How to Reduce Costs when Complying with SOX 404

Section 404 contains the most onerous and most costly requirements you’ll ever encounter in the Sarbanes-Oxley Act (SOX). In this article, we?ll take a closer look at the salient points of this contentious piece of legislation as it relates to IT. We?ll also explain why companies are encountering difficulties in complying with it.

Then as soon as we’ve tackled the main issues of this section and identify the pitfalls of compliance, we can then proceed with a discussion of what successful CIOs have done to eliminate those difficulties and consequently bring down their organisation’s IT compliance costs. From this post, you can glean insights that can help you plan a cost-effective way of achieving IT compliance with SOX.

SOX 404 in a nutshell

Section 404 of the Sarbanes-Oxley Act, entitled Management Assessment of Internal Controls, requires public companies covered by the Act to submit an annual report featuring an assessment of their company?s internal controls.

This ?internal control report? should state management’s responsibility in establishing/maintaining an adequate structure and a set of procedures for internal control over your company?s financial reporting processes. It should also contain an assessment of the effectiveness of those controls as of the end of your most recent fiscal year.

Because SOX also requires the public accounting firm that conducts your audit reports to attest to and report on your assessments, you can’t just make baseless claims regarding the effectiveness of your internal controls. As a matter of fact, you are mandated by both SEC and PCAOB to follow widely accepted control frameworks like COSO and COBIT. This framework will serve as a uniform guide for the internal controls you set up, the assessments you arrive at, and the attestation your external auditor reports on.

Why compliance of Section 404 is costly

Regardless which of the widely acceptable control frameworks you end up using, you will always be asked to document and test your controls. These activities can consume a considerable amount of man-hours and bring about additional expenses. Even the mere act of studying the control framework and figuring out how to align your current practices with it can be very tricky and can consume precious time; time that can be used for more productive endeavours.

Of course, there are exceptions. An organisation with highly centralised operations can experience relative ease and low costs while implementing SOX 404. But if your organisation follows a largely decentralised operation model, e.g. if you still make extensive use of spreadsheets in all your offices, then you’ll surely encounter many obstacles.

According to one survey conducted by FEI (Financial Executives International), an organisation that carried out a series of SOX-compliance-related surveys since the first year of SOX adoption, respondents with centralised operations enjoyed lower costs of compliance compared to those with decentralised operations. For example, in 2007, those with decentralised operations spent 30.1 % more for compliance than those with centralised operations.

The main reason for this disparity lies in the disorganised and complicated nature of spreadsheet systems.

Read why spreadsheets post a burden when complying with SOX and other regulations.

Unfortunately, a large number of companies still rely heavily on spreadsheets. Even those with expensive BI (Business Intelligence) systems still use spreadsheets as an ad-hoc tool for data processing and reporting.

Because compliance with Section 404 involves a significant amount of fixed costs, smaller companies tend to feel the impact more. This has been highlighted in the ?Final Report of the Advisory Committee on Smaller Public Companies? published on April 23, 2006. In that report, which can be downloaded from the official website of the US Securities and Exchange Commission, it was shown that:

Companies with over $5 Billion revenues spent only about 0.06% of revenues on Section 404 implementation
Companies with revenues between $1B – $4.9B spent about 0.16%
Companies with revenues between $500M – $999M spent about 0.27%
Companies with revenues between $100M – $499M spent about 0.53%
Companies with revenues less than $100M spent a whopping 2.55% on Section 404

Therefore, not only can you discern a relationship between the size of a company and the amount that the company ends up spending for SOX 404 relative to its revenues, but you can also clearly see that the unfavourable impact of Section 404 spending is considerably more pronounced in the smallest companies. Hence, the smaller the company is, the more crucial it is for that company to find ways that can bring down the costs of Section 404 implementation.

How to alleviate costs of section 404

If you recall the FEI survey mentioned earlier, it was shown that organisations with decentralised operations usually ended up spending more for SOX 404 implementation than those that had a more centralized model. Then in the ?Final Report of the Advisory Committee on Smaller Public Companies?, it was also shown that public companies with the smallest revenues suffered a similar fate.

