How Internal Auditors can win The War against Spreadsheet Fraud
To prevent another round of million dollar scandals due to fraudulent manipulations on spreadsheets, regulatory bodies have launched major offensives against these well-loved User Developed Applications (UDAs). Naturally, internal auditors are front and center in carrying out these offensives.
While regulations like the Sarbanes-Oxley Act, Dodd-Frank Act, and Solvency II can only be effective if end users are able to carry out the activities and practices required of them, auditors need to ascertain that they have. Sad to say, when it comes to spreadsheets, that is easier said than done.
Because spreadsheets are loosely distributed by nature, internal auditors always find it hard to: locate them, identify ownership, and trace their relationships with other spreadsheets. Now, we’re still talking about naturally occurring spreadsheets. How much more with files that have been deliberately tampered?
Spreadsheets can be altered in a variety of ways, especially if the purpose is to conceal fraudulent activities. Fraudsters can, for instance:
hide columns or rows,
perform conditional formatting, which changes the appearance of cells depending on certain values
replace cell entries with false values either through direct input or by linking to other spreadsheet sources
apply small, incremental changes in multiple cells or even spreadsheets to avoid detection
design macros and user defined functions to carry out fraudulent manipulations automatically
Recognising the seemingly insurmountable task ahead, the Institute of Internal Auditors released a guide designed specifically for the task of auditing user-developed applications, which of course includes spreadsheets.
But is this really the weapon internal auditors should be wielding in their quest to bring down spreadsheet fraud? Our answer is no. In fact, we believe no such weapon has to be wielded at all?because the only way to get rid of spreadsheet fraud is to eliminate spreadsheets once and for all.
Imagine how easy it would be for internal auditors to conduct their audits if data were kept in a centralised server instead of being scattered throughout the organisation in end-user hard drives.
And that’s not all. Because a server-based solution can be configured to have its own built-in controls, all your data will be under lock and key; unlike spreadsheet-based systems wherein storing a spreadsheet file inside a password-protected workstation does not guarantee equal security for all the other spreadsheets scattered throughout your company.
Learn more about Denizon’s server application solutions and discover a more efficient way for your internal auditors to carry out their jobs.
For many people within the UK, water is not really something to worry about. Surely enough of it falls out the sky throughout the year that it does feel highly unlikely that we?ll ever run out of it. There certainly does seem to be an abundance of Branded Water available in plastic bottles on our supermarket shelves.
Water, water, every where, And all the boards did shrink; Water, water, every where, Nor any drop to drink.
Despite this, Once-unthinkable water crises are becoming commonplace. If you consider that In England and Wales, we use 16 billion litres of clean drinking water every day ? that’s equivalent to 6,400 Olympic sized swimming pools.
Currently, water companies can provide slightly more than we need ? 2 billion litres are available above and beyond what we’re using. In some areas, though, such as south east England, there is no surplus and, as such, these regions are more likely to face supply restrictions in a dry year.
If we take little moment to reflect on some of the most notable water related stories over the past few years, we’ll start to get a picture of just how real the potential and the threat of water shortages can be.
Reservoirs in Chennai, India?s sixth-largest city, are nearly dry right now. Last year, residents of Cape Town, South Africa narrowly avoided their own Day Zero water shut-off.
It was only year before that, Rome rationed water to conserve scarce resources.
Climate change is likely to mean higher temperatures which may drive up the demand for water (alongside population growth) and increase evaporation from reservoirs and water courses during spring and summer.
The impact of climate change on total rainfall is uncertain, but the rain that does fall is likely to arrive in heavier bursts in winter and summer. Heavier rain tends to flow off land more quickly into rivers and out to sea, rather than recharging groundwater aquifers.
A greater chance of prolonged dry periods is also conceivable. This combined with the harsh reality that no human population can sustain itself without sufficient access to fresh water.
If present conditions continue, 2 out of 3 people on Earth will live within a water-stressed zone by 2025
What is water stress?
Water stress is a term used to describe situation when demand for water is greater than the amount of water available at a certain period in time, and also when water is of poor quality and this restricts its usage. Water stress means deterioration in both the quantity of available water and the quality of available water due to factors affecting available water.
