Archive for the 'Press Articles' Category

The Spreadsheet Risk Continuum

Published January 14, 2010 Best Practices , Breaking News , Press Articles Leave a Comment
Tags: , , , , , , , , ,

After more than 5 years of helping some of the world’s most successful global organizations reduce their risk and exposure due to uncontrolled spreadsheets, Access databases and other end-user computing (EUC) applications, it has become very clear that reducing the risk is as much about technology as it is about cultural change. Almost every company today is dealing with issues surrounding spreadsheet and EUC risk, all with varying levels of maturity. The way I see it, reducing the risk efficiently requires a few key ingredients for success, including: adopting a formal policy on End-user Computing, defining internal controls for critical spreadsheets and EUCs, incorporating best practices, and implementing new Spreadsheet Control technology. As these ingredients are put in place, the organization’s risk level eventually decreases along the Spreadsheet Risk Continuum.

Policies & Controls
In a previous post, I discussed the merits and basics of adopting a formal EUC policy. I have also discussed the latest auditor guidance on spreadsheet controls from the famous white paper published in 2004 by PwC. There about 10 key controls to consider, including: access control, version control, change control, backup and archival, input control, documentation, segregation of duties, logic inspection/analytics, development lifecycle and data integrity.

Best Practices
There are many best practices, but I will mention a few here. The first requires following a formal process when implementing Spreadsheet Control. At Prodiance, we have developed a methodology we call the Spreadsheet Management Lifecycle, which involves inventory, risk assessment, control, remediation and reporting. In addition, it is important to have users properly trained on how to efficiently develop spreadsheets. This can result is models that have a smaller file size and have less margin for error because they are developed properly and are well documented.

Technology
The final stage in the Spreadsheet Risk Continuum involves implementing a technology solution to help make the earlier stages sustainable. Without technology, the tasks and controls  in the earlier stages become one-off projects, requiring end users to do extra work to follow policies. This manual approach often breaks down over time. So my point in all of this is the following:

To efficiently mitigate spreadsheet and EUC risk within an organization, there is a Spreadsheet Risk Continuum leading to success which requires a cultural change (e.g. policies, controls, best practices) and adoption of new technology.

What are your thoughts on this assertion?

Spreadsheets & Accounting Fraud – the Perfect Storm?

Published December 5, 2009 Auditor Guidance , Breaking News , Cases of Fraud & Errors , Press Articles Leave a Comment
Tags: , , , , , , ,

Accounting Fraud on the Rise
In November, PwC published a new report entitled The Global Economic Crime Survey: Economic Crime in a Downturn. Of 3,000 senior executives survey across 54 countries, 62% reported their organizations suffered a decline in revenues in the past year, and 40% reported the risk of economic crime has risen due to the recession. Given this 60-40 split, they expected organizations with increasing revenues would be immune to the increase in economic crime. However, this was not the case. To this end, economic crime remains a pervasive risk in today’s business environment where increasing pressures to perform, increased opportunities to commit fraud, and people’s attitude are skewed by survival instinct and personal motivation.

Spreadsheets & Fraud – The Perfect Storm?
One of the key findings from the survey is the sharp rise in accounting fraud, which contributed 38% of reported cases, which PwC claims is linked to the economic downturn. If we then link this trend with the ubiquity of spreadsheets used in financial and management reporting, we have the “perfect storm” conditions for fraud to occur. Spreadsheets, PC databases and other types of end-user computing applications (EUCs) are used to support many key financial and operational processes, including (but not limited to) journal entries, account reconciliations,  tracking and executing trades, revenue recognition, 401k contributions, executive compensation, actuarial processes, underwriting, budgeting, forecasting, and consolidation. Organizations are at risk and exposed when these mission critical spreadsheets are unmonitored and lack the proper IT controls such as change control, versioning, security and access control, segregation of duties, testing and validation, etc.

Is Your Organization at Risk?
So how do you know if your organization is at risk of spreadsheet accounting fraud? Clearly an assessment is needed which typically requires (at a minimum) performing an inventory and risk assessment of a sampling of key spreadsheets. This process can take several weeks or months to complete via manual means, but it can be accelerated by using Spreadsheet Management & Control software, domain expertise, and best practices from Prodiance. To read more about spreadsheets and fraud, I encourage readers to download my latest white paper entitled Fraud Detection & Prevention for Mission Critical Spreadsheets. For more details from the 2009 PwC Global Economic Crime Survey, you may download the full report here.

Your comments and thoughts?

Spreadsheet Compliance: 5 Steps to Success

Published February 28, 2009 Auditor Guidance , Press Articles Comments
Tags: , ,

 

5 Steps to Success

5 Steps to Success

This article entitled 5 Steps to Success for Spreadsheet Compliance

by Jefferson Wells and Prodiance outlines 5 pragmatic steps organizations can take to improve spreadsheet compliance, including:

1. Inventory all spreadsheets

2. Assess spreadsheet risk

3. Perform mathmatical verification

4. Establish a controlled environment

5. Establish a corporate policy on spreadsheet control

You can download the article here from the Compliance Week web site.

The Trouble with Spreadsheets – Grenville Croll of EuSpRIG

Published February 24, 2009 Press Articles Leave a Comment
Tags: ,
The UK's leading spreadsheet specialist

Grenville Croll

This recent article published in Finance Director Europe by Grenville Croll, the UK’s leading specialist in spreadsheets, looks at automated solutions to help manage and control critical spreadsheets.

Read the full article here.

Are Greed, Lack of Oversight & Lack of Transparency to Blame?

Published February 24, 2009 Press Articles Leave a Comment
Tags: , , , ,
President and CEO, Prodiance Corporation

President and CEO, Prodiance Corporation

In the midst of the current economic crisis, greed, lack of oversight, and lack of transparency have left an “open door” in many organizations for non-compliance, gross accounting errors, and even fraud. According to Baseline Consulting, approximately 68% of today’s corporate data is managed in IT controlled applications, and 32% is stored in key spreadsheets, Access databases, BI and management reports, office documents, and other end-user computing (EUC) applications. In many cases, these EUCs are managed in uncontrolled environments and lack the proper safeguards and controls needed to ensure that bad things don’t happen. It’s these bad things – gross errors in key spreadsheets, “undocumented” transactions hidden in invisible cells or hidden worksheets, unauthorized changes, and logic errors – that create unacceptable risk and exposure for organizations. Read more.

Subscribe by Email Subscribe by Email
Add to Technorati Favorites

Prodiance on Twitter