Can we draw a line connecting those two? Does it simply mean that large spending on SOX affects two sets of companies, i.e., those that have decentralised operations and those that are small? Or can there be an even deeper implication? Might it not be possible that these two sets are actually one and the same?

From our experience, small companies are less inclined to spend on server based solutions compared to the big ones. As a result, it is within this group of small companies where you can find a proliferation of spreadsheet systems. In other words, small companies are more likely to follow a decentralised model. Spreadsheets were not designed to implement strict control features, so if you want to apply a control framework on a spreadsheet-based system, it won’t be easy.

For example, how are you going to conduct testing on every single spreadsheet cell that plays a role in financial reporting when the spreadsheets involved in the financial reporting process are distributed across different workstations in different offices in an organisation with a countrywide operation?

It’s really not a trivial problem.

Based on the FEI survey however, the big companies have already found a solution – employing a server-based system.

Typical server based systems, which of course espouse a centralised model, already come with built-in controls. If you need to modify or add more controls, then you can do so with relative ease because practically everything you need to do can be carried out in just one place.

For instance, if you need to implement high availability or perform backups, you can easily apply redundancy in a cost-effective way – e.g. through virtualisation – if you already have a server-based system. Aside from cost-savings in SOX 404 implementation, server-based systems also offer a host of other benefits. Click that link to learn more.

Not sure how to get started on a cost-effective IT compliance initiative for SOX? You might want to read our post How To Get Started With Your IT Compliance Efforts for SOX.?

Check our similar posts

Why integrating your Field Service Management with IoT Applications makes sense

Your customers want a smooth experience when hiring your services. Whether there are pests that have run amok in their homes and you have been called in to exterminate them, there is a leak in the pipes and your plumbing repair business is the go-to for repairs, you’re in charge of a cleaning business with clients spanning across the residential and commercial niches, or even a locksmith making new installations and providing aftercare for their clients ? it is vital to make the process as hassle-free as possible for your customer. The priority is getting the job done in time, and to quality standards. On the other hand, your mobile workers need access to complete and accurate data to approach the task more proactively, get it done right, and increase the rate of first-time fixes.

When you have multiple clients and a huge workforce, things can get messy with all the paperwork involved. Preparing documents and reports, keying in the data, keeping track of your mobile employees, following up on current jobs and scheduling new appointments ? the workload can put a strain on your staff. Field service scheduling software like FieldElite come in to keep your central office staff abreast with all customer details, sending alerts when new issues arise. These are then relayed to the appropriate technician for the situation to be taken care of at the earliest possible time ? directing the right employee to the customer based on the skill-set availability and location. While field service job management software, by itself, is a powerful solution, you can crank things up a notch by having a system that integrates IoT into its operations.

Powering Field Service Scheduling Software Systems With IoT

FSM gives maintenance firms, distributors, manufacturers and other service businesses an interactive platform that optimises the workflow. From the customers booking maintenance work, office staff tracking operations right from their desk, workers interacting with it while on-ground through the mobile app, to the billing and invoicing ? it is all handled through the same system. IoT applications can boost this becoming a critical tool to show the field managers about the precise locations where attention is needed, for accurate worker and job scheduling and improved customer satisfaction. What if you could also have features like auto-scheduling coming on board? Let’s delve deeper into what it means for your FSM system.

Benefits Of Using Service Management Software With IoT Solutions

Its impact of IoT on field management is seen in the transformation of maintenance data into proactive service actions. Research by Gartner shows that in 2020 there will be over 20 billion connected devices, making the reach of IoT really vast. This will fuel the field management industry, unlocking more potential with the mobile workers interacting in real-time with their equipment and headquarters. This speeds up response time to service requests and transforms interoperability across the different devices.

???????? All-round access

The interaction with IoT benefits the technicians, managers, and customers themselves. For instance, while the worker on ground interacts with the FieldElite mobile app, the office staff at headquarters will be engaging them via browser on their smart devices, and even the client gets access to the system through the customer portal.

