Top 10 Compliance Spreadsheet Risks and How to Avoid Them – PART 1

One of the biggest threats to compliance isnâ??t your employees or hackers, but a trusted tool: the spreadsheet. It is unstructured, untracked, and unsecured.  Learn to recognize top spreadsheet risks and what you can do to reduce them.

Compliance experts estimate that 80 percent of enterprises use spreadsheets to support critical business functions. For example, in one Deloitte survey of 800 financial professionals, 88 percent said their firms “use spreadsheets of material importance in financial reporting.” At the same time, however, research suggests the typical spreadsheet has a 2 to 5 percent error rate.

As a result, spreadsheets are one of the biggest compliance risks facing regulated companies. Indeed, despite their prevalent use, the life of the average spreadsheet is unstructured, untracked, insecure, and potentially just inaccurate. Learn how to pre-emptively control challenges that can run afoul of Sarbanes-Oxley (SOX), Basel II, or numerous other laws which regulate the integrity of financial processes.

Bet on auditors wanting to see all spreadsheets relating to your companyâ??s financial reporting practices. Will your rows and columns pass compliance muster? To help mitigate the regulatory risks posed by spreadsheets, consider these 10 tips.

1: Acknowledge Spreadsheetsâ?? Programming Power

One issue with spreadsheets is theyâ??re simply so powerful.  The spreadsheet problem is largely due to the fact that weâ??ve given a programming language to a non-IT user without any development environment-type oversight or safeguards.  Theyâ??ve become the programmer, tester and the user – so youâ??ve just lost all objectivity. Whoâ??s going to detect the errors in that spreadsheet?

2: Expect Errors

The average spreadsheet contains a substantial number of errors Human error research indicates that for things about as complex as creating a spreadsheet formula, the error rate floor is about 2 percent to 5 percent. The reason: people tend to take shortcuts when doing math, and these shortcuts often produce errors. Regarding automation, please see tip number eight. On a related note, spreadsheet novices are three times as likely as experts to make mistakes.

Few companies, however, test for spreadsheet errors or outright fraud, preferring instead to eyeball resultsâ??often with predictable consequences. For example, one software developer may use two 15,000-cell Excel spreadsheets to project the market for its products, with figures rounded to whole numbers. Yet another user may inadvertently round the modifier for inflation down say from 1.06 to 1, consequently resulting in a market undervaluation. Such an error would obviously qualify as a material weakness.

3: Manage Spreadsheet Changes

One solution: donâ??t prohibit spreadsheet use, but rather identify which spreadsheets handle critical business functions, and then implement controls to ensure their integrity and accuracy, and especially to prevent fraud. For starters, apply change management controls to spreadsheets, including sign-offs, a record of all changes and the rationale for every change, plus rollback capabilities. Each spreadsheetâ??s business logic must also be thoroughly vetted, as with any application which handles complex business functions.

4: Beware the Orphans

When auditing spreadsheets, pay particular attention to the orphans: spreadsheets of unknown provenance which today still drive critical business processes. As Arthur C. Clarke wrote, “any sufficiently advanced technology is indistinguishable from magic,” and as anyone whoâ??s ever inherited a spreadsheet knows, some operate if not by magic, then at least through unintuitive logic that might take a lifetime to unravel.

Certainly, the average business user canâ??t be expected to accurately keep a 50-tab Excel workbook current.

5: Consider Versioning Software

The poster child of the spreadsheet world is Microsoft Excel. Until recently, however, software to manage Excel in regulated environments was scant. Beginning with Excel 2007, though, Microsoft itself began offering businesses a way to enforce change management, audit controls, and versioning for Excel spreadsheets. Together with SharePoint Server 2007, companies can even manage spreadsheets centrally and offer role-based access to HTML versions of spreadsheets.

Better Risk Management –- Using Risk Surveys to Identify, Assess and Mitigate Business Risks

Business Risk Assessment Surveys Strengthen Your Risk Management Process

Running a company is a risky proposition. Too much risk can be very costly, particularly when things go wrong. Too little risk can also be very costly, especially when smart risks are being avoided or too much money is being spent to limit risks.

Significant risks are often hidden or ignored by organizations. The best way to identify and assess these hidden and ignored risks is to survey managers and staff professionals at all levels of the organization. Business Risk Assessment Surveys collect risk information and insight from managers and other key employees and consolidate it by business unit and your organization overall.

