Spreadsheet Risk Issues

It is interesting to note that the riskiness of operational spreadsheets are overlooked even by companies with high standards of risk management. Only when errors amount to actual losses do they realize that these risks have been staring them in the face all along.

Common spreadsheet risk issues

Susceptibility to trivial manual errors

Due to the fundamental structure of spreadsheets, a slight change in the formula or value in any of their inhabited cells may already affect their overall output. An

  • accidental copy-paste,
  • omission of a negative sign,
  • erroneous range selection,
  • incorrect data input or
  • unintentional deletion of a character,cell, range, column, or row

are just some of the simple errors spreadsheet users frequently encounter. Rarely are there any counter-checking controls in place in a spreadsheet-based activity and manual errors therefore easily go undetected.

Possibility of the user working on the wrong version

How do you store spreadsheet files?

Since the most common reports are usually generated on a monthly basis, users tend to store them using variations of these two configurations:

spreadsheet storage

If you notice, a user can accidentally work on the wrong version with any of these structures.

Prone to inconsistent company-wide reporting

This happens when a summary or ?final? spreadsheet is fed information by different departments coming from their own spreadsheets. Even if most of the data in their spreadsheets come from one source (the company-wide database), erroneous copy-pasting and linking, or even different interpretations of the same data can result to contradicting information in the end.

Often defenceless against unauthorised access

Some spreadsheets contain information needed by various individuals or department units in an organisation. Hence, they are often shared via email or through shared folders in a network. Now, because spreadsheets don’t normally use any access control, any user can easily open a spreadsheet file and view or modify the contents as he wishes.

Highly vulnerable to fraud

A complex spreadsheet system with zero or very minimal controls provides the perfect setting for would-be fraudsters. Hidden cells with malicious formulas and links to bogus information can go unnoticed for a long time especially if the final figures don’t deviate much from expected values.

Spreadsheet risk mitigation solutions may not suffice

Inherent complexity makes testing and logic inspection very time consuming

Deep testing can uncover possible errors hidden in spreadsheet cells and consequently mitigate risks. But spreadsheets used to support financial reporting are normally large, complex, highly-personalised and, without ample supporting documentation, understandably hard to follow.

No clear ownership of risk management responsibilities

There?s always a dilemma when an organisation starts assigning risk management responsibilities for spreadsheets. IT personnel believe users in the business side of the organisation should be responsible since they are the ones who create, edit, store, duplicate, and share the spreadsheet files. On the other hand, users believe IT should be responsible since they have always been in-charge of managing IT infrastructure, applications, and files.

To get rid of spreadsheet risks, you’ll have to get rid of spreadsheets altogether

One remedy is to have a risk management activity that involves both IT personnel and spreadsheet users. But wouldn’t you want to get rid of the complexity of having to distribute the responsibilities between the two parties instead of just one?

Learn more about Denizon’s server application solutions and how you can get rid of spreadsheet risk issues.

More Spreadsheet Blogs


Spreadsheet Risks in Banks


Top 10 Disadvantages of Spreadsheets


Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry


How Internal Auditors can win the War against Spreadsheet Fraud


Spreadsheet Reporting – No Room in your company in an age of Business Intelligence


Still looking for a Way to Consolidate Excel Spreadsheets?


Disadvantages of Spreadsheets


Spreadsheet woes – ill equipped for an Agile Business Environment


Spreadsheet Fraud


Spreadsheet Woes – Limited features for easy adoption of a control framework


Spreadsheet woes – Burden in SOX Compliance and other Regulations


Spreadsheet Risk Issues


Server Application Solutions – Don’t let Spreadsheets hold your Business back


Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

4 Reasons Why You Might be Missing Out on Energy Savings…

?well your company actually, although for many small-to-medium businesses it boils down to the same thing. Governments usually lag behind in terms of innovation but are beating us hands-down when it comes to going green. I have heard that private sector energy savings average less than 1% per year and I for one would not be surprised if that were true. So what is causing this rot, when we started out so enthusiastically? Here are four possibilities for you to mull over.

  1. Your Team is Unevenly Yoked ? A pair of mismatched horses cannot pull a wagon in a straight line any more successfully than a business team can achieve its goals, if there is no agreement on priorities. While your sales team may be all for scoring green points against your competition, your accountant has a budget to balance and your operations department just wants to get on with the job.
  1. Energy?s not in Focus ? The above may in part be due to production goals you set your department heads. Energy is not nearly as greedy as raw materials and human capital. If you tell them to cut 5%, where do you think they are going to look first? You need to put energy savings up there, and agree specific targets as you do with other primary goals.
  1. Your Equipment Could be Over-Spec ? It is a very human thing to put more food on our plates and buy faster cars than we need. Only a few generations ago our ancestors lived through feast and famine, and the shadow of this still influences our thinking. Next time you buy equipment sit around the table and agree the decision criteria together. Then stick to them and repel all attempts at up-selling.
  1. You Are Delegating Too Much ? Delegation is part of company culture, or if you prefer the collective way of doing things. If you delegate something completely it is akin to saying I do not care much about this, make it happen. Energy saving is a financial and moral imperative. The fact the oil price is down does not mean there is no place for sustainability on your desk (and the price is likely to be up again soon).

Governments succeed in saving energy (whereas businesses often do not) because governments have a crowd of stakeholders beating down the door and demanding progress. As business owners we are more likely to do the same when the pressure is upon us, and that pressure surely has to come from us.

9 Cloud Security Questions you need to ask Service Providers

Companies in Ireland and the UK who are considering cloud adoption might already have a general idea of the security risks inherent in cloud computing. However, since different providers may not offer the same levels of risk mitigation, it is important to know which providers can give sufficient assurance on cloud security.

