Spreadsheet Risk Issues

It is interesting to note that the riskiness of operational spreadsheets are overlooked even by companies with high standards of risk management. Only when errors amount to actual losses do they realize that these risks have been staring them in the face all along.

Common spreadsheet risk issues

Susceptibility to trivial manual errors

Due to the fundamental structure of spreadsheets, a slight change in the formula or value in any of their inhabited cells may already affect their overall output. An

  • accidental copy-paste,
  • omission of a negative sign,
  • erroneous range selection,
  • incorrect data input or
  • unintentional deletion of a character,cell, range, column, or row

are just some of the simple errors spreadsheet users frequently encounter. Rarely are there any counter-checking controls in place in a spreadsheet-based activity and manual errors therefore easily go undetected.

Possibility of the user working on the wrong version

How do you store spreadsheet files?

Since the most common reports are usually generated on a monthly basis, users tend to store them using variations of these two configurations:

spreadsheet storage

If you notice, a user can accidentally work on the wrong version with any of these structures.

Prone to inconsistent company-wide reporting

This happens when a summary or ?final? spreadsheet is fed information by different departments coming from their own spreadsheets. Even if most of the data in their spreadsheets come from one source (the company-wide database), erroneous copy-pasting and linking, or even different interpretations of the same data can result to contradicting information in the end.

Often defenceless against unauthorised access

Some spreadsheets contain information needed by various individuals or department units in an organisation. Hence, they are often shared via email or through shared folders in a network. Now, because spreadsheets don’t normally use any access control, any user can easily open a spreadsheet file and view or modify the contents as he wishes.

Highly vulnerable to fraud

A complex spreadsheet system with zero or very minimal controls provides the perfect setting for would-be fraudsters. Hidden cells with malicious formulas and links to bogus information can go unnoticed for a long time especially if the final figures don’t deviate much from expected values.

Spreadsheet risk mitigation solutions may not suffice

Inherent complexity makes testing and logic inspection very time consuming

Deep testing can uncover possible errors hidden in spreadsheet cells and consequently mitigate risks. But spreadsheets used to support financial reporting are normally large, complex, highly-personalised and, without ample supporting documentation, understandably hard to follow.

No clear ownership of risk management responsibilities

There?s always a dilemma when an organisation starts assigning risk management responsibilities for spreadsheets. IT personnel believe users in the business side of the organisation should be responsible since they are the ones who create, edit, store, duplicate, and share the spreadsheet files. On the other hand, users believe IT should be responsible since they have always been in-charge of managing IT infrastructure, applications, and files.

To get rid of spreadsheet risks, you’ll have to get rid of spreadsheets altogether

One remedy is to have a risk management activity that involves both IT personnel and spreadsheet users. But wouldn’t you want to get rid of the complexity of having to distribute the responsibilities between the two parties instead of just one?

Learn more about Denizon’s server application solutions and how you can get rid of spreadsheet risk issues.

More Spreadsheet Blogs


Spreadsheet Risks in Banks


Top 10 Disadvantages of Spreadsheets


Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry


How Internal Auditors can win the War against Spreadsheet Fraud


Spreadsheet Reporting – No Room in your company in an age of Business Intelligence


Still looking for a Way to Consolidate Excel Spreadsheets?


Disadvantages of Spreadsheets


Spreadsheet woes – ill equipped for an Agile Business Environment


Spreadsheet Fraud


Spreadsheet Woes – Limited features for easy adoption of a control framework


Spreadsheet woes – Burden in SOX Compliance and other Regulations


Spreadsheet Risk Issues


Server Application Solutions – Don’t let Spreadsheets hold your Business back


Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

ESOS Guide for UK Manufacturers Available

The Engineering Employers’ Federation (EEF) is the UK’s largest sectoral structure. Its goal is to promote the interests of manufacturing, engineering and technology-based businesses in order to enhance their competitiveness.

EEF has positioned itself in London and Brussels in order to be in a position to lobby at EU and Westminster level. Part of its role is helping its members adapt to change and capitalise on it. When it discovered that a third of UK manufacturers must comply with ESOS (and 49% had not even heard of it) EEF decided it was time to publish a handbook for its members.

According to EEF’s head of climate and environment policy Gareth Stace, For the many manufacturers that have already taken significant steps to improve energy efficiency, ESOS can be viewed as a ?stock taking exercise?, ensuring that momentum is maintained and new measures are highlighted and taken when possible?.

He goes on to add that others that have not begun the process should view it as an ‘impetus’ to go head down and find the most cost-effective ways to slash energy costs. Ecovaro adds that they would also have the opportunity to reduce carbon emissions almost as a by-product.

