Archive for the 'Breaking News' Category

Basel III & Spreadsheets – The Perfect Storm?

Published December 16, 2010 Basel III , Breaking News , Regulatory Mandates Leave a Comment
Tags: , ,

The Bank for International Settlements (BIS) in Basel, Switzerland today announced the final rules for Basel III, a new global regulatory framework for banks. Building on the foundation of Basel II and similar to Solvency II in terms of focus on ensuring capital adequacy, Basel III also creates the perfect storm in terms of spreadsheet and end-user computing (EUC) risk. That is, banks leveraging spreadsheets, Access databases and other EUCs for computing the new capital requirements, risk-weighted assets, and liquidity (among other complex computations) are likely not prepared to satisfy auditor and regulator governance requirements mandates unless they have a controlled environment in place. Such EUCs are prone to input and logic errors, honest mistakes, fraud and almost impossible to manage (absent the proper controls) given the autonomy of users who can make changes to them.

To this end, Prodiance has been working with a number of global financial institutions to help them assess what is needed for effective spreadsheet and EUC governance for Basel II/III and Solvency II and how to implement best practices and leverage technology to help mitigate the risk of material errors while improving compliance with these new directives. You can read the press release from the BIS here or download a PDF of the final Basel III Accord. For more information on Prodiance ERM products and services, please visit our web site and stay tuned for further details on how Prodiance ERM technology, best practices, domain expertise and professional services offerings aligns with Basel III mandates.

If you have any anecdotes or comments on the new Basel III Accord, I’d love to hear from you. Finally, if your organization does not yet have a policy on End-User Computing in place, I would be happy to send you our template. Just drop me an email or leave a comment!

Happy holidays and safe travels!

Solvency II: Spreadsheet Governance Will Play a Key Role

Published October 25, 2010 Breaking News , Regulatory Mandates , Solvency II Comment
Tags: , , , , ,

The Solvency II Impact
According to the third annual Deloitte Solvency II Survey 2010, the regulation will have a significant impact on the insurance industry in the EU. Here are some supporting stats from the firms surveyed:

  • 34% will need to restructure or reorganize to support Solvency II initiatives
  • 49% will increase usage of actuarial operations
  • 70% will increase staffing by 10 or more FTE’s to support the initiative
  • 11% are considering relocating their firm outside the EU to avoid Solvency II compliance altogether
  • 49% will seek approval for their own internal (capital requirements) model

Spreadsheets & Solvency II
After carefully analyzing the English version of the 685 page directive, it’s clear there is a big focus on the accuracy, integrity and overall governance aspects of the Solvency II models. In fact, there are a number of articles requiring governance and effective internal controls in this area. Here is a quick rundown on mandates impacting the use of spreadsheets, Access databases, and other user-developed applications (UDAs) for Solvency II model development:

  • Article 44 – Requires governance over Solvency II model design ,testing, validation , and documentation.
  • Article 48 – Requires firms to have an actuarial function to oversee the adequacy of their Solvency II model, data, and calculation.
  • Article 82 – Calls for firms to ensure a high level of data quality, accuracy and completeness for Solvency II models.
  • Article 83 – Requires firms to compare model results against experience and identify deviations.
  • Article 115 – Requires firms to document both minor and major changes to Solvency II models.
  • Article 116 – Calls for firms to have systems in place to ensure the Solvency II model “operates properly on a continuous basis.”
  • Article 124 – Requires firms to perform model validation activities on a regular cycle.
  • Article 125 – Calls for proper documentation of the design and details of the internal model.
  • Article 236 – Requires transparency and governance for subsidiaries.

Spreadsheet & UDA Control Leads to Sustainable Governance
Many EU firms are seeking approval to use their own internal model (vs. the standard model, e.g. Lloyds). Internal models provide an opportunity to tailor capital requirements given the proper internal controls and governance processes are in place. Many firms are using spreadsheets for solvency, financial and actuarial models. As such, regulators (including the FSA, CEIOPS, etc.) will be more likely to approve use of internal models if they are accurate and managed in a controlled environment. The Prodiance Enterprise Risk Manager (ERM) System provides a comprehensive solution for spreadsheet and UDA control for firms seeking Solvency II compliance.

