Spreadsheet Woes – Burden in SOX Compliance and Other Regulations

End User Computing (EUC) or end User Developed Application (UDA) systems like spreadsheets used to be ideal ad-hoc solutions for data processing and financial reporting. But those days are long gone.

Today, due to regulations like the:

  • Sarbanes-Oxley (SOX) Act,
  • Dodd-Frank Act,
  • IFRS (International Financial Reporting Standards),
  • E.U. Data Protection Directive,
  • Basel II,
  • NAIC Model Audit Rules,
  • FAS 157,
  • yes, there?s more ? and counting

a company can be bogged down when it tries to comply with such regulations while maintaining spreadsheet-reliant financial and information systems.

In an age where regulatory compliance have become part of the norm, companies need to enforce more stringent control measures like version control, access control, testing, reconciliation, and many others, in order to pass audits and to ensure that their spreadsheets are giving them only accurate and reliable information.

Now, the problem is, these control measures aren’t exactly tailor-made for a spreadsheet environment. While yes, it is possible to set up a spreadsheet and EUC control environment that utilises best practices, this is a potentially expensive, laborious, and time-consuming exercise, and even then, the system will still not be as foolproof or efficient as the regulations call for.

Testing and reconciliation alone can cost a significant amount of time and money to be effective:

  1. It requires multiple testers who need to test spreadsheets down to the cell level.
  2. Testers will have to deal with terribly disorganized and complicated spreadsheet systems that typically involve single cells being fed information by other cells in other sheets, which in turn may be found in other workbooks, or in another folder.
  3. Each month, an organisation may have new spreadsheets with new links, new macros, new formulas, new locations, and hence new objects to test.
  4. Spreadsheets rarely come with any kind of supporting documentation and version control, further hampering the verification process.
  5. Because Windows won’t allow you to open two Excel files with the same name simultaneously and because a succession of monthly-revised spreadsheets separated by mere folders but still bearing the same name is common in spreadsheet systems, it would be difficult to compare one spreadsheet with any of its older versions.

But testing and reconciliation are just two of the many activities that make regulatory compliance terribly tedious for a spreadsheet-reliant organisation. Therefore, the sheer intricacy of spreadsheet systems make examining and maintaining them next to impossible.

On the other hand, you can’t afford not to take these regulations seriously. Non-compliance with regulatory mandates can have dire consequences, not the least of which is the loss of investor confidence. And when investors start to doubt the management’s capability, customers will start to walk away too. Now that is a loss your competitors will only be too happy to gain.

Learn more about our server application solutions and discover a better way to comply with regulations.

More Spreadsheet Blogs


Spreadsheet Risks in Banks


Top 10 Disadvantages of Spreadsheets


Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry


How Internal Auditors can win the War against Spreadsheet Fraud


Spreadsheet Reporting – No Room in your company in an age of Business Intelligence


Still looking for a Way to Consolidate Excel Spreadsheets?


Disadvantages of Spreadsheets


Spreadsheet woes – ill equipped for an Agile Business Environment


Spreadsheet Fraud


Spreadsheet Woes – Limited features for easy adoption of a control framework


Spreadsheet woes – Burden in SOX Compliance and other Regulations


Spreadsheet Risk Issues


Server Application Solutions – Don’t let Spreadsheets hold your Business back


Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Finding the Best Structure for Your Enterprise Development Team

An enterprise development team is a small group of dedicated specialists. They may focus on a new business project such as an IoT solution. Members of microteams cooperate with ideas while functioning semi-independently. These self-managing specialists are scarce in the job market. Thus, they are a relatively expensive resource and we must optimise their role.

Organisation?Size and Enterprise Development Team Structure

Organisation structure depends on the size of the business and the industry in which it functions. An enterprise development team for a micro business may be a few freelancers burning candles at both ends. While a large corporate may have a herd of full-timers with their own building. Most IoT solutions are born out of the efforts of microteams.

In this regard, Bill Gates and Mark Zuckerberg blazed the trail with Microsoft and Facebook. They were both college students at the time, and both abandoned their business studies to follow their dreams. There is a strong case for liberating developers from top-down structures, and keeping management and initiative at arm?s length.

The Case for Separating Microteams from the?Organisation

Microsoft Corporation went on to become a massive corporate, with 114,000 employees, and its founder Bill Gates arguably one of the richest people in the world. Yet even it admits there are limitations to size. In Chapter 2 of its Visual Studio 6.0 program it says,

‘today’s component-based enterprise applications are different from traditional business applications in many ways. To build them successfully, you need not only new programming tools and architectures, but also new development and project management strategies.?

Microsoft goes on to confirm that traditional, top-down structures are inappropriate for component-based systems such as IoT solutions. We have moved on from ?monolithic, self-contained, standalone systems,? it says, ?where these worked relatively well.?