Firms with more than 250 employees, over 250 million revenue or both must comply with ESOS across all UK sectors. In simplest terms, they must have conducted an energy audit by 5th December 2015, and logged their energy saving plan with the Environmental Agency that is Britain?s sustainability watchdog.

The Department of Energy & Climate Change (DEEC) that oversees it believes that large UK businesses are wasting ?2.8 billion a year on electricity they do not need. Clearly it makes sense to focus on larger targets; however EcoVaro believes those halfway to the threshold should voluntarily comply if cutting their energy bills by 25% sounds appealing.

We are able to assist with interpreting their energy audits. These are often a matter of installing sub-meters at distribution points, and reading these for a few representative months to establish a trend. Meters are inexpensive compared to electricity costs, and maintenance teams can install them during maintenance shutdowns.

Ecovaro helps these firms process the data into manageable summaries using cloud-based technology. This is on a pay-when-used basis, and hence considerably cheaper than acquiring the software, or appointing a consultant.

Competencies, Roles and Responsibilities of Lead Assessors

Any organisation that opts for energy audits, Display of Energy Certificates and Green Deal Assessments needs a lead assessor to review the chosen ESOS compliance routes. The Derivative provides that energy audits should be carried out independently by qualified and accredited experts. Additionally, these audits should be implemented as well as supervised by independent authorities under the national legislation.

Lead assessors undertake several roles in ESOS assessments. He or she is the one responsible to take the lead of the entire assessment team, prepare the plan, conduct the meetings and submit the formal report to governing authorities. Nevertheless, selecting an appropriate lead assessor is an important element that every organisation should carefully consider.

Competencies Requirements of Lead Assessors

Lead assessors should be knowledgeable enough with in-depth expertise in carrying out energy efficiency assessment. They should also possess foundational, functional and technical competencies to deliver the task effectively. Likewise, consider the assessors? sector experiences, familiarity with your business? technologies and properties, and accreditation with prescribed standards.

As you choose your lead assessor, contemplate on the skills and qualifications that would give your organisation benefits.

Roles and Responsibilities of Lead Assessors

The business organisation is responsible for the overall legal ESOS compliance. Moreover, here are some of the roles and responsibilities that lead assessors should assume in ESOS assessments.

The lead assessor agrees on the audit methodologies that the organisation would undergo in new audits. He or she agrees with the ESOS participant regarding the audit timetable, sampling approach and visits required. It is also the lead assessor?s role to identify the opportunities on energy saving and assist in calculating the cost savings from the measures taken. During the ESOS audits, the lead assessor determines the energy use profiles, presents the recommendations and reviews the entire assessment as a whole. Furthermore, he or she should maintain the evidence pack of the ESOS to uphold the audit’s credibility, its findings and recommendations.

Finding Lead Assessors

Energy and environment professionals would only be able to demonstrate their expertise as lead assessors upon registering in a professional body accredited by the Environment Agency. Any business that needs a lead assessor is advised to check on the EA?s website to see the details of approved registers.

Lead assessors can either be in-house experts or external professionals. However, they should be able to provide proof of membership as an approved register to take the role of a lead assessor. If the organisation has an internal lead assessor, the company should then take the final ESOS assessment to two board-level directors that would sign the formal report.

Indeed, the lead assessor is an organisation’s partner when it comes to delivering great results. With good professional conduct and excellent management of an assessment team, the lead assessor can help achieve breakthrough energy efficiency strategies. More than anything else, the organisation will benefit from maximum energy savings opportunities ahead. Thus, every qualified business enterprise should invest in finding the best lead assessor to guide them towards success.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
How to carry out an Operational Review

A mobile workforce management software is key to managing an efficient field workforce.? Managing a staff of people can be tricky in any industry. Try keeping track of employees on shifting jobsites, many whom are paid hourly or temporary workers. The added pressure of ensuring the right workers get to the right sites at the right times, but they also need to track hours, parts used, vehicles and equipment assets.

In a previous post, we defined what is an operational review and why they play a key process in the continual evolution of successful businesses.?

Operational reviews allow the organization members to evaluate their performance, according to the procedures, resources properly, timescales and budgets.

Denizon – Operational Reviews Defined

Tweet

In this post, we’ll take a closer look at how to implement an operational review and the steps typically undertaken to help you and your organisation to implement an operational review.

What the steps in a Operational Review Process

There are typically six steps in an operational review that range from preparatory work conducting interviews and collecting documents to the presentation of the final written report.

An audit should be customized to meet a organisatons specific needs, so standard steps can and should only serve as a guideline.? Management and internal and external auditors should adjust the process to address the company’s particular goals and objectives.