???????? Linking your different business operations

It doesn’t stop there. Integrating the mobile service management software to the IoT facilitates inventory management, automobile tracking, and even automates accounting, invoicing, and other internal processes of the business, giving you more visibility over your field assets and operations. Here, the sensors that have been enabled in the network will notify you of damaged equipment, and go further to route and dispatch the technician who is most suited to go on-site and repair it.

???????? Nip things in the bud ? A proactive approach

Updates from sensors on the remote equipment are sent over a dedicated network. This is intelligently interpreted by the IoT platform to decide the next course of action, depending on a predefined set of rules. This course of action can be assigning and dispatching the technician through the FieldElite app to fix the equipment before permanent damage occurs. This whole process is automatic, shifting the company from a reactive mode of operations to a proactive and preventative model, resulting in better utilisation of assets.

???????? Minimise time wastage

Less time is spent going checking for flaws in the systems. Take management at a wastewater treatment plant for instance. Simply place IoT sensors on the different pumps, mortars and valves to give you this data. In case of leaks or damage, the appropriate operator is alerted, taking away the need for manual monitoring. Monitoring is done remotely. Hazardous situations such as in the oil and gas industry where workers are faced with issues like flare stacks are handled better, where the IoT sensors minimise downtime and ensure that only necessary visits to the plat equipment are done.

???????? Interactions at the palm of your hand

The field service workers are also equipped with effective communications through aspects like the chat feature on the mobile app, and reporting abilities where they can make notes, take photos and relay this to the headquarters during the course of the job. Information on the system is readily available to the customer and future technicians who will be handling jobs at the facility.

How does the FSM work with other systems? FieldElite’s core role is to manage the mobile workforce. How do you keep track of the sensors of the different equipment, in order to know when maintenance is needed?

Enter ecoVaro: IoT In Energy Management

The 2018-2025 Global Building Energy Management System Analysis and Forecast showed energy consumption in residential buildings accounts for close to 40% of the world’s energy consumption.? Commercial buildings like shopping malls, hospitals, retail stores and hotels take 30%. IoT tools aid in collecting and analysing the real-time data consumption in these falsities, to improve maintenance and reduce down times. It’s a holistic view that is achieved through a network of smart devices monitoring the ventilation, humidity, air-conditioning and lighting systems.

Home automation tools like smart thermostats and bulbs are already becoming popular. Here, they bring savings to the consumers without them having to use up much effort. For broader energy management, these systems will include units like sensors, controls, meters, data analytics tools, and user-friendly applications that the consumers access all this from. It cuts across the board, from households and commercial establishments, to utility firms and government bodies keen on effectively monitoring and managing their energy resources. Industrial and commercial users need data analytics tools to maximise their productivity and reduce costs, while residents in households want to reduce their monthly bills and take a more proactive role in their energy management.

From Smart Devices To Accurate Loggers

The first step in saving energy is cutting down wastage. Smart light, humidity, temperature and air conditioning controls come in to maintain optimal indoor conditions. Lighting units, smart thermostats, sensor-based HVAC control systems are part of the IoT, taking centre stage in automatically maintaining the perfect indoor environment that will keep the building?s energy use at optimum levels. They have been designed with different sensors that check the humidity, light, motion and even CO₂ levels, dynamically adjusting the conditions in the facility. Here, you have situations like smart lights dimming when there is more daylight getting into the room, and then automatically turning off when people leave the room. The smart thermostats can precool the indoor space before the day gets warmer, so that during that scorching midday sun there will be less energy spent by the HVCA to bring down the heat levels.

The whole set up ? from the LED lights adjusting to user preferences and routines, learning thermostats that reduce consumption during peak load times, sensors and data analytics that give the user more control over their consumption, creates a smart energy infrastructure, be it in homes or industrial spaces, from retail stores and factories, to entire cities. This is all geared at cutting down energy costs, with the systems automatically adjusting the building?s lighting, temperature and ventilation, to reduce the energy consumption without compromising the comfort of the building?s occupants. LEED bulbs already record 20% lower maintenance costs than the typical commercial buildings.