Companies need a clearer understanding of the risks they are taking to protect the physical, financial, human and intellectual assets of their companies. The main goal is not to eliminate uncertainty. Instead, it is to be proactive in assessing and managing risk for your company’s advantage.

Risk assessment surveys are a critical tool for any successful risk management process. It is all about identifying, assessing and managing a wide range of risks at acceptable levels.

What risks does your organization face? How do you know?

Who is responsible for risk management in your organization? Does that person/department have the tools and resources to identify and assess risks effectively? Does your organization have a comprehensive list of risks that is updated annually?

The risk problems facing many organizations today

· Many complex and broad risks threatening your business

· Lack of tools and processes to identify and assess risk importance and likelihood

· Failure to identify and act on risks until it is too late

· Overspending to avoid risks

· Missed opportunities and profit due to excessive risk avoidance

· Financial losses and reputational impact due to risk failure

The solution for identifying and assessing risks

· Risk Assessment Surveys provide the solutions you need for assessing and managing risk at appropriate levels

· Risk Surveys gather information and insight from managers and decision makers across your company

· Connect the dots to understand where to focus risk initiatives

· Hone in on your organization’s specific risk assessment needs

· Collect suggestions for identifying and managing risk

· Business Risk Surveys typically include 30 â?? 70 questions that are included in the following risk categories:

1. External Risks

2. Operational Risks

3. Financial Risks

4. Sales, Marketing and Products/Services Risks

5. Human Resources and Organizational Effectiveness Risks

6. Management Risks

Business Risk Assessment Survey Metrics

Identifying and assessing risks and then managing the risks at appropriate levels can significantly increase profit and make earnings more predictable and consistent. A few of the many risks that can be identified, assessed and managed using Business Risk Surveys include:

· Risk of costly legal suits from employees, customers and competitors · Reputational · Competitor · Accounting · Investment · Economy · Customer (risk of losing customers, dependence on key customers) · Insurance (too much or too little insurance) · Accident · Business decision · Risk of employee turnover · Hiring · Product risk / service portfolio · Innovation / product development · Risk of lost business due to product and service problems · Business interruption / continuity · Capacity utilization / availability

· Inventory · Regulatory and legal compliance · Fraud and theft · Environmental /weather risk · Health and safety · Supplier · Outsourcing · Technology · Information · Bias, diversity and abuse · Management and key employee succession · Fiduciary · Facilities

Benefits of Business Risk Assessment Surveys

Business risk surveys generate significant bottom-line benefits and a very strong payback including:

· Reducing business risk uncertainty

· Protecting shareholders, customers, management, employees, board members and the community from costly, embarrassing problems and catastrophic events that may threaten profit, reputation and survival

· Raising awareness of business risks across the organization

· Measuring the importance and likelihood of each risk criteria in each business unit and across the organization, and tracking risk trends

· Reducing costs

· Increasing revenue through smart risk-taking

· Risk survey comments and suggestions identify actions for achieving breakthrough improvements

· Identifying hidden risks and possible solutions

· Creating a roadmap for making breakthrough improvements in risk levels

· Focusing managers’ energies on the highest payback risk management opportunities

· Managing risk more effectively

· Strengthening the culture of risk management collaboration and change

· Facilitating smart risk-taking

Other types of Risk Surveys

In addition to comprehensive Risk Surveys that identify and assess a wide range of risks across the organization, risk surveys that focus in detail on specific risk issues are an excellent way for organizations to identify and assess specific risks in considerable detail. Examples of detailed risk surveys include Contract Risk Assessment Surveys, State Regulation Risk Surveys, Ethics and Compliance Risk Culture Surveys and Sarbanes-Oxley 404 Surveys. Each of these surveys include many questions about these respective risks. Detailed risk surveys can also be conducted for each of the types of risks listed in this article.   

Summary message for CEOâ??s, COOâ??s, CFOâ??s, Risk Managers, Internal Auditors, General Counsels and others responsible for Risk Management

Risk surveys are a highly cost-effective way to protect your organization from unanticipated and hidden risks, and to avoid significant costs and threats to your organizationâ??s reputation due to risk incidents. The surveys provide loads of actionable information that can be used to identify and assess risk importance and likelihood, and for creating and monitoring execution of risk management action plans.

