How Internal Auditors can win The War against Spreadsheet Fraud

To prevent another round of million dollar scandals due to fraudulent manipulations on spreadsheets, regulatory bodies have launched major offensives against these well-loved User Developed Applications (UDAs). Naturally, internal auditors are front and center in carrying out these offensives.

While regulations like the Sarbanes-Oxley Act, Dodd-Frank Act, and Solvency II can only be effective if end users are able to carry out the activities and practices required of them, auditors need to ascertain that they have. Sad to say, when it comes to spreadsheets, that is easier said than done.

Because spreadsheets are loosely distributed by nature, internal auditors always find it hard to: locate them, identify ownership, and trace their relationships with other spreadsheets. Now, we’re still talking about naturally occurring spreadsheets. How much more with files that have been deliberately tampered?

Spreadsheets can be altered in a variety of ways, especially if the purpose is to conceal fraudulent activities. Fraudsters can, for instance:

hide columns or rows,
perform conditional formatting, which changes the appearance of cells depending on certain values
replace cell entries with false values either through direct input or by linking to other spreadsheet sources
apply small, incremental changes in multiple cells or even spreadsheets to avoid detection
design macros and user defined functions to carry out fraudulent manipulations automatically

Recognising the seemingly insurmountable task ahead, the Institute of Internal Auditors released a guide designed specifically for the task of auditing user-developed applications, which of course includes spreadsheets.

But is this really the weapon internal auditors should be wielding in their quest to bring down spreadsheet fraud? Our answer is no. In fact, we believe no such weapon has to be wielded at all?because the only way to get rid of spreadsheet fraud is to eliminate spreadsheets once and for all.

Imagine how easy it would be for internal auditors to conduct their audits if data were kept in a centralised server instead of being scattered throughout the organisation in end-user hard drives.

And that’s not all. Because a server-based solution can be configured to have its own built-in controls, all your data will be under lock and key; unlike spreadsheet-based systems wherein storing a spreadsheet file inside a password-protected workstation does not guarantee equal security for all the other spreadsheets scattered throughout your company.

Learn more about Denizon’s server application solutions and discover a more efficient way for your internal auditors to carry out their jobs.

More Spreadsheet Blogs

Spreadsheet Risks in Banks

Top 10 Disadvantages of Spreadsheets

Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry

How Internal Auditors can win the War against Spreadsheet Fraud

Spreadsheet Reporting – No Room in your company in an age of Business Intelligence

Still looking for a Way to Consolidate Excel Spreadsheets?

Disadvantages of Spreadsheets

Spreadsheet woes – ill equipped for an Agile Business Environment

Spreadsheet Fraud

Spreadsheet Woes – Limited features for easy adoption of a control framework

Spreadsheet woes – Burden in SOX Compliance and other Regulations

Spreadsheet Risk Issues

Server Application Solutions – Don’t let Spreadsheets hold your Business back

Why Spreadsheets can send the pillars of Solvency II crashing down

amazon.co.uk

amazon.com

Check our similar posts

Risk Assessment

Risk assessment is a vital component in BC (Business Continuity) planning. Through risk assessment, your company may determine what vulnerabilities your assets possess. Not only that, you’ll also be able to quantify the loss of value of each asset against a specific threat. That way, you can rank them so that assets that are most likely to cripple your business when say a specific disaster strikes can be given top priority.

However, a poorly implemented risk assessment may also cost you unnecessary expenditures. Many risk assessors are too enthusiastic in pointing out risks that, at the end of the assessment, they tend to over-appraise even those having practically zero probability of ever occurring.

We can assure you of a realistic assessment of your assets’ risks and propose cost-effective countermeasures. These are the things we can do:

Identify your unsafe practices and propose the best alternatives.
Perform qualitative risk assessment if you want fast results and lesser interruptions on your operations.
Perform quantitative risk assessment if you want the most accurate depiction of your risks and the corresponding justifiable costs of each.
Conduct frequency and consequence analysis to identify unforeseen harmful events and determine their effects to various components of your organisation and its surroundings.

We can also assist you with the following:

ISO in Energy management

Every industry has its own set levels of quality that are considered acceptable or desirable. Energy performance like any other field is governed by some set standards. These differ across regions but international standards do exist.

ISO 50001 is the international energy standard applicable to both large and small organisations irrespective of geographical, cultural or social conditions. It outlines the best energy management practices that are considered to be the best by specifying that an organisation must integrate an energy management system and institute an energy policy, objectives, targets, and action plans taking into account legal requirements and information related to significant energy use. The energy standard is applicable to organisations.

What’s the importance of attaining energy certification?

ISO certification in any industry is a demonstration of quality or that a service or product meets the expected service standards. In energy management, ISO certification is a demonstration that an organisation or company has implemented sustainable energy management systems, completed a baseline of energy use and, is committed to continuously improve its energy performance. In addition, ISO certification assists organisations in the following ways:

? Organisations are able to optimise the existing energy-consuming assets

? Offers guidance on bench-marking, measuring, documenting, and reporting energy intensity improvements and their projected impact on reducing GHG emissions

? Creates transparency and facilitates communication on the management of energy resources

? Promotes energy management best practices and reinforces good energy management behaviours

? Assists facilities in evaluating and prioritising the implementation of new energy-efficient technologies

? Provides a framework for promoting energy efficiency throughout the supply chain

? Facilitates energy management improvements in the context of GHG emission reduction projects: The reduction of carbon emissions means therefore an organisation is able to meet government carbon reduction targets by demonstrating environmental credentials. The accruing benefits are many, ranging from increased investor confidence to more tender opportunities

Energy management software plays a vital role in helping organisations comply with energy standards through improved performance across the various functions in an organisation.

ESOS Facts on a Page

The UK?s ESOS energy saving program stands for ?Energy Savings Opportunity Scheme?. Its purpose is to reduce demand – and hence fossil-based pollution at both ends of the supply chain. It currently applies to large UK companies only. However its guidelines are also valuable input to smaller firms voluntarily going greener.

The program threshold is 250 employees and / or turnover or at least ?UK50 million. This affects approximately 9,000 UK firms, with others below the threshold wondering whether the government plans to lower it. In essence, ESOS requires that qualifying businesses complete comprehensive audits of energy use and opportunities at least every fourth year.

The plan is carrot and stick. Compliant companies will probably uncover significant savings when they stop and measure. They may even unearth carbon credits they can sometime exchange for cash. Reactionary firms who try to duck the issue will feel Her Majesty?s wrath through stiff penalties. In time, they may find it harder to attract investors. If ESOS affects your company, then the wise thing could be complying by the first deadline of 5 December 2015.

To do so, you must conduct an energy audit and report it to the UK Environment Agency. This comprises

Measuring total energy use across processes, transport and facilities
Pie charting 90% of this to identify areas that are energy intensive
Singling out cost-effective energy-saving projects in high use areas
Submitting your report to the Environment Agency ahead of the deadline

ecoVaro recommends affected companies do not leave this to the last minute. While having ISO 50001 may exempt some from ESOS, the regulations are far from straightforward and it will take months to reach complete clarification. We would like to suggest a more balanced approach.

ESOS is a wonderful incentive to save energy costs while contributing to a better future for the kids. The Energy Savings Opportunity Scheme is precisely that. The cost of energy has crept up on us to the extent that we have to do something, government or no government.

Measuring energy consumption is as simple as installing meters at critical points in the flow, and you probably have many of them anyway. Once you have your data you no longer have to crunch the numbers. ecoVaro can do this for you and return the result in the form of handy graphs and spreadsheets.