Adopting IoT Applications For Your EMS System

How can you take advantage of this? With the EMS loggers, you monitor your facility’s consummation in real-time. Platforms like ecoVaro enable both the utility companies and end-users to access this data. The utility firms will be in a position to tailor the power supply in response to changing demand and also adjust their pricing. The end-users, on the other hand, will be in a position to control their usage at a granular level ? responding to changing environmental conditions, power consumption, and reducing energy waste.

There are also those appliances that come with sensors, from boilers in the household, to heavy production machinery in industries. The EMS systems allow you to continuously monitor the load on the sensor-enabled assets, predict when overheating will occur and pinpoint risks of outages or damage on the line. Maintenance can then be immediately carried out to vent damages to the equipment. That way components like motors are protected from damages that would have ended up costing the firm lots of funds to replace. The data analytics from the EMS platforms enable the energy manager to strike that balance to optimise performance and reduce wear, thus prolonging the life of the equipment.

Even the heavy hitters in the energy sector get to benefit from the IoT. Take power production for instance. When you’re dealing with stations, solar farms and wind fields ? as they provide that much-needed power, they also consume energy and need plenty of maintenance. These are resource-heavy stations and as a manager, you want to keep a close eye on things. This involves a complex approach, from the sensors at the facilities, data analytics, to predictive maintenance. EMS software comes in to continuously monitor the equipment and wiring through the sensors. This enables you to prevent issues like overloads, and ensure that a balanced load is maintained on the line. The EMS goes a step further by enabling you to undertake predictive maintenance, for the timely repair of the equipment on the power grid, minimising accidents, preventing blackouts, and averting the costly down times.

Electricity utilities connecting their power plants and grids to available IoT solution networks get to be more transparent to their consumers, by showing them where the energy they use comes from. This empowers the consumers with the information needed to select the cleanest energy source during that period, which is particularly beneficial for those keen on adopting greener practices. For instance, you can have a system monitoring a network of grids, and dynamically shifting to power sources that have the least amount of emissions at the moment ? what’s gaining popularity as “automated emission reduction”. These lead to utility firms that produce clean energy getting more consumers and growing their revenue base.

Field And Energy Management: How FieldElite and ecoVaro Work Together Through IoT

So, on one hand, you have the energy managers following up on the consumption trends at their facilities, keeping an eye on their equipment.? On the other hand, you have field workers needed to carry out repair and maintenance works at different locations.? How do you join them together to ensure a seamless flow of operations?? The IoT.

This can be seen with ecoVaro and Field Elite interaction. Here, you have two independent systems that are interlinked through the internet and secure cloud systems, bringing more convenience on board for the users.

Picture this: Loggers collecting data from the meters and sensors on-site detect an anomaly, which you will immediately be able to view through the ecoVaro platform. This can be a myriad of issues, from plumbing to electrical systems that need to be worked on, and they are at multiple locations. How do you get them resolved? Dispatch your technicians through FieldElite.

Here’s a snapshot of how this works:

This way, you get to optimise your operations and cut down on coasts ? taking advantage of the data analytics tools brought to you by ecoVaro, and streamlining your workflow through FieldElite. IoT powered workforce and energy management systems thus become key in reducing operational expenses, scheduling repairs and maintenance, and planning for peak hours

Accessing real-time data has the welcome benefit of cutting down on the hours spent on energy management processes. Jobs like meter reading that would have taken lots of time are handled by the system. When it comes to field management, operational efficiency is increased by taking away the manual processes involved with all the paperwork.? The sensors monitored via ecoVaro alert the field service manager about equipment that needs to be checked, and FieldElite shows the field manager issues that are on queue to be resolved. In both cases, you get accurate data that will inform the decisions made ? from the maintenance measures required, to scheduling the jobs for the technicians to handle them. It’s a win-win situation.?

