readily available, there will be logistical hurdles as you rush the shipping to get the component parts to the facility. Add this to overworked clients in a bit to complete the repair and to make up for lost hours and delayed customer orders.

For field service companies, more time ends up being spent. After all, there?s the need of knowing which parts needed to be attended to, where they are, and when the servicing is required. Even when you have a planned-out schedule, emergency repairs that are required will force you to immediately make changes. These ramps up the cots, affecting your operations and leading to higher bills for your client. These inconveniences have contributed to the increased reliance on?field service management platforms that leverage on data analytics and IoT to reduce the repair costs, optimise maintenance schedules, and?reduce unnecessary downtimes?for the clients.

Waiting for the machinery to break down actually shortens the lifespan of the unit, leading to more replacements being required. Since the machinery is expected to get damaged much sooner, you also need to have a large inventory of spare parts. What’s more, the damages that result will be likely to necessitate more extensive repairs that would have been needed if the machinery had not been run to failure.?

Pros of reactive maintenance

  1. Less staff required.
  2. Less time is spent on preparation.

Cons of reactive maintenance

  1. Increased downtime during machine failure.
  2. More overtime is taken up when conducting repairs.
  3. Increased expenses for purchasing and storing spare parts.?
  4. Frequent equipment replacement, driving up costs.?

This ?If it ain’t broke, don’t fix it? approach leads to hefty repair and replacement bills. A different maintenance strategy is required to minimise costs. Proactive models come into focus. Before we delve into predictive maintenance, let’s look at the preventive approach.?

Preventive Maintenance: Sticking to a timetable

Here, maintenance tasks are carried out on a planned routine?like how you change your vehicle?s engine oil after hitting a specific number of kilometres. These tasks are planned in intervals, based on specific triggers?like a period of time, or when certain thresholds are recorded by the meters. Lubrication, carrying out filter changes, and the like will result in the equipment operating more efficiently for a longer duration of time. While it doesn’t completely stop catastrophic failures from occurring, it does reduce the number of failures that occur. This translates to capital savings.??

The Middle Ground? Merits And Demerits Of Preventive Maintenance

This periodic checking is a step above the reactive maintenance, given that it increases the lifespan of the asset, and makes it more reliable. It also leads to a reduced downtime, thus positively affecting your company?s productivity. Usually, an 80/20 approach is adopted,?drawing from Pareto’s Principle. This means that by spending 80% of time and effort on planned and preventive maintenance, then reactive maintenance for those unexpected failures that pop up will only occur 20% of the time. Sure, it doesn’t always come to an exact 80/20 ratio, but it does help in directing the maintenance efforts of a company, and reducing the expenses that go into it.?

Note that there will need to be a significant investment?especially of time, in order to plan a preventive maintenance strategy, plus the preparation and delegation of tasks. However, the efforts are more cost effective than waiting for your systems and machinery to fail in order to conduct repairs. In fact, according to the US Dept. of Energy, a company can save between 12-18 % when using a preventive maintenance approach compared to reactive maintenance.

While it is better than the purely reactive approach, there are still drawbacks to this process. For instance, asset failure will still be likely to occur, and there will be the aspect of time and resource wastage when performing unneeded maintenance, especially when technicians have to travel to different sites out in the field. There is also the risk of incidental damage to machine components when the unneeded checks and repairs are being carried out, leading to extra costs being incurred.

We can now up the ante with predictive maintenance. Let’s look at what it has to offer:

Predictive Maintenance: See it before it happens

This builds on preventive maintenance, using data analytics to smooth the process, reduce wastage, and make it more cost effective. Here, the maintenance is conducted by relying on trends observed using data collected from the equipment in question, such as through vibration analysis, energy consumption, oil analysis and thermal imaging. This data is then taken through predictive algorithms that show trends and point out when the equipment will need maintenance. You get to see unhealthy trends like excessive vibration of the equipment, decreasing fuel efficiency, lubrication degradation, and their impact on your production capacities. Before the conditions breach the predetermined parameters of the equipment’s normal operating standards, the affected equipment is repaired or the damaged components replaced.??

Basically, maintenance is scheduled before operational or mechanical conditions demand it. Damage to equipment can be prevented by attending to the affected parts after observing a decrease in performance at the onset?instead of waiting for the damage to be extensive?which would have resulted in system failure. Using?data-driven?field service job management software will help you to automate your work and optimise schedules, informing you about possible future failures.

Sensors used record the condition of the equipment in real time. This information is then analysed, showing the current and future operational capabilities of the equipment. System degradation is detected quickly, and steps can be taken to rectify it before further deterioration occurs. This approach optimises operational efficiency. Firstly, it drastically reduces total equipment failure?coming close to eliminating it, extending the lifespan of the machinery and slashing replacement costs. You can have an orderly timetable for your maintenance sessions, and buy the equipment needed for the repairs. Speaking of which, this approach minimises inventory especially with regards to the spare parts, as you will be able to note the specific units needed beforehand and plan for them, instead of casting a wide net and stockpiling spare parts for repairs that may or may not be required. Repair tasks can be more accurately scheduled, minimising time wasted on unneeded maintenance.??

Preventive vs Predictive Maintenance?

How is predictive different from preventive maintenance? For starters, it bases the need for maintenance on the actual condition of the equipment, instead of a predetermined schedule. Take the oil-change on cars for instance. With the preventive model, the oil may be changed after every 5000?7500 km. Here, this change is necessitated because of the runtime. One doesn’t look at the performance capability and actual condition of the oil. It is simply changed because “it is now time to change it“. However, with the predictive maintenance approach, the car owner would ideally analyse the condition of the oil at regular intervals- looking at aspects like its lubrication properties. They would then determine if they can continue using the same oil, and extend the duration required before the next oil change, like by another 3000 kilometres. Perhaps due to the conditions in which the car had been driven, or environmental concerns, the oil may be required to be changed much sooner in order to protect the component parts with fresh new lubricant. In the long run, the car owner will make savings. The US Dept. of Energy report also shows that you get 8-12% more cost savings with the predictive approach compared to relying on preventive maintenance programs. Certainly, it is already far much more effective compared to the reactive model.?

Pros of Predictive Maintenance

  1. Increases the asset lifespan.
  2. Decreases equipment downtime.
  3. Decreases costs on spare parts and labour.
  4. Improves worker safety, which has the welcome benefit of increasing employee morale.
  5. Optimising the operation of the equipment used leads to energy savings.
  6. Increased plant reliability.

Cons of Predictive Maintenance

  1. Initial capital costs included in acquiring and setting up diagnostic equipment.
  2. Investment required in training the employees to effectively use the predictive maintenance technology adopted by the company.

The pros of this approach outweigh the cons.?Independent surveys on industrial average savings?after implementing a predictive maintenance program showed that firms eliminated asset breakdown by 70-75%, boosted production by 20-25%, and reduced maintenance costs by 25-30%. Its ROI was an average of 10 times, making it a worthy investment.

Ready to work with Denizon?

Contact Us Today