Cohmad Fined $200k in Madoff Case for Failure to Keep Spreadsheet Records

Published August 17, 2010 Breaking News , Cases of Fraud & Errors Leave a Comment
Tags: , , , , , ,

Yet another case of spreadsheet fraud surfaced today in the Boston Globe. Cohmad Securities Corp. was fined $200,000 for failure to cooperate with Massachusetts state investigators inquiring about Cohmad’s role in the Madoff ponzi scheme. Cohmad was founded in 1985 by Maurice “Sonny” Cohn and Bernard Madoff. Apparently, Cohmad failed to maintain proper books and records of their trading operations, including a spreadsheet used to track client’s Madoff accounts. The state was tipped off when they found out that Cohmad had received $37.4 million in fees from Madoff’s firm between 2003 and 2007, which accounted for 90% of their revenues.

Key Takeaways

  • Uncontrolled spreadsheets can expose organizations to the risk of fraud, leading to non-compliance and/or fines.
  • By maintaining an up-to-date inventory of all critical spreadsheets, Access databases and end-user computing applications (EUCs, a.k.a. user-developed applications or UDAs) and applying the proper controls, an organization can easily be prepared for these type of routine investigations.
  • Technology such as the Prodiance ERM System can help automate inventory management, risk assessment, remediation and control.

Of course, all of this assumes the intentions of the executive staff are moral to begin with. Enough said on this note.

Read the Full Story

New White Paper Addresses Guidance from the IIA’s GTAG-14 on Auditing User-Developed Applications

Published August 2, 2010 Auditor Guidance , Best Practices , Breaking News , GTAG-14 , Regulatory Mandates Leave a Comment

Download the White PaperNew Guidance from the Institute of Internal Auditors
According to the newly released Global Technology Audit Guide (GTAG®) 14: Auditing User-developed Applications from The Institute of Internal Auditors: “User-developed applications (UDAs) typically consist of spreadsheets and databases created and used by end users to extract, sort, calculate, and compile organizational data to analyze trends, make business decisions, or summarize operational and financial data and reporting results. Almost every organization uses some form of UDAs because they can be more easily developed, are less costly to produce, and can typically be changed with relative ease versus programs and reports developed by IT personnel.”

The GTAG 14 is careful to point out that “once end users are given freedom to extract, manipulate, summarize, and analyze their UDA data without assistance from IT personnel, end users inherit risks.” These risks include errors in UDA logic (e.g. honest mistakes), non-compliance with regulatory mandates, and even fraud – all leading to a high likelihood of material errors. GTAG 14’s primary emphasis is to provide direction to internal auditors on how to scope an internal audit of UDAs and assist management with developing an effective UDA control framework. It also outlines other considerations that internal auditors should address when performing UDA audits, including functional requirements for best-of-breed tools, and best practices for controls over UDAs.

New Prodiance White Paper Addresses IIA GTAG-14 Guidance
Last week, Prodiance launched a new white paper that summarizes how the Prodiance Enterprise Risk Manager (ERM) system and associated professional service offerings enable organizations to fulfill the IIA’s guidelines for identifying, monitoring, and controlling mission critical User-Developed Applications (UDAs). The new, complimentary white paper is entitled Addressing Guidance from the IIA’s GTAG-14 for Auditing User-Developed Applications and can be downloaded from the Prodiance.com web site via the following link.

Download the White Paper

New Guidance from the IIA on Performing Spreadsheet Audits

Published July 12, 2010 Auditor Guidance , Best Practices , Breaking News , GTAG-14 Leave a Comment
Tags: , , , ,

The Institute of Internal Auditors (IIA) just published a new Global Technology Audit Guide (GTAG 14) entitled Auditing User-developed Applications which encourages internal auditors to consider performing audits for critical spreadsheets used in financial reporting. The guide was authored by spreadsheet domain experts, and provides an overview of the challenges and risks organizations face with uncontrolled spreadsheets, Access databases and other user-developed applications (UDAs) and provides a roadmap with considerations for performing an audit. There are also several sample templates for defining what a risky spreadsheet is, as well as capturing documentation, control procedures, and more.

An IIA membership and login is required to download the new GTAG 14 guide for free. Alternatively, nonmembers can purchase a copy for $25 per the IIA from their bookstore.