Water stress refers to the ability, or lack thereof, to meet human and ecological demand for water. Compared to scarcity, water stress is a more inclusive and broader concept.
Water Stress considers several physical aspects related to water resources, including water scarcity, but also water quality, environmental flows, and the accessibility of water.
Supply and Demand
Major factors involved when water scarcity strikes is when a growing populations demand for water exceeds the areas ability to service that need.
Increased food production and development programs also lead to increased demand for water, which ultimately leads to water stress.
Increased need for agricultural irrigation in order to produce more crops or sustain livestock are major contributors to localised water stress.
Overconsumption
The demand for water in a given population is fairly unpredictable. Primarily, based on the fact that you can never accurately predict human behaviour and changes in climate.
If too many people are consuming more water than they need because they mistakenly believe that water is freely available and plentiful, then water stress could eventually occur.
This is also linked to perceived economic prosperity of a give region. Manufacturing demand for water can have huge impact regardless whether water is actively used within the manufacturing process or not.
Water Quality
Water quality in any given area is never static. Water stress could happen as a result of rising pollution levels having a direct impact on water quality.
Water contamination happens when new industries either knowingly or unknowingly contaminate water with their industrial practices.
Largely, this can happen and frequently does so because these industries do not take effective control of monitoring and managing their impact on communal water supplies. Incorrectly assuming this is the responsibility of an additional third party like the regional water company.
The truth is, water quality and careful monitoring of it is all of our responsibility.
Water Scarcity
Simple increases in demand for water can in itself contribute to water scarcity. However, these are often preceded by other factors like poverty or just the natural scarcity of water in the area.
In many instances, the initial locations of towns or cities were not influenced by the close proximity of natural resources like water, but rather in pursuit of the extraction of other resources like Gold, Coal or Diamonds.
For Instance, Johannesburg, South Africa is the largest City in South Africa and is one of the 50 largest urban areas in the world. It is also located in the mineral rich Witwatersrand range of hills and is the centre of large-scale gold and diamond trade.
Johannesburg is also one of the only major cities of the world that was not built on a river or harbour. However, it does have streams that contribute to two of Southern Africas mightiest rivers – Limpopo and the Orange rivers. However, most of the springs from which many of these streams emanate are now covered in concrete!
Water Stress and Agriculture
Peter Buss, co-founder of Sentek Technology calls ground moisture a water bank and manufactures ground sensors to interrogate it. His hometown of Adelaide is in one of the driest states in Australia. This makes monitoring soil water even more critical, if agriculture is to continue. Sentek has been helping farmers deliver optimum amounts of water since 1992.
The analogy of a water bank is interesting. Agriculturists must ?bank? water for less-than-rainy days instead of squeezing the last drop. They need a stream of real-time data and utilize cloud-based storage and processing power to curate it.
Sentek?s technology can be found in remote places like Peru?s Atacamba desert and the mountains of Mongolia, where it supports sustainable floriculture, forestry, horticulture, pastures, row crops and viticulture through precise delivery of scarce water.
This relies on precision measurement using a variety of drill and drop probes with sensors fixed at 4? / 10cm increments along multiples of 12? / 30cm up to 4 times. These probe soil moisture, soil temperature and soil salinity, and are readily repositioned to other locations as crops rotate.
Peter Buss is convinced that measurement is a means to an end and only the beginning. ?Too often, growers start watering when plants don’t really need it, wasting water, energy, and labour. By accurately monitoring water can be saved until when the plant really needs it.
Peter also emphasises that crop is the ultimate sensor, and that ?we should ask the plant what it needs?.
This takes the debate a stage further. Water wise farmers should plant water-wise crops, not try to close the stable door after the horse has bolted and dry years return.
The South Australia government thinks the answer also lies in correct farm dam management. It wants farmers to build ones that allow sufficient water to bypass in order to sustain the natural environment too.
There is more to water management than squeezing the last drop. Soil moisture goes beyond measuring for profit. It is about farming sustainably using data from sensors to guide us.
Ecovaro is ahead of the curve as we explore imaginative ways to exploit the data these provide for the common good of all.
