Spreadsheet Woes – Burden in SOX Compliance and Other Regulations

End User Computing (EUC) or end User Developed Application (UDA) systems like spreadsheets used to be ideal ad-hoc solutions for data processing and financial reporting. But those days are long gone.

Today, due to regulations like the:

  • Sarbanes-Oxley (SOX) Act,
  • Dodd-Frank Act,
  • IFRS (International Financial Reporting Standards),
  • E.U. Data Protection Directive,
  • Basel II,
  • NAIC Model Audit Rules,
  • FAS 157,
  • yes, there?s more ? and counting

a company can be bogged down when it tries to comply with such regulations while maintaining spreadsheet-reliant financial and information systems.

In an age where regulatory compliance have become part of the norm, companies need to enforce more stringent control measures like version control, access control, testing, reconciliation, and many others, in order to pass audits and to ensure that their spreadsheets are giving them only accurate and reliable information.

Now, the problem is, these control measures aren’t exactly tailor-made for a spreadsheet environment. While yes, it is possible to set up a spreadsheet and EUC control environment that utilises best practices, this is a potentially expensive, laborious, and time-consuming exercise, and even then, the system will still not be as foolproof or efficient as the regulations call for.

Testing and reconciliation alone can cost a significant amount of time and money to be effective:

  1. It requires multiple testers who need to test spreadsheets down to the cell level.
  2. Testers will have to deal with terribly disorganized and complicated spreadsheet systems that typically involve single cells being fed information by other cells in other sheets, which in turn may be found in other workbooks, or in another folder.
  3. Each month, an organisation may have new spreadsheets with new links, new macros, new formulas, new locations, and hence new objects to test.
  4. Spreadsheets rarely come with any kind of supporting documentation and version control, further hampering the verification process.
  5. Because Windows won’t allow you to open two Excel files with the same name simultaneously and because a succession of monthly-revised spreadsheets separated by mere folders but still bearing the same name is common in spreadsheet systems, it would be difficult to compare one spreadsheet with any of its older versions.

But testing and reconciliation are just two of the many activities that make regulatory compliance terribly tedious for a spreadsheet-reliant organisation. Therefore, the sheer intricacy of spreadsheet systems make examining and maintaining them next to impossible.

On the other hand, you can’t afford not to take these regulations seriously. Non-compliance with regulatory mandates can have dire consequences, not the least of which is the loss of investor confidence. And when investors start to doubt the management’s capability, customers will start to walk away too. Now that is a loss your competitors will only be too happy to gain.

Learn more about our server application solutions and discover a better way to comply with regulations.

More Spreadsheet Blogs


Spreadsheet Risks in Banks


Top 10 Disadvantages of Spreadsheets


Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry


How Internal Auditors can win the War against Spreadsheet Fraud


Spreadsheet Reporting – No Room in your company in an age of Business Intelligence


Still looking for a Way to Consolidate Excel Spreadsheets?


Disadvantages of Spreadsheets


Spreadsheet woes – ill equipped for an Agile Business Environment


Spreadsheet Fraud


Spreadsheet Woes – Limited features for easy adoption of a control framework


Spreadsheet woes – Burden in SOX Compliance and other Regulations


Spreadsheet Risk Issues


Server Application Solutions – Don’t let Spreadsheets hold your Business back


Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Could Kanban Be?Best for Knowledge Workers?

Knowledge Workers include academics, accountants, architects, doctors, engineers, lawyers, software engineers, scientists and anybody else whose job it is to think for a living. They are usually independent-minded people who do not appreciate project managers dishing out detailed orders. Kanban project management resolves this by letting them choose the next task themselves.

The word ?Kanban? comes from a Japanese word meaning ?billboard? or ?signboard?. Before going into more detail how this works let’s first examine how Japanese beliefs of collaboration, communication, courage, focus on value, respect for people and a holistic approach to change fit into the picture.

The Four Spokes Leading to the Kanban Hub

  1. Visualise the Workflow ?You cannot improve what you cannot see. The first step involves team members reducing a project to individual stages and posting these on a noticeboard.
  2. Create Batches ? These stages are further reduced to individual tasks or batches that are achievable within a working day or shift. More is achievable when we do not have to pick up where we left off the previous day.
  3. Choose a Leader the Team Respects – Without leadership, a group of people produces chaotic results. To replace this with significant value they need a leader, and especially a leader they can willingly follow.
  4. Learn and Improve Constantly ? Kaizen or continuous improvement underpins the Japanese business model, and respects that achievement is a step along the road, and not fulfilment.

The Kanban Method in Practice

Every Kanban project begins with an existing process the participants accept will benefit from continuous change. These adjustments should be incremental, not radical step-changes to avoid disrupting the stakeholders and the process. The focus is on where the greatest benefits are possible.

Anybody in the team is free to pull any batch from the queue and work on it in the spirit of collaboration and cooperation. That they do so, should not make any waves in a culture of respect for people and a holistic approach to working together. All it needs is the courage to step out of line and dream what is possible.