Microsoft’s model for enterprise development teams envisages individual members dedicated to one or more specific roles as follows:

  • Product Manager ? owns the vision statement and communicates progress
  • Program Manager ? owns the application specification and coordinates
  • Developer ? delivers a functional, fully-complying solution to specification
  • Quality Assurer ? verifies that the design complies with the specification
  • User Educator ? develops and publishes online and printed documentation
  • Logistics Planner ? ensures smooth rollout and deployment of the solution

Three Broad Structures for Microteams working on IoT Solutions

The organisation structure of an enterprise development team should also mirror the size of the business, and the industry in which it functions. While a large one may manage small microteams of employee specialists successfully, it will have to ring-fence them to preserve them from bureaucratic influence. A medium-size organisation may call in a ?big six? consultancy on a project basis. However, an independently sourced micro-team is the solution for a small business with say up to 100 employees.

The Case for Freelancing Individuals versus Functional Microteams

While it may be doable to source a virtual enterprise development team on a contracting portal, a fair amount of management input may be necessary before they weld into a well-oiled team. Remember, members of a micro-team must cooperate with ideas while functioning semi-independently. The spirit of cooperation takes time to incubate, and then grow.

This is the argument, briefly, for outsourcing your IoT project, and bringing in a professional, fully integrated micro-team to do the job quickly, and effectively. We can lay on whatever combination you require of project managers, program managers, developers, quality assurers, user educators, and logistic planners. We will manage the micro-team, the process, and the success of the project on your behalf while you get on running your business, which is what you do best.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Firewalls

There are two main reasons why some companies are hesitant to plug into the Internet.

  1. They know they’ll be exposing their company data to outside attacks from malicious individuals and malware.
  2. They fear their employees might get too many distractions: games, porn, chats, videos, and even social networking sites.

One vital component for your overall security strategy against such concerns? A firewall.

A firewall can block unauthorised access to certain Internet services from inside your organisation as well as prevent unauthenticated access from the outside. It is also used to monitor users’ activities while they were online.

In an enterprise setting, one may expect a collection of firewalls either for providing layered protection or segmenting off different units in the organisation. Some areas only need a standard line of defence while others require more restrictions. As such, certain firewalls may have different configurations compared to others.

Naturally, the more intricate an organisation’s defence requirements get, the more complex the task of monitoring, testing and configuring the firewalls becomes. That’s why we’re here to help.

  • We’ll evaluate your network as well as the security requirements of each department under your organisation to determine which firewall architecture is most suitable.
  • To achieve maximum efficiency, we’ll point out where each firewall should be positioned.
  • We’ll work with your key personnel to make sure all firewall configurations are set and optimised with your business rules in mind.
  • If a large number of firewalls are required, we’ll help you set up a firewall configuration management system.
  • Firewalls should be regularly tested and assessed to ensure they are in line with the organisation’s security policies. We’ll perform these routine tasks as well.

Firewalls aren’t very good at defending against sophisticated viruses. There are much better solutions for malware-related vulnerabilities, and we can help you in that regard too.

Other defences we’re capable of putting up include:

Disaster Recovery

Because information technology is now integrated in most businesses, a business continuity plan (BCP) cannot be complete without a corresponding disaster recovery plan (DRP). While a BCP encompasses everything needed – personnel, facilities, communications, processes and IT infrastructure – for a continuous delivery of products and services, a DRP is more focused on the IT aspects of the plan.

If you’re still not sure how big an impact loss of data can have, it’s time you pondered on the survival statistics of companies that incurred data losses after getting hit by a major disaster: 46% never recovered and 51% eventually folded after only two years.

Realising how damaging data loss can be to their entire business, most large enterprises allocate no less than 2% of their IT budget to disaster recovery planning. Those with more sensitive data apportion twice more than that.

A sound disaster recovery plan is hinged on the principles of business continuity. As such, our DRP (Disaster Recovery Plan) blueprints are aimed at getting your IT system up and running in no time. Here’s what we can do for you:

  • Since the number one turn-off against BCPs and DRPs are their price tags, we’ll make a thorough and realistic assessment of possible risks to determine what specific methods need to be applied to your organisation and make sure you don’t spend more than you should.
  • Provide an option for virtualisation to enjoy substantial savings on disaster recovery costs.
  • Provide various backup options and suggest schedules and practices most suitable for your daily transactions.
  • Offer data replication to help you achieve business continuity with the shortest allowable downtime.
  • Refer to your overall BCP to determine your organisation’s critical functions, services, and products as well as their respective priority rankings to know what corresponding IT processes need to be in place first.
  • Implement IT Security to your system to reduce the risks associated with malware and hackers.
  • Introduce best practices to make future disaster recovery efforts as seamless as possible.

We can also assist you with the following:

Ready to work with Denizon?

Contact Us Today