Building Blocks For A Brighter Tomorrow

What’s more, this sets you up for the future. Adopting IoT solutions for your field and energy management operations will score you higher ROIs going forward. The global community is working towards enhancing the efficiency of its operations and putting in place sustainable practices in line with their Social Corporate Responsibility (CSR). This is from service providers like plumbing and electrical repair businesses, to utility firms and power generation plants. Lighting systems, homes, office buildings, factories, communities, transportation and whole cites are getting connected through the internet and more control done via smart devices. This is further accelerated by cloud systems enabling real-time, reliable and secure access to the information. By incorporating these setups into your business structure, you will gain a competitive advantage in your niche. After all, we’re still in the early stages of IoT across the industries.

ecoVaro to tackle water stress

For many people within the UK, water is not really something to worry about. Surely enough of it falls out the sky throughout the year that it does feel highly unlikely that we?ll ever run out of it. There certainly does seem to be an abundance of Branded Water available in plastic bottles on our supermarket shelves.

Water, water, every where,
And all the boards did shrink;
Water, water, every where,
Nor any drop to drink.

The Rime of the Ancient Mariner ? Samuel Taylor Coleridge

Despite this, Once-unthinkable water crises are becoming commonplace. If you consider that In England and Wales, we use 16 billion litres of clean drinking water every day ? that’s equivalent to 6,400 Olympic sized swimming pools.

Currently, water companies can provide slightly more than we need ? 2 billion litres are available above and beyond what we’re using. In some areas, though, such as south east England, there is no surplus and, as such, these regions are more likely to face supply restrictions in a dry year.

If we take little moment to reflect on some of the most notable water related stories over the past few years, we’ll start to get a picture of just how real the potential and the threat of water shortages can be.

Reservoirs in Chennai, India?s sixth-largest city, are nearly dry right now. Last year, residents of Cape Town, South Africa narrowly avoided their own Day Zero water shut-off.

It was only year before that, Rome rationed water to conserve scarce resources.

Climate change is likely to mean higher temperatures which may drive up the demand for water (alongside population growth) and increase evaporation from reservoirs and water courses during spring and summer.

The impact of climate change on total rainfall is uncertain, but the rain that does fall is likely to arrive in heavier bursts in winter and summer. Heavier rain tends to flow off land more quickly into rivers and out to sea, rather than recharging groundwater aquifers.

A greater chance of prolonged dry periods is also conceivable. This combined with the harsh reality that no human population can sustain itself without sufficient access to fresh water.

If present conditions continue, 2 out of 3 people on Earth will live within a water-stressed zone by 2025

What is water stress?

Water stress is a term used to describe situation when demand for water is greater than the amount of water available at a certain period in time, and also when water is of poor quality and this restricts its usage. Water stress means deterioration in both the quantity of available water and the quality of available water due to factors affecting available water.

Water stress refers to the ability, or lack thereof, to meet human and ecological demand for water. Compared to scarcity, water stress is a more inclusive and broader concept.

Water Stress considers several physical aspects related to water resources, including water scarcity, but also water quality, environmental flows, and the accessibility of water.

Supply and Demand

Major factors involved when water scarcity strikes is when a growing populations demand for water exceeds the areas ability to service that need.

Increased food production and development programs also lead to increased demand for water, which ultimately leads to water stress.

Increased need for agricultural irrigation in order to produce more crops or sustain livestock are major contributors to localised water stress.

Overconsumption

The demand for water in a given population is fairly unpredictable. Primarily, based on the fact that you can never accurately predict human behaviour and changes in climate.

If too many people are consuming more water than they need because they mistakenly believe that water is freely available and plentiful, then water stress could eventually occur.

This is also linked to perceived economic prosperity of a give region. Manufacturing demand for water can have huge impact regardless whether water is actively used within the manufacturing process or not.

Water Quality

Water quality in any given area is never static. Water stress could happen as a result of rising pollution levels having a direct impact on water quality.

Water contamination happens when new industries either knowingly or unknowingly contaminate water with their industrial practices.

Largely, this can happen and frequently does so because these industries do not take effective control of monitoring and managing their impact on communal water supplies. Incorrectly assuming this is the responsibility of an additional third party like the regional water company.

The truth is, water quality and careful monitoring of it is all of our responsibility.

Water Scarcity

Simple increases in demand for water can in itself contribute to water scarcity. However, these are often preceded by other factors like poverty or just the natural scarcity of water in the area.

In many instances, the initial locations of towns or cities were not influenced by the close proximity of natural resources like water, but rather in pursuit of the extraction of other resources like Gold, Coal or Diamonds.