>> READ THE FULL STORY

Congratulations to DIRECTV for Receiving the 2010 OCEG GRC Achievement Award

Published June 14, 2010 Best Practices , Breaking News , Case Studies Leave a Comment
Tags: , , , , , ,

The Prodiance team would like to congratulate DIRECTV on receiving the 2010 Open Compliance and Ethics Group (OCEG) GRC Achievement Award. Announced during Compliance Week’s Fifth Annual Conference in Washington, D.C., May 24-26, 2010, the OCEG GRC Achievement Award recognizes organizations for innovative approaches to governance, risk management and compliance (GRC) to achieve Principled Performance®. DIRECTV was selected by a panel of industry experts from OCEG for implementing a sustainable solution to manage spreadsheet risk and compliance across the company based on Prodiance technology. Please join us in congratulating DIRECTV on this important achievement. We’re honored to have the DIRECTV team as active partners in the Prodiance user community, and we thank them for their involvement in driving GRC innovation.

Watch the video and read the full story here.

Prodiance and ThinkIT Join Forces to Deliver ERM Solutions through Lean First! Methodology

Published March 24, 2010 Breaking News Leave a Comment
Tags: , , , , ,

ThinkITPleasanton, Calif. and Norwalk, Conn.Prodiance Corporation, a leading provider of Governance, Risk and Compliance (GRC) software solutions, and ThinkIT, a leading IT strategy and consulting company that applies its Lean First! methodology to streamlining and automating business processes, today announced a formal partnership and comprehensive Enterprise Risk Management solution to automate internal controls for mission critical spreadsheets, Access databases, and other end-user computing (EUC) applications. The joint solution combines best of breed technology from Prodiance with professional services and domain expertise in LeanFirst! delivery methodology from ThinkIT to help firms improve internal controls while driving process efficiency.

“As an integration of Lean and SixSigma and other quality improvement programs, LeanFirst! is a methodology for aligning business and IT objectives, leveraging process improvement and reducing complexity and risk through simple metrics based outcomes,” said David Lee, Partner at ThinkIT. “We are very eager to combine Prodiance, the best of breed technology for spreadsheet control, with our unique experience in LeanFirst! to deliver faster results for clients.”

“The combination of ThinkIT’s leadership in process re-engineering and Prodiance’s experience in Enterprise Risk Management solutions made this the perfect partnership,” said Dr. Soheil Saadat, president and CEO at Prodiance. “By partnering with ThinkIT, we’re empowering customers to embed critical risk management controls into everyday business processes through best practices and technology automation.”

About Prodiance
Prodiance delivers Governance, Risk and Compliance (GRC) software solutions to help mitigate risk, increase transparency, and automate internal controls over End User Computing applications such as spreadsheets, databases and BI reports which comprise a significant portion of mission critical data within organizations. Prodiance leverages over 20 years experience in delivering innovative technology solutions for highly regulated markets. Leading global organizations in more than 15 countries across 5 continents representing a wide variety of industries – banking, insurance, capital markets, energy, telecommunications, manufacturing, media and entertainment, food and beverage, health care, pharmaceutical, and education – have chosen Prodiance as trusted partner to achieve their strategic goals. Prodiance Corporation is an independent, privately held company based in Pleasanton, California with offices in London, Chicago, Philadelphia, New York, The Netherlands, and Shanghai. Additional news and information about Prodiance solutions, products and services is available at www.prodiance.com or by calling +1.925.460.9191.

Prodiance PR Contact:
Eric Perry
Vice President, Marketing
Tel: +1-925-460-9191
Email: eric.perry@prodiance.com

About ThinkIT
ThinkIT is a global consulting company that specializes in the delivery of business solutions through innovative use of technology and process “lean-engineering.” Our philosophy is “Lean first then Digitize!” Whether your goals are to improve productivity, reduce costs, drive top line growth, increase customer loyalty, and/or instill strong controllership best practices, the ThinkIT team will deliver results backed by verifiable metrics and aligned to the goals of your business. For more information, please visit www.itthink.com.

ThinkIT PR Contact:
David Lee
Partner
Tel: +1-203-569-4142
Email: dlee@itthink.com

The Spreadsheet Risk Continuum

Published January 14, 2010 Best Practices , Breaking News , Press Articles Leave a Comment
Tags: , , , , , , , , ,

After more than 5 years of helping some of the world’s most successful global organizations reduce their risk and exposure due to uncontrolled spreadsheets, Access databases and other end-user computing (EUC) applications, it has become very clear that reducing the risk is as much about technology as it is about cultural change. Almost every company today is dealing with issues surrounding spreadsheet and EUC risk, all with varying levels of maturity. The way I see it, reducing the risk efficiently requires a few key ingredients for success, including: adopting a formal policy on End-user Computing, defining internal controls for critical spreadsheets and EUCs, incorporating best practices, and implementing new Spreadsheet Control technology. As these ingredients are put in place, the organization’s risk level eventually decreases along the Spreadsheet Risk Continuum.

