Spreadsheet Woes – Burden in SOX Compliance and Other Regulations

End User Computing (EUC) or end User Developed Application (UDA) systems like spreadsheets used to be ideal ad-hoc solutions for data processing and financial reporting. But those days are long gone.

Today, due to regulations like the:

  • Sarbanes-Oxley (SOX) Act,
  • Dodd-Frank Act,
  • IFRS (International Financial Reporting Standards),
  • E.U. Data Protection Directive,
  • Basel II,
  • NAIC Model Audit Rules,
  • FAS 157,
  • yes, there?s more ? and counting

a company can be bogged down when it tries to comply with such regulations while maintaining spreadsheet-reliant financial and information systems.

In an age where regulatory compliance have become part of the norm, companies need to enforce more stringent control measures like version control, access control, testing, reconciliation, and many others, in order to pass audits and to ensure that their spreadsheets are giving them only accurate and reliable information.

Now, the problem is, these control measures aren’t exactly tailor-made for a spreadsheet environment. While yes, it is possible to set up a spreadsheet and EUC control environment that utilises best practices, this is a potentially expensive, laborious, and time-consuming exercise, and even then, the system will still not be as foolproof or efficient as the regulations call for.

Testing and reconciliation alone can cost a significant amount of time and money to be effective:

  1. It requires multiple testers who need to test spreadsheets down to the cell level.
  2. Testers will have to deal with terribly disorganized and complicated spreadsheet systems that typically involve single cells being fed information by other cells in other sheets, which in turn may be found in other workbooks, or in another folder.
  3. Each month, an organisation may have new spreadsheets with new links, new macros, new formulas, new locations, and hence new objects to test.
  4. Spreadsheets rarely come with any kind of supporting documentation and version control, further hampering the verification process.
  5. Because Windows won’t allow you to open two Excel files with the same name simultaneously and because a succession of monthly-revised spreadsheets separated by mere folders but still bearing the same name is common in spreadsheet systems, it would be difficult to compare one spreadsheet with any of its older versions.

But testing and reconciliation are just two of the many activities that make regulatory compliance terribly tedious for a spreadsheet-reliant organisation. Therefore, the sheer intricacy of spreadsheet systems make examining and maintaining them next to impossible.

On the other hand, you can’t afford not to take these regulations seriously. Non-compliance with regulatory mandates can have dire consequences, not the least of which is the loss of investor confidence. And when investors start to doubt the management’s capability, customers will start to walk away too. Now that is a loss your competitors will only be too happy to gain.

Learn more about our server application solutions and discover a better way to comply with regulations.

More Spreadsheet Blogs


Spreadsheet Risks in Banks


Top 10 Disadvantages of Spreadsheets


Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry


How Internal Auditors can win the War against Spreadsheet Fraud


Spreadsheet Reporting – No Room in your company in an age of Business Intelligence


Still looking for a Way to Consolidate Excel Spreadsheets?


Disadvantages of Spreadsheets


Spreadsheet woes – ill equipped for an Agile Business Environment


Spreadsheet Fraud


Spreadsheet Woes – Limited features for easy adoption of a control framework


Spreadsheet woes – Burden in SOX Compliance and other Regulations


Spreadsheet Risk Issues


Server Application Solutions – Don’t let Spreadsheets hold your Business back


Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Excel Spreadsheet Conversion to SQL Reports

Spreadsheets are flexible, inexpensive and easy to use. They are especially handy when it comes to beating report submission deadlines or making impromptu data computations.

Unfortunately, organisations heavy reliance on spreadsheets have made these User Developed Applications (UDA) into high-risk office tools. Simple spreadsheet errors like leaving out a negative sign or a cut-and-paste mistake have already caused million-dollar discrepancies. Also, when a fraudulent employee enters into the picture, the risks become unimaginable.
Think TransAlta’s spreadsheet cut-and-paste glitch (the company later called this a ‘simple clerical error’) which caused the energy firm a whopping $24 million loss or Fidelity’s overstatement of its earnings owing to the omission of the minus sign on the spreadsheet of a $1.3 billion net capital loss.

Denizon can convert your Excel Spreadsheets to a web based SQL Server Reporting Services (SSRS). It does not import Excel data, rather it allows the creation and deployment of reports in a more efficient manner by querying the data.

So what is the problem with Spreadsheets?

  • Plagued with risk issues and vulnerable to fraud
  • Lacking in control features especially when copied, edited and emailed between many users
  • A burden to regulation compliance e.g. SOX (Sarbanes-Oxley)
Moreover:
  • Accidental copy-paste/Omission of a negative sign/Erroneous range selection
  • Incorrect data input or unintentional deletion of a character, cell, range, column, or row
  • Possibility of the user working on the wrong version
  • Prone to inconsistent company-wide reporting
  • Often ‘defenceless’ against unauthorised access

See Top 10 Disadvantages of Spreadsheets

What makes SQL Server Reporting Services better than Spreadsheets?