Here are 10 cloud security questions to ask service providers vying for your attention.

1. Where will my data be located?

There are a variety of reasons why you will want to ask this question. One big reason is that there are certain countries that don’t have strict legislation (or any legislation at all) pertaining to cloud computing. In that case, the provider won’t be as motivated to apply high levels of risk mitigation.

So if your data is hosted off shore, then you might want to reconsider or at least conduct a deeper study regarding the security conditions there.

2. Do you have provisions for regulatory compliance?

Certain standards and regulations (e.g. PCI DSS and possibly the EU Data Protection Directive) have specific guidelines pertaining to data stored in the cloud. If your organisation is covered by any of these legislation, then you need to know whether your provider can help you meet requirements for compliance.

3. Who will have access to my data?

In a cloud environment, where your data is going to be managed by people who aren’t under your direct supervision, you’ll have to worry as much about internal threats as you would with external threats.

Therefore, you need to know how many individuals will have access to your data. You also need to know relevant information such as how admins and technicians with data access rights are screened prior to getting hired. You also need to determine what access controls are being implemented.

4. How is data segregated?

Since there will be other clients, you will want to know how your data is going to be segregated from theirs. Is there any possibility of an accidental or intentional data breach due to poor data segregation? Find out if your data is going to be encrypted and how strong the encryption algorithm is.

5. How will you support investigative activities?

Sometimes, even if strong cloud security measures are in place, a data breach can still happen. If it does happen, the provider should have ways to track each user/administrator’s activity that can sufficiently support a detailed data forensics investigation.

Find out whether logs are being kept and how detailed they are.

6. Are we protected by a Disaster Recovery/Business Continuity plan? How?

Don’t be fooled by sales talk of 100% up-time. Even the most robust cloud infrastructures can suffer outages too. But the important thing is that, when they do fail, they should be able to get up and running in the soonest time possible.

Don’t just ask about their guaranteed RPOs and RTOs. Find out whether your data and applications will be replicated across multiple sites. Unless the provider says they will be, you need to find a provider with a better infrastructure.

7. Can I get copies of my VMs?

In a cloud infrastructure, your servers are actually in the form of files known as virtual machines (VMs). Because VMs are just files, they should be easily copied. There may be issues though, like the VMs might be stored in a not-so-popular proprietary format. Another possible issue is that the provider may simply not allow copying.

Having copies of your VMs can be useful should you later on decide to transfer to another provider or even duplicate your cloud infrastructure on your own.

8. What will happen to my data when I scale down?

One outstanding benefit of cloud computing is that when your business demands drop, you can easily scale down computing resources and reduce your cloud spending. ?But what will happen to your data when you decommission virtual servers? Will they be discarded?

You might want your data to be retained up to a certain period. On the other hand, you might also want them to be deleted immediately. Ask about the provider’s data deletion/data retention policies and see if they are in line with yours.

9. What will happen to my data if I decide to close my account?

There might come a time when you’ll want to terminate your contract with your cloud provider. Just like in issue #8, you’ll want to find out more about data deletion/data retention policies.

Although some providers can give you detailed answers, many of these answers can include a lot of technical jargon that can leave you totally confused. If you want someone you can trust to:

  • simplify those answers;
  • help you pick the right cloud service provider, and
  • even make sure cloud security is really upheld once your cloud engagement is ?under way

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
ESOS ? Why we must have it

The 9,000 big UK businesses directly affected by the new Energy Saving Opportunity Scheme could save UK?250 million between them, or an average UK?27,000 each, if they reduced electricity consumption by just 1%. The total amount is equal to the output of five power stations, at a time when Britain?s grid is under strain.
On 26 November 2014, UK Energy and Climate Change Secretary Ed Davey met with over 100 opinion makers from businesses, charities and universities at the Institute of Directors. The gist of what he presented was:

  • ?Britain?s big firms are spending around ?2.8 billion extra each year on inefficient energy technologies ? the equivalent output of nearly five power stations;
  • Now is the time to seize the opportunity with ESOS ? and organisations up and down the country are already gearing up to make changes to save energy, save money and save the environment.
  • If business did what business is supposed to do [that is innovate to make money] and act and invest, it will save ? and that’s the bottom line.?

The environmental benefits are as important although EcoVaro agrees with Ed Davey for taking a pecuniary approach. Businesses above the threshold of 250 staff and a balance sheet of UK?34 million would have not achieved their status unless they spent their money wisely.
The discussion panel included Rhian Kelly (Director of Business Environment at CBI), and Paul Ekins (Director UCL Institute for Sustainable Resources & Deputy Director of the UK Energy Research Centre). Hugh Jones, Managing Director, Advisory at the Carbon Trust responded to Ed Davey?s remarks by commenting:

  • ?At the Carbon Trust we have already engaged with hundreds of businesses on ESOS, helping to explain how they can achieve compliance while also making significant energy savings and cutting carbon.
  • Businesses often aren’t aware of opportunities in energy efficiency, or they don’t realise how attractive the paybacks can be. By requiring companies to understand exactly how they can make cost-effective investment in energy efficiency, they are far more likely to take action.
  • From the interest we have seen so far we expect ESOS to benefit British business by helping companies to reduce overheads and increase competitiveness.

The UK?s Energy Saving Opportunity Scheme ESOS is a gold mine of opportunities for big business, the environment and the population that breathes the air. Measurement of critical energy throughputs is the beginning of the process. EcoVaro is standing by to help you convert your data to meaningful information.

Ready to work with Denizon?

Contact Us Today