The Kanban Project Method ? Conclusions and Thoughts

Every engine needs some sort of fuel to make it go. The Kanban project management method needs collaboration, communication, courage, focus on value, respect for people and a holistic approach to work. This runs counter to traditional western hierarchies and probably limits its usefulness in the West.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Eliminate The Complexities Of Your IT System

There may have been times when you actually spent on the right IT system but didn’t have adequate expertise to instil the appropriate learning curve for your end users. Oftentimes, users find a new system too complicated and end up spending more hours familiarising with intricate processes than is economically acceptable.

There are also applications that are just too inherently sophisticated that, even after the period of familiarisation, a lot of time is still spent managing or even just using them. Therefore, at the end of each day, your administrators and users aren’t able to complete much business-related tasks.

The first scenario can be solved by providing adequate training and tech support. The second might require enhancements or, in extreme cases, an overhaul of the technology itself.

For instance, consider what happens right after the conclusion of a merger and acquisition (M&A). CIOs from both sides and their teams will have to work hard to bring disparate technologies together. The objective is to hide these complexities and allow customers, managers, suppliers and other stakeholders to get hold of relevant information with as little disruption as possible.

One solution would be to implement Data Warehousing, OLAP, and Business Intelligence (BI) technologies to handle extremely massive data and present them into usable information.

These are just some of the many scenarios where you’ll need our expertise to eliminate the complexities that can slow your operations down.

Here are some of the solutions and benefits we can offer when we start working with you:

  • Consolidated hardware, storage, applications, databases, and processes for easier and more efficient management at a fraction of the usual cost.
  • BI (Business Intelligence) technologies for improved quality of service and for your people, particularly your managers, to focus on making decisions and not just filtering out data.
  • Training, workshops, and discussions that provide a clear presentation of the inter-dependencies among applications, infrastructure, and the business processes they support.
  • Increased automation of various processes resulting in shorter administration time. This will free your administrators and allow them to shift their attention to innovative endeavours.

Find out how we can increase your efficiency even more:

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
What GDPR Means in Practice for Irish Business

The General Data Protection Regulation (GDPR) is a European directive aimed at ring-fencing consumer data against illegal or unnecessary access. There is nothing to discuss or debate with local politicians, or the Irish Data Protection Commissioner for that matter. As a European directive, it has over-riding power. To obtain an English version, please visit this link, and select ?EN? from the table of languages.

As you reach for your tea, coffee or Guinness after sighting it, you will be glad to know the Irish Data Protection Commissioner has the lead in turning this into business English we understand. The following diagram should assist you to obtain a quick overview of the process we all have to go through. In this article, we briefly describe what is inside Boxes 1 to 12. The regulation comes into force on 25 May 2018 so we have less than a year to get ready.

The 12 Essential Steps to Implementing the General Data Protection Act

1. Create awareness among your people of what is coming their way. The GDPR has given our regulator discretion to dish out fines up to ?20,000,000 (or 4% of total annual global turnover, whichever is greater) so there is determination to make this happen.

2. Become accountable by understanding the consumer data you hold. Why are you retaining it, how did you obtain it, and why did you originally collect it. Now you know it is there, how much longer will you still need it? How secure is it in your hands, have you ever shared it?

3. Open a communication channel with your staff, your customers, and anyone else using the data. Share how you feel about how accountable you have been with the information in the past. Explain how you plan to comply with the GDPR in future, and what needs to change.

4. Understand the personal privacy entitlement of the subjects of the information. They have rights to access it, correct mistakes, remove information, restrict its use, decline direct marketing, and copy it to their own files. What needs to change in your systems to assure these rights?

5. Issue a policy for allowing consumers access to their information you hold. You must process requests within a month, and you may not charge for the service unless your cost is excessive. You may decline unfounded or excessive demands within your policy guidelines.

6. Adapt to the requirement that you must have a legal basis for everything you do with, and to consumer data. You need to be in a position to justify your actions to the Irish Data Protection Commissioner in the event of a complaint. Having a legitimate interest is no longer sufficient.

7. Ensure that consumer consent to collect, use, and distribute their data is ?freely given, specific, informed, and unambiguous.? From 25 May 2018 onward, this consent will be your only ground to do so. You cannot force consent. Your benchmark becomes what the GDPR says.

8. Issue rules for managing data of underage subjects. This is currently under review and we are awaiting results. Put systems in place to verify age. Set triggers for where guardians must give consent. Make sure age is verifiable. Use language young people understand.

9. Introduce a culture of openness and honesty, whereby breaches of the GDPR are detected, reported, investigated, and resolved. You will have a duty to file a GDPR report with the Data Protection Commissioner within 72 hours, thus it is important to fast track the process.

10. Introduce a policy of conducting a privacy assessment before taking new initiatives. The GDPR calls for ?privacy by deign?, and we need to engineer it in. This may be the right time to appoint a data controller in your company, and start implementing the GDPR while you have time.

11. You may also need to appoint a data protection officer depending on the size of your business. Alternatively, you need to add managing data protection compliance to an employee?s duties, or appoint an external data-protection compliance consultant.

12. Finally, and you will be glad to know this is the end of the list, the GDPR has an international flavour in that multinational organisations will report into the EU Lead Supervisory Authority. This will manage the process centrally while consulting national data authorities.

The GDPR is a project we all need to complete. If we are out of line, it is in our interests to get things straightened out. Once everything is in place, the task should not be too onerous. Getting there could be the pain.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today