The Top Six Risks of Employee Internet Use and How to Stop Them

When it comes to your employees’ use of the Internet, it isnt wise to underestimate the potential for damage to your organization. From a network used by dedicated scientific intellectuals devoted to honest research, the Internet has grown to become the worlds biggest clearinghouse for information of all kinds. At the same time, it has become a haven for inappropriate behavior and systems attacks, as well as posing a liability for any company that doesnt appropriately manage their employees’ Internet use. Due to the serious nature of many threats, the Internet use of even one unmonitored employee on a single unmanaged system can ravage a companys internal network, irrevocably delete critical data, and ultimately ruin the companys ability to conduct business. Situations like this arent works of fiction, but actual everyday occurrences for organizations with unprotected networks. Read this white paper to learn more about how to protect your organization from these threats.
ComplianceHome: SOX White Papers

Top 10 Compliance Spreadsheet Risks and How to Avoid Them – PART 1

One of the biggest threats to compliance isnâ??t your employees or hackers, but a trusted tool: the spreadsheet. It is unstructured, untracked, and unsecured.  Learn to recognize top spreadsheet risks and what you can do to reduce them.

Compliance experts estimate that 80 percent of enterprises use spreadsheets to support critical business functions. For example, in one Deloitte survey of 800 financial professionals, 88 percent said their firms “use spreadsheets of material importance in financial reporting.” At the same time, however, research suggests the typical spreadsheet has a 2 to 5 percent error rate.

As a result, spreadsheets are one of the biggest compliance risks facing regulated companies