Initial Management Meeting

Understanding the problem is the first crucial step of an operational review. This is one of major areas of discussions when the audit team meets with the management, and department heads will be asked to identify any specific areas of concern. Once the problem is identified, it would be easier to come up with workable solutions.

Conduct Interviews

The next step in the evaluation is carried out with experienced teams doing interviews and keeping close observation. Each team essentially watches how employees carry out their responsibilities. This is considered a key part of the process.

When doing the interview, it is also vital that the observing team gains the employees? trust and confidence. Likewise, the staff must be assured that whatever transpires between the team and the employee will be kept confidential. Management must therefore guarantee anonymity to anyone who offers critical information, lest employees withhold vital information and render the data gathered inaccurate.

Systems Review

Employees and management practices will be reviewed by the assessing team according to the standard policies and guidelines of the company. The effectiveness of the controls in place as well as their appropriateness to the current operating conditions will also be evaluated.

Reporting

A documentation of the data gathered and the assessment of the evaluating team, will be submitted to the management after the review process. Flow charts and written narratives of departmental activities are usually part of this report. This is also where observations and recommendations of the team will be presented to the department heads concerned.

Review Results

While the operational review is being conducted, it is important to take into account the vital factors that affect the company: the people, processes, procedures, and strategies. These four factors can determine the company?s progress in the future.

Key Areas of focus in operation reviews

At a minimum an operational review should include the following key ares of assessment

Management Control

Responsibilities, authority, and the scope in which an employee has the freedom to act must be clearly defined and documented. A complete and specific job description for instance, would give the employee a clear perspective on how he acts and functions within the company.

Boundaries should be set not only to benefit the employer but more so the employee as well.

Moral and Ethical Guidelines

Moral and ethical guidelines are just as important to ensure for a smoother employer?employee relationship. Otherwise, personal issues such as work ethics, work attitude and personal values may post problems in the long run if such guidelines are not drawn properly before relationships are established.

Processes and procedures

Evaluating processes is only beneficial if the company itself updates its processes and procedural manuals regularly, or at least when needed. Such protocols may need revision and some steps may be obsolete already. Improving a company?s processes and procedures doesn’t always entail cost. In fact, improvised procedures may even be cost-effective and could make the processes more manageable.

Communication and reporting standards

Gaps in communication could result in serious lapses in internal controls, putting the company and/or its assets at risk. This is where the importance of timely and clear communication comes in. Likewise, reports must be useful, and the flow of information and how it is processed must keep pace with the company?s growth.

Information technology (IT) and security controls can also be included under the communication clause. Proper IT security policies must be in place, state-of-the-art protection techniques employed, and everything be documented, periodically updated, and continually monitored.

Strategic planning and tactics

No company can ever be complete without its strategies. It would unwise for any organization to proceed without first knowing where it stands and what direction it wants to take. Strategic planning draws such a map. It must be aligned to the mission and vision of the company, and should also coincide with the organizational goals set. Strategic planning deals with these three key questions:

  • What do we do now
  • Whom do we do it for?
  • How can we overcome competition

Without clear strategic direction, expectations would likely differ between ownership and management.

Contingency planning, testing and recovery

Contingency plans must be up-to-date, and are essential to the organization. If one course of action fails, the company should have plan B, C and so on. In addition, an organization should be prepared to respond to interference’s.

This includes establishing a formal process to review transactions processing during both disruption and recovery.

Presentation of Report

Based on your objectives and our findings, we will develop detailed recommendations to improve your company?s performance and productivity. Our written report will include a list of both short-term and long-term projected improvements and courses of action, to be mutually agreed upon by both parties.

To ensure the achievement of the improvements we outlined, our team will also assist in the implementation of these modifications.

The plan has three levels of recommendations: one for executives, another for management, and a third one for staff.

The executive summary concentrates on your company?s strengths, weaknesses, opportunities and threats to its entirety. It includes recommendations for any needed changes in policy or governance.

The management plan is based on employee feedback and includes areas of immediate improvement as well as identification of potential problem areas. Concerns from the bottom level management can now be forwarded to the top level management in formal writing. Better working relationships may evolve from this, thereby setting the work environment for a higher productivity ratio.

Lastly, the staff report deals with topics like charting the hierarchy of the organization, and discussing in detail specific control objectives that are critical to the company?s mission. Part of our goal is to encourage personnel to pay close attentions to such changes, if any, as these efforts are essential if they want to bring about both organizational and personal success.

If you would like to further discuss how our operational review services can benefit your company, please feel free to contact us at your convenience to schedule an initial consultation. We?ll be more than happy to assist you.

More Operational Review Blogs


Carrying out an Operational Review


Operational Reviews


Operational Efficiency Initiatives


Operational Review Defined

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today