A Quarter of the World?s Population, Face High Water Stress
Data from WRI?s Aqueduct tools reveal that 17 countries? home to one-quarter of the world?s population?face ?extremely high? levels of baseline water stress, where irrigated agriculture, industries and municipalities withdraw more than 80% of their available supply on average every year.
Water stress poses serious threats to human lives, livelihoods and business stability. It’s poised to worsen unless countries act: Population growth, socioeconomic development and urbanization are increasing water demands, while climate change can make precipitation and demand more variable.
How to manage water stress
Water stress is just one dimension of water security. However, like any challenge, its outlook depends on adequate monitoring and management of environmental data.
Even countries with relatively high water stress have effectively secured their water supplies through proper management by leveraging the knowledge they have garnered by learning from the data they gathered.
3 ways to help reduce water stress
In any geography, water stress can be reduced by measures ranging from common sense to innovative technology solutions.
There are countless solutions, but here are three of the most straightforward:
1. Increase agricultural efficiency: The world needs to make every drop of water go further in its food systems. Farmers can use seeds that require less water and improve their irrigation techniques by using precision watering rather than flooding their fields.
Businesses need to increase investments to improve water productivity, while engineers develop technologies that improve efficiency in agriculture.
2. Invest in grey and green infrastructure: D Data produced by Aqueduct Alliance – shows that water stress can vary tremendously over the year. WRI and the World Bank?s researchshows that built infrastructure (like pipes and treatment plants) and green infrastructure (like wetlands and healthy watersheds) can work in tandem to tackle issues of both water supply and water quality.
3. Treat, reuse and recycle: We need to stop thinking of wastewater as waste.
Treating and reusing it creates a ?new? water source.
There are also useful resources in wastewater that can be harvested to help lower water treatment costs. For example, plants in Xiangyang, China and Washington, D.C. reuse or sell the energy- and nutrient-rich byproducts captured during wastewater treatment.
Summary
The data is undeniably clear, there are very worrying trends in water.
Businesses and other other organisations need to start taking action now and investing in better monitoring and management, we can solve water issues for the good of people, economies and the planet. We collectively cannot kick this can down the road any further, or assume that this problem will be solved by others.
It is time, for a collective sense of responsibility and for everyone to invest in future prosperity of our Planet as a collective whole. Ecological preservation should be at the forefront of all business plans because at the end of the day profit is meaningless without an environment to enjoy it in!
Along the introduction of Energy Savings Opportunity Scheme in UK is the quick emergence of various companies that offer ESOS compliant services. While some energy audit providers can help, qualified businesses should understand what their compliance options are, how these routes work and learn both the pros and cons in order to carefully take their pick.
Independent ISO 50001 Certification
ISO 50001 comprises the integration and application of processes geared to motivate energy saving and overall improvement. Simply stated, it is a framework that drives the organisation’s governance to realise energy saving strategies by allocating resources and participating in energy management. The good thing about ISO 50001 is that it includes an energy review that documents ideas and opportunities to save more energy.
However, ISO 50001 does not obligate organisations to cover 90% of their overall energy consumption. In case of partial coverage, the company needs to undergo additional energy assessments to evaluate all the significant energy consumption areas.
In order for an ISO 50001 certification to be valid, it must be certified by the United Kingdom Accreditation Service (UKAS), by an accreditation body which is a member of the International Accreditation Forum, or by a body accredited by another EU member state?s national accreditation body.
Display Energy Certificates and Green Deal Assessments
These two kinds of energy assessment reports can also contribute to ESOS compliance. Both of them are carried out by qualified lead assessors and valid for 10 years. However, they are only based on the building structures and services. They do not cover the overall significant areas in energy consumption. Since these reports are valid for 10 years, they would be used for two ESOS reporting periods. Thus, they would not be as current as the ISO 50001 certification. Aside from that, the assessments are purely based on energy efficiency and anyone can qualify to use the software that produce the certifications after taking the accreditation course.
Energy Audits
A successful energy audit leads to better understanding of the company?s energy consumption, identify alternatives, determine cost-effective energy saving opportunities and stimulate energy efficiency. Energy audits are beneficial to the organisation. What makes it complex is that the organisation applying it, needs to clearly define the scope and type of energy audit to use in order to comply with ESOS. Furthermore, the organisation also has to identify the teams that would be competent enough to do the audit work for the building, transport and industrial area, respectively.
