How Internal Auditors can win The War against Spreadsheet Fraud

To prevent another round of million dollar scandals due to fraudulent manipulations on spreadsheets, regulatory bodies have launched major offensives against these well-loved User Developed Applications (UDAs). Naturally, internal auditors are front and center in carrying out these offensives.

While regulations like the Sarbanes-Oxley Act, Dodd-Frank Act, and Solvency II can only be effective if end users are able to carry out the activities and practices required of them, auditors need to ascertain that they have. Sad to say, when it comes to spreadsheets, that is easier said than done.

Because spreadsheets are loosely distributed by nature, internal auditors always find it hard to: locate them, identify ownership, and trace their relationships with other spreadsheets. Now, we’re still talking about naturally occurring spreadsheets. How much more with files that have been deliberately tampered?

Spreadsheets can be altered in a variety of ways, especially if the purpose is to conceal fraudulent activities. Fraudsters can, for instance:

hide columns or rows,
perform conditional formatting, which changes the appearance of cells depending on certain values
replace cell entries with false values either through direct input or by linking to other spreadsheet sources
apply small, incremental changes in multiple cells or even spreadsheets to avoid detection
design macros and user defined functions to carry out fraudulent manipulations automatically

Recognising the seemingly insurmountable task ahead, the Institute of Internal Auditors released a guide designed specifically for the task of auditing user-developed applications, which of course includes spreadsheets.

But is this really the weapon internal auditors should be wielding in their quest to bring down spreadsheet fraud? Our answer is no. In fact, we believe no such weapon has to be wielded at all?because the only way to get rid of spreadsheet fraud is to eliminate spreadsheets once and for all.

Imagine how easy it would be for internal auditors to conduct their audits if data were kept in a centralised server instead of being scattered throughout the organisation in end-user hard drives.

And that’s not all. Because a server-based solution can be configured to have its own built-in controls, all your data will be under lock and key; unlike spreadsheet-based systems wherein storing a spreadsheet file inside a password-protected workstation does not guarantee equal security for all the other spreadsheets scattered throughout your company.

Learn more about Denizon’s server application solutions and discover a more efficient way for your internal auditors to carry out their jobs.

More Spreadsheet Blogs

Spreadsheet Risks in Banks

Top 10 Disadvantages of Spreadsheets

Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry

How Internal Auditors can win the War against Spreadsheet Fraud

Spreadsheet Reporting – No Room in your company in an age of Business Intelligence

Still looking for a Way to Consolidate Excel Spreadsheets?

Disadvantages of Spreadsheets

Spreadsheet woes – ill equipped for an Agile Business Environment

Spreadsheet Fraud

Spreadsheet Woes – Limited features for easy adoption of a control framework

Spreadsheet woes – Burden in SOX Compliance and other Regulations

Spreadsheet Risk Issues

Server Application Solutions – Don’t let Spreadsheets hold your Business back

Why Spreadsheets can send the pillars of Solvency II crashing down

amazon.co.uk

amazon.com

Check our similar posts

2015 – What’s ahead for UK Business?

According to reports just in, the global environment industry is down. Less money is available for what some CEO?s still see as grudge expenditure, and many U.S. agencies are seeking soft budget cuts. The UK is proving to be an exception following the announcement of ESOS, and EcoVaro does not expect the May elections will have much impact in this regard.

ESOS calls for mandatory energy assessments in companies above a certain size, and requires specific proposals to cut consumption. There is no indication of compulsory follow-through, although it is clear the Environment Agency hopes rising electricity prices and the prospect of monetary savings will do the trick.

It is an open question whether the Tory government would have interfered with commerce to this extent, were it not for the European directive that enforced it. The overall goal is to cut EU energy consumption across the board by 20% by 2020. Energy consultants are rubbing their hands in glee. EcoVaro?s response is to provide cloud-based software.

We will be interested to see how many UK companies make the first deadline of 5 December 2015, in the light of reports that half the 9,000 firms affected appear not to even know that ESOS exists. Some will no doubt pay last-minute lip service. Those with an eye on their own sustainability will grasp the Energy Saving Opportunity Scheme with both hands.

The initial ESOS deadline was always going to be a challenge. Some big corporates have stolen a march albeit egged on by green stakeholders. The next challenge comes in June 2015 with the implementation of the European Union?s ?Waste Catalogue? of hazardous substances, and rules for their disposal. We hope a new ISO 14001 will arrive soon and pull the loose threads together.

The introduction of carbon trading late this year brings further opportunities to increase profits through wise stewardship. Auditable metrics are essential for this.

EcoVaro can assist by processing your raw data. We provide this service on a virtual cloud. In return, you can get advice on optimising the quality of your graphs for presentations.

Technology and process improvement

Tightening organisational flow to improve productivity and minimise costs is a growing concern for many businesses post the Global Financial Crisis. Businesses can no longer afford to waste time and personnel on inefficient processes. Organisations using either Six Sigma or Lean techniques better manage their existing resources to maximise product out-put. Both of these techniques involve considerable evaluation of current processes.

What is Six Sigma?

Six Sigma is an organisational management strategy that evaluates processes for variation. In the Six Sigma model, variation equates waste. Eliminating variation for customer fulfilment allows a business to better serve the end-user. In this thought model, the only way to streamline processes is to use statistical data. Each part of a process must be carefully recorded and analysed for variation and potential improvements. The heart of the strategy embodied by Six Sigma is mathematical. Every process is subject to mathematical analysis and this allows for the most effective problem solving.

What is a Lean Model?

Lean businesses do not rely on mathematical models for improvement. Instead, the focus is on reducing steps in the customer delivery cycle, which do not add value to the final deliverable. For example, maintaining excess inventory or dealing with shortages would both be examples of waste behaviour. Businesses that operate using Lean strategies have strong cash flow cycles. One of the best and most famous examples of Lean in action is the Toyota Production System (TPS). In this system, not only is inventory minimised, but physical movement for employees also remains sharply controlled. Employees are able to reach everything needed to accomplish their tasks, without leaving the immediate area. By reducing the amount of movement needed to work, companies also remove wasted employee time.

Industry Applications for Lean and Six Sigma

Lean businesses reduce the number of steps between order and delivery. The less inventory on hand, the less it costs a business to operate. In industries where it is possible to create to order, Lean thinking offers significant advantages. Lean is best utilised in mature businesses. New companies, operating on a youthful model, may not be able to identify wasteful processes. Six Sigma has shown its value across industries through several evolution’s. Its focus on quality of process makes it a good choice for even brand new businesses. The best use is the combination of the two strategies. With the Lean focus on speed and the Six Sigma focus on quality combined, the two organisational processes create synergy. By itself, Lean does not help create stable, repeating success. Six Sigma does not help increase speed and reduce non value-added behaviours. Combined, these two strategies offer incredible value to every business in cost savings.

Using Technology to Implement Lean Six Sigma

Automation processes represent an opportunity for businesses to implement a combination of both Lean and Six Sigma strategies. Any technology that replaces the need for direct human oversight reduces costs and increases productivity. A few examples of potentially cost saving IT solutions include document scanning, the Internet, and automated workflow systems.

Document Scanning – Reducing dependency on paper copies follows both Lean and Six Sigma strategies. It is a Lean addition in that it allows employees to access documents instantly from any physical location. It is Six Sigma compliant in that it allows a reduction on process variation, since there is no bottleneck on the flow of information.
The Internet – The automation potential offered by the Internet is limitless. Now, businesses can enter orders, manage logistics and perform customer service activities from anywhere, through a hosted portal. With instant access to corporate processes from anywhere, businesses can manage workflow globally, allowing them to realise cost savings from decentralisation.
Automated Work Systems – One of the identified areas of waste in any business is processing time. The faster orders are processed and delivered, the greater the profits for the company and the less the expense per order. When orders sit waiting for attention, they represent lost productivity and waste. Automated work systems monitor workflow and alert users when an item sits longer than normal. These systems can also reroute work to an available employee when the original worker is tied up.

Each of these IT solutions provides a method for businesses to either reduce the number of steps in a process or improve the quality of the process for improved customer service.

Identifying Areas for Lean Six Sigma Implementation

Knowing that improved processes result in improved profits, identifying areas for improvement is the next step. There are several techniques for creating tighter processes with less waste and higher quality. Value Stream Mapping helps business owners and managers identify areas of waste by providing a visual representation of the total process stream. Instead of improving single areas for minimal increases in productivity, VSM shows the entire business structure and flow, allowing management to target each area of slow down for maximum improvement in all areas.

Seeing the areas of waste helps management better determine how processes should work to best obtain the desired outcomes. Adding in automated processes helps with improved process management, when put in place with a complete understanding of current systems and their weaknesses. Start with mapping and gain a bird’s-eye view of the situation, in order to make the changes needed for improvement.

Contact Us

(+353)(0)1-443-3807 – IRL
(+44)(0)20-7193-9751 – UK

Are Master Data Management and Hadoop a Good Match?

Master Data is the critical electronic information about the company we cannot afford to lose. Accordingly, we should sanitise it, look after it, and store it safely in several separate places that are independent of each other. The advent of Big Data introduced the current era of huge repositories ?in the clouds?. They are not, of course but at least they are remote. This short article includes a discussion about Hadoop, and whether this is a good platform to back up your Master Data.

About Hadoop

Hadoop is an open-source Apache software framework built on the assumption that hardware failure is so common that backups are unavoidable. It comprises a storage area and a management part that distributes the data to smaller nodes where it processes faster and more efficiently. Prominent users include Yahoo! and Facebook. In fact more than half Fortune 50 companies were using Hadoop in 2013.

Hadoop – initially launched in December 2011 ? has survived its baptism of fire and became a respected, reliable option. But is this something the average business owner can tackle on their own? Bear in mind that open source software generally comes with little implementation support from the vendor.

The Hadoop Strong Suite

Free to download, use and contribute to

Everything you need ?in the box? to get started

Distributed across multiple fire-walled computers

Fast processing of data held in efficient cluster nodes

Massive scaleable storage you are unlikely to run out of

Practical Constraints

There is more to Hadoop than writing to WordPress. The most straightforward solutions are uploading using Java commands, obtaining an interface mechanism, or using third party vendor connectors such as ACCESS or SAS. The system does not replace the need for IT support, although it is cheap and exceptionally powerful.

The Not-Free Safer Option

Smaller companies without in-depth in-house support are wise to engage with a technical intermediary. There are companies providing commercial implementations followed by support. Microsoft, Amazon and Google among others all have commercial versions in their catalogues, and support teams at the end of the line.