For Instance, Johannesburg, South Africa is the largest City in South Africa and is one of the 50 largest urban areas in the world. It is also located in the mineral rich Witwatersrand range of hills and is the centre of large-scale gold and diamond trade.

Johannesburg is also one of the only major cities of the world that was not built on a river or harbour. However, it does have streams that contribute to two of Southern Africas mightiest rivers – Limpopo and the Orange rivers. However, most of the springs from which many of these streams emanate are now covered in concrete!

Water Stress and Agriculture

Peter Buss, co-founder of Sentek Technology calls ground moisture a water bank and manufactures ground sensors to interrogate it. His hometown of Adelaide is in one of the driest states in Australia. This makes monitoring soil water even more critical, if agriculture is to continue. Sentek has been helping farmers deliver optimum amounts of water since 1992.

The analogy of a water bank is interesting. Agriculturists must ?bank? water for less-than-rainy days instead of squeezing the last drop. They need a stream of real-time data and utilize cloud-based storage and processing power to curate it.

Sentek?s technology can be found in remote places like Peru?s Atacamba desert and the mountains of Mongolia, where it supports sustainable floriculture, forestry, horticulture, pastures, row crops and viticulture through precise delivery of scarce water.

This relies on precision measurement using a variety of drill and drop probes with sensors fixed at 4? / 10cm increments along multiples of 12? / 30cm up to 4 times. These probe soil moisture, soil temperature and soil salinity, and are readily repositioned to other locations as crops rotate.

Peter Buss is convinced that measurement is a means to an end and only the beginning. ?Too often, growers start watering when plants don’t really need it, wasting water, energy, and labour. By accurately monitoring water can be saved until when the plant really needs it.

Peter also emphasises that crop is the ultimate sensor, and that ?we should ask the plant what it needs?.

This takes the debate a stage further. Water wise farmers should plant water-wise crops, not try to close the stable door after the horse has bolted and dry years return.

The South Australia government thinks the answer also lies in correct farm dam management. It wants farmers to build ones that allow sufficient water to bypass in order to sustain the natural environment too.

There is more to water management than squeezing the last drop. Soil moisture goes beyond measuring for profit. It is about farming sustainably using data from sensors to guide us.

Ecovaro is ahead of the curve as we explore imaginative ways to exploit the data these provide for the common good of all.

A Quarter of the World?s Population, Face High Water Stress

Data from WRI?s Aqueduct tools reveal that 17 countries ? home to one-quarter of the world?s population?face ?extremely high? levels of baseline water stress, where irrigated agriculture, industries and municipalities withdraw more than 80% of their available supply on average every year.

Water stress poses serious threats to human lives, livelihoods and business stability. It’s poised to worsen unless countries act: Population growth, socioeconomic development and urbanization are increasing water demands, while climate change can make precipitation and demand more variable.

How to manage water stress

Water stress is just one dimension of water security. However, like any challenge, its outlook depends on adequate monitoring and management of environmental data.

Even countries with relatively high water stress have effectively secured their water supplies through proper management by leveraging the knowledge they have garnered by learning from the data they gathered.

3 ways to help reduce water stress

In any geography, water stress can be reduced by measures ranging from common sense to innovative technology solutions.

There are countless solutions, but here are three of the most straightforward:

1. Increase agricultural efficiency: The world needs to make every drop of water go further in its food systems. Farmers can use seeds that require less water and improve their irrigation techniques by using precision watering rather than flooding their fields.

Businesses need to increase investments to improve water productivity, while engineers develop technologies that improve efficiency in agriculture.

Consumers can reduce food loss and waste, which uses one-quarter of all agricultural water.

2. Invest in grey and green infrastructure: D Data produced by Aqueduct Alliance – shows that water stress can vary tremendously over the year. WRI and the World Bank?s research shows that built infrastructure (like pipes and treatment plants) and green infrastructure (like wetlands and healthy watersheds) can work in tandem to tackle issues of both water supply and water quality.