IT’s Role in Successfully Managing Sarbanes-Oxley Compliance: Leading CTOs and CIOs on Communicating with Management, Reducing Risks, and Controlling the …

Product Description
IT s Role in Successfully Managing Sarbanes-Oxley Compliance is an authoritative, insider s perspective on the ins and outs of SOX compliance. Featuring CTOs and CIOs representing some of the top companies in the nation, this book provides best practices for managing, monitoring, and measuring Sarbanes-Oxley success. Fundamentally a financial legislation enacted in response to corporate and accounting scandals, the first step to satisfying Sarbanes-Oxley requirements lies in partnering with finance and developing a crystal-clear vision for compliance. Driven by the need to not only meet SOX specifications but also to improve the overall audit program, these authors offer tips for minimizing potential risk and optimizing the compliance process by using prior knowledge to design compliance into existing and new systems. From ensuring an evolving vision to laying a solid foundation to instituting high control components, these authors explain how to establish a leadership position in managing SOX compliance. This book provides valuable insight for those striving to institute the checks and balances and accountability integral to SOX success while simultaneously remaining disciplined about business continuity by leveraging existing processes in place to comply with Sarbanes-Oxley. Highlighting the importance of taking a proactive approach to compliance rather than sitting on the sidelines, these authors demonstrate how to tackle Sarbanes-Oxley using a long-term perspective. The different niches presented and the breadth of perspectives represented enable readers to get inside some of the leading technology minds of today, as these insiders offer up their thoughts around the keys to improving IT governance by communicating with management, reducing risks, and keeping an eye on costs in short, by running IT like a business.

Inside the Minds provides readers with proven business intelligence from C-Level executives (Chairman, CEO, CFO, CMO, Partner) from the world s most respected companies nationwide, rather than third-party accounts from unknown authors and analysts. Each chapter is comparable to an essay/thought leadership piece and is a future-oriented look at where an industry, profession or topic is headed and the most important issues for the future. Through an exhaustive selection process, each author was hand-picked by the Inside the Minds editorial board to author a chapter for this book.

Chapters include:

1. Rajan Nagarajan, Senior Vice President and Chief Information Officer, Swift & Company – “Reducing Risk Associated with Sarbanes-Oxley Compliance”

2. Norbert J. Kubilus, Chief Information Officer, Sunterra Corporation – “Implementing General Controls for System Management”

3. Andrew C. Maychruk, Director, Information Technology, The PrivateBank and Trust Co. – “Keeping Up with Both Quality Control and Regulatory Compliance”

4. Arlin B. Goldberg, Executive Vice President, Information Technology, Eschelon Telecom Inc. – “Key Components of Achieving Sarbanes-Oxley Compliance”

5. Bennett Cikoch, Vice President, Information Technology, Midas International Corporation – “Setting the Tone for IT Compliance”

6. Ed Eskew, Vice President and Chief Information Officer, Bernard Chaus Inc. – “The Cost of Compliance”

7. Jorge de Cardenas, Senior Vice President, Information Technology, American Campus Communities Inc. – “Involving the Entire Team in the Process”

8. John Petrone, Senior Vice President and Chief Technology Officer, Autobytel Inc. – “Using Sarbanes-Oxley Compliance as an Enabler of High-Speed Growth”

9. Jay Bahel, Chief Information Officer, Brunswick New Technologies – “Managing Compliance and Developing New IT Processes”

Order from Amazon TODAY —> IT’s Role in Successfully Managing Sarbanes-Oxley Compliance: Leading CTOs and CIOs on Communicating with Management, Reducing Risks, and Controlling the …

Financial Reporting of Environmental Liabilities and Risks after Sarbanes-Oxley

Product Description
Financial Reporting of Environmental Liabilities and Risks is a complete guide to developing the underlying business systems to successfully report environmental matters in audited financial statements and reports filed with the Securities Exchange Commission (SEC). It sets forth relevant reporting and internal control standards and discusses important issues affecting reporting entities, accountants, lawyers, and environmental professionals.

Order from Amazon TODAY —> Financial Reporting of Environmental Liabilities and Risks after Sarbanes-Oxley

« Previous Page