Each route is not formed equal. Thus, organisations have the option to either choose one or combine the routes and meet their company needs. The options mentioned are different approaches to ESOS and the core value is to grab the opportunity towards acquiring more savings through efficient energy system.
How Ecovaro Can Help
Ecovaro is passionate about making a difference. We are knowledgeable when it comes to ESOS legislation and regulation, ISO 50001 energy management system, DECs and Green Deal Assessments. More than that, we recognise the great impact of efficient management system to your organisation. And with this, we provide an enthusiastic team of software engineers and expert project managers to offer you our professional help at reasonable price. Ecovaro comes to you fully equipped with services tailored to your organisation’s energy management needs.
DevOps ? a clipped compound of development and operations – is a way of working whereby software developers are in a team with project beneficiaries. A client centred approach extends the project plan to include the life cycle of the product or service, for which the software is developed.
We can then no longer speak of a software project for say Joe?s Accounting App. The software has no intrinsic value of its own. It follows that the software engineers are building an accounting app product. This is a small, crucially important distinction, because they are no longer in a silo with different business interests.
To take the analogy further, the developers are no longer contractors possibly trying to stretch out the process. They are members of Joe?s accounting company, and they are just as keen to get to market fast as Joe is to start earning income. DevOps uses this synergy to achieve the overarching business goal.
A Brief Introduction to OpsDev
You can skip this section if you already read this article. If not then you need to know that DevOps is a culture, not a working method. The three ?members? are the software developers, the beneficiaries, and a quality control mechanism. The developers break their task into smaller chunks instead of releasing the code to quality control as a single batch. As a result, the review process happens contiguously along these simplified lines.
Code
QC
Test
?
?
?
?
Code
QC
Test
?
?
?
?
Code
QC
Test
?
?
?
?
Code
QC
Test
Colour Key
Developers
Quality Control
Beneficiary
This is a marked improvement over the previously cumbersome method below.
Write the Code
?
Test the Code
?
Use the Code
?
Evaluate, Schedule for Next Review
?
Working quickly and releasing smaller amounts of code means the OpsDev team learns quickly from mistakes, and should come to product release ahead of any competitor using the older, more linear method. The shared method of working releases huge resources in terms of user experience and in-line QC practices. Instead of being in a silo working on its own, development finds it has a richer brief and more support from being ?on the same side of the organisation?.
The Key Role that Application Program Interfaces Play
Application Program Interfaces, or API?s for short, are building blocks for software applications. Using proprietary software-bridges speeds this process up. A good example would be the PayPal applications that we find on so many websites today. API?s are not just for commercial sites, and they can reduce costs and improve efficiency considerably.
The following diagram courtesy of TIBCO illustrates how second-party applications integrate with PayPal architecture via an API fa?ade.
Working quickly and releasing smaller amounts of code means the OpsDev team learns quickly from mistakes, and should come to product release ahead of any competitor using the older, more linear method. The shared method of working releases huge resources in terms of user experience and in-line QC practices. Instead of being in a silo working on its own, development finds it has a richer brief and more support from being ?on the same side of the organisation?.
The DevOps Revolution Continues ?
We close with some important insights from an interview with Jim Stoneham. He was general manager of the Yahoo Communities business unit, at the time Flickr became a part. ?Flickr was a codebase,? Jim recalls, ?that evolved to operate at high scale over 7 years – and continuing to scale while adding and refining features was no small challenge. During this transition, it was a huge advantage that there was such an integrated dev and ops team?
The ?maturity model? as engineers refer to DevOps status currently, enables developers to learn faster, and deploy upgrades ahead of their competitors. This means the client reaches and exceeds break-even sooner. DevOps lubricates the value chain so companies add value to a product faster. One reason it worked so well with Flickr, was the immense trust between Dev and Ops, and that is a lesson we should learn.
?We transformed from a team of employees to a team of owners. When you move at that speed, and are looking at the numbers and the results daily, your investment level radically changes. This just can’t happen in teams that release quarterly, and it’s difficult even with monthly cycles.? (Jim Stoneham)