3. Treat, reuse and recycle: We need to stop thinking of wastewater as waste.

Treating and reusing it creates a ?new? water source.

There are also useful resources in wastewater that can be harvested to help lower water treatment costs. For example, plants in Xiangyang, China and Washington, D.C. reuse or sell the energy- and nutrient-rich byproducts captured during wastewater treatment.

Summary

The data is undeniably clear, there are very worrying trends in water.

Businesses and other other organisations need to start taking action now and investing in better monitoring and management, we can solve water issues for the good of people, economies and the planet. We collectively cannot kick this can down the road any further, or assume that this problem will be solved by others.

It is time, for a collective sense of responsibility and for everyone to invest in future prosperity of our Planet as a collective whole. Ecological preservation should be at the forefront of all business plans because at the end of the day profit is meaningless without an environment to enjoy it in!

The Better Way of Applying Benford’s Law for Fraud Detection

Applying Benford’s Law on large collections of data is an effective way of detecting fraud. In this article, we?ll introduce you to Benford’s Law, talk about how auditors are employing it in fraud detection, and introduce you to a more effective way of integrating it into an IT solution.

Benford’s Law in a nutshell

Benford’s Law states that certain data sets – including certain accounting numbers – exhibit a non-uniform distribution of first digits. Simply put, if you gather all the first digits (e.g. 8 is the first digit of ?814 and 1 is the first digit of ?1768) of all the numbers that make up one of these data sets, the smallest digits will appear more frequently than the larger ones.

That is, according to Benford’s Law,

1 should comprise roughly 30.1% of all first digits;
2 should be 17.6%;
3 should be 12.5%;
4 should be 9.7%, and so on.

Notice that the 1s (ones) occur far more frequently than the rest. Those who are not familiar with Benford’s Law tend to assume that all digits should be distributed uniformly. So when fraudulent individuals tinker with accounting data, they may end up putting in more 9s or 8s than there actually should be.

Once an accounting data set is found to show a large deviation from this distribution, then auditors move in to make a closer inspection.

Benford’s Law spreadsheets and templates

Because Benford’s Law has been proven to be effective in discovering unnaturally-behaving data sets (such as those manipulated by fraudsters), many auditors have created simple software solutions that apply this law. Most of these solutions, owing to the fact that a large majority of accounting departments use spreadsheets, come in the form of spreadsheet templates.

You can easily find free downloadable spreadsheet templates that apply Benford’s Law as well as simple How-To articles that can help you to implement the law on your own existing spreadsheets. Just Google “Benford’s law template” or “Benford’s law spreadsheet”.

I suggest you try out some of them yourself to get a feel on how they work.

The problem with Benford’s Law when used on spreadsheets

There’s actually another reason why I wanted you to try those spreadsheet templates and How-To’s yourself. I wanted you to see how susceptible these solutions are to trivial errors. Whenever you work on these spreadsheet templates – or your own spreadsheets for that matter – when implementing Benford’s Law, you can commit mistakes when copy-pasting values, specifying ranges, entering formulas, and so on.

Furthermore, some of the data might be located in different spreadsheets, which can likewise by found in different departments and have to be emailed for consolidation. The departments who own this data will have to extract the needed data from their own spreadsheets, transfer them to another spreadsheet, and send them to the person in-charge of consolidation.

These activities can introduce errors as well. That’s why we think that, while Benford’s Law can be an effective tool for detecting fraud, spreadsheet-based working environments can taint the entire fraud detection process.

There?s actually a better IT solution where you can use Benford’s Law.

Why a server-based solution works better

In order to apply Benford’s Law more effectively, you need to use it in an environment that implements better controls than what spreadsheets can offer. What we propose is a server-based system.

In a server-based system, your data is placed in a secure database. People who want to input data or access existing data will have to go through access controls such as login procedures. These systems also have features that log access history so that you can trace who accessed which and when.

If Benford’s Law is integrated into such a system, there would be no need for any error-prone copy-pasting activities because all the data is stored in one place. Thus, fraud detection initiatives can be much faster and more reliable.

You can get more information on this site regarding the disadvantages of spreadsheets. We can also tell you more about the advantages of server application solutions.