  • Free from spreadsheet risks & equipped with built-in controls that substantially reduce risks to data
  • Less prone to fraud
  • More suitable for regulatory compliance e.g. SOX
  • Designed for an agile business environment

Automatic consolidation eliminates errors and wasted time caused by tedious copy-pasting of data and linking of cells
Better collaboration capabilities allows team members to bring their heads together for planning, budgeting, and reporting even while on the go
Mobility support enables users to input data or retrieve information through their wireless mobile device

Superior sharing features ensures that everyone is exactly on the same page and viewing real-time information
Dashboards provide insightful information at-a-glance through KPIs, graphs, and various metrics
Drill-downs enable users to investigate unusual figures and gain a better understanding of the details that contribute to the big picture
Easy to learn interfaces allow your organisation to cope with fast personnel turnaround or Mergers & Acquisitions

Don’t know how to shift from Spreadsheets to SQL Server Reporting Services?

We’ve got the knowledge and expertise to assist you in:

  • Making a smooth and cost-efficient transition from risky spreadsheets to reliable reports
  • Designing and implementing SOX-compliant report-generating methods and procedures
  • Putting exposure to high-risk reporting methods a thing of the past
8 Reasons why you Need to Undertake Technical and Application Assessments

Are your information assets enabling you to operate more cost-effectively or are they just drawing in more risks than you are actually aware of? Obviously, you now need to get a better picture of those assets to see if your IT investments are giving you the benefits you were expecting and to help you identify areas where improvements should be made.

The best way to get the answers to those questions is through technical and application assessments. In this post, we?ll identify 8 good reasons why it is now imperative to undertake such assessments.

1. Address known issues – Perhaps the most common reason that drives companies to undertake a technology/application assessment is to identify the causes of existing issues such as those related to data accessibility, hardware and software scalability, and performance.

2. Cut down liabilities and risks – Unless you know what and where the risks are, there is no way you can implement an appropriate risk mitigation strategy. A technology and application assessment will enable you to thoroughly test and examine your information systems to see where your business-critical areas and points of failure are and subsequently allow you to act on them.

3. Discover emerging risks – Some risks may not yet be as threatening as others. But it would certainly be reassuring to be aware if any exist. That way, you can either nip them in the bud or keep them monitored.

4. Comply with regulations – Regulations like SOX require you to establish adequate internal controls to achieve compliance. Other regulations call for the protection of personally identifiable information. Assessments will help you pinpoint processes that lack controls, identify data that need protection, and areas that don’t meet regulatory requirements. This will enable you to act accordingly and keep your company away from tedious, time-consuming and costly sanctions.

5. Enhance performance – Poor performance is not always caused by an ageing hardware or an overloaded infrastructure. Sometimes, the culprits are: unsuitable configuration settings, inappropriate security policies, or misplaced business logic. A well-executed assessment can provide enough information that would lead to a more cost-effective action plan and help you avoid an expensive but useless purchase.

6. Improve interoperability – Disparate technologies working completely separate from each other may be preventing you from realising the maximum potential of your entire IT ecosystem. If you can examine your IT systems, you may be able to discover ways to make them interoperate and in turn harness untapped capabilities of already existing assets.

7. Ensure alignment of IT with business goals – An important factor in achieving IT governance is the proper alignment of IT with business goals. IT processes need to be assessed regularly to ensure that this alignment continues to exist. If it does not, then necessary adjustments can be made.

8. Provide assurance to customers and investors – Escalating cases of data breaches and identity theft are making customers and investors more conscious with a company?s capability of preserving the confidentiality of sensitive information. By conducting regular assessments, you can show your customers and investors concrete steps for keeping sensitive information confidential.

ESOS What is the Truth?

When the UK administration introduced its ESOS Energy Savings Opportunity Scheme reactions from business people followed a familiar theme.

  • Do nothing it will go away
  • The next Westminster will drop this
  • Another stealth tax. I don’t have time for this
  • Give the problem to admin and tell them to fix it

ecovaro decided to share three facts with you. These are

(1) ESOS is not a government money spinner

(2) all major political parties support it, and

(3) it is a cost-effective way to put money back in your pocket while feeling better about what business pumps into the environment.

Four More ESOS Facts

1. You Cannot Give the Problem to Admin ? Energy is technical. The lead belongs with your operations staff because they understand how your systems work. Some things are best outsourced though. ecovaro is here to help.

2. ESOS is Not Going to Go Away ? A company inside the regulation net must submit its first report by 6 December 2015. Non-compliance risks the following penalties:

  • ?5,000 for not maintaining adequate records
  • ?50,000 for not completing the assessment
  • ?50,000 for making a false or misleading statement

3. The Employee Count is the Annual Average – The employment criteria (unlike balance sheet and turnover) is the monthly average of full and part-time employees taken across the full financial year. The fact you have <250 employees in December 2015 when the first report is due does not necessarily let you off the hook.

4. The 6 December 2014 Report is No Big Deal ? When you think about it the administration is hardly likely to spend years wading through 9,000 detailed company energy plans. It has no authority to comment in any case. All that is required is for a senior director to confirm reading the document, and a lead assessor to agree it complies with the law.

Does this mean that ESOS is a damp squib? We do not think so, although some firms may take the low road. ecovaro believes the financial benefits will carry the process forward, and that the imperative to make the world a better place will do the rest.

Ready to work with Denizon?

Contact Us Today