Policies & Controls
In a previous post, I discussed the merits and basics of adopting a formal EUC policy. I have also discussed the latest auditor guidance on spreadsheet controls from the famous white paper published in 2004 by PwC. There about 10 key controls to consider, including: access control, version control, change control, backup and archival, input control, documentation, segregation of duties, logic inspection/analytics, development lifecycle and data integrity.

Best Practices
There are many best practices, but I will mention a few here. The first requires following a formal process when implementing Spreadsheet Control. At Prodiance, we have developed a methodology we call the Spreadsheet Management Lifecycle, which involves inventory, risk assessment, control, remediation and reporting. In addition, it is important to have users properly trained on how to efficiently develop spreadsheets. This can result in models that have have less margin for error because they are developed properly and are well documented.

Technology
The final stage in the Spreadsheet Risk Continuum involves implementing a technology solution to help make the earlier stages sustainable. Without technology, the tasks and controls  in the earlier stages become one-off projects, requiring end users to do extra work to follow policies. This manual approach often breaks down over time. So my point in all of this is the following:

To efficiently mitigate spreadsheet and EUC risk within an organization, there is a Spreadsheet Risk Continuum leading to success which requires a cultural change (e.g. policies, controls, best practices) and adoption of new technology.

What are your thoughts on this assertion?

Spreadsheets & Accounting Fraud – the Perfect Storm?

Published December 5, 2009 Auditor Guidance , Breaking News , Cases of Fraud & Errors , Press Articles Leave a Comment
Tags: , , , , , , ,

Accounting Fraud on the Rise
In November, PwC published a new report entitled The Global Economic Crime Survey: Economic Crime in a Downturn. Of 3,000 senior executives survey across 54 countries, 62% reported their organizations suffered a decline in revenues in the past year, and 40% reported the risk of economic crime has risen due to the recession. Given this 60-40 split, they expected organizations with increasing revenues would be immune to the increase in economic crime. However, this was not the case. To this end, economic crime remains a pervasive risk in today’s business environment where increasing pressures to perform, increased opportunities to commit fraud, and people’s attitude are skewed by survival instinct and personal motivation.

Spreadsheets & Fraud – The Perfect Storm?
One of the key findings from the survey is the sharp rise in accounting fraud, which contributed 38% of reported cases, which PwC claims is linked to the economic downturn. If we then link this trend with the ubiquity of spreadsheets used in financial and management reporting, we have the “perfect storm” conditions for fraud to occur. Spreadsheets, PC databases and other types of end-user computing applications (EUCs) are used to support many key financial and operational processes, including (but not limited to) journal entries, account reconciliations,  tracking and executing trades, revenue recognition, 401k contributions, executive compensation, actuarial processes, underwriting, budgeting, forecasting, and consolidation. Organizations are at risk and exposed when these mission critical spreadsheets are unmonitored and lack the proper IT controls such as change control, versioning, security and access control, segregation of duties, testing and validation, etc.

Is Your Organization at Risk?
So how do you know if your organization is at risk of spreadsheet accounting fraud? Clearly an assessment is needed which typically requires (at a minimum) performing an inventory and risk assessment of a sampling of key spreadsheets. This process can take several weeks or months to complete via manual means, but it can be accelerated by using Spreadsheet Management & Control software, domain expertise, and best practices from Prodiance. To read more about spreadsheets and fraud, I encourage readers to download my latest white paper entitled Fraud Detection & Prevention for Mission Critical Spreadsheets. For more details from the 2009 PwC Global Economic Crime Survey, you may download the full report here.

Your comments and thoughts?

Join the Prodiance Professional Network on LinkedIn

Published November 13, 2009 Best Practices , Breaking News , Events Leave a Comment
Tags: ,

Prodiance_LinkedIn_GroupProdiance has launched a new LinkedIn Group called the Prodiance Professional Network. The purpose of this group is to connect former and present Prodiance Enterprise Spreadsheet Management users, administrators and employees, allowing them to expand their professional development, exchange ideas, network and continue to be a part of the Prodiance community. The new group also provides news and updates from the company’s web site along with RSS feeds, recent blog posts, articles, upcoming events, job listings and Twitter feeds.

Join Here Today!

Next Page »

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 22 other followers

Follow Prodiance on Twitter

Prodiance on Twitter

Follow

Get every new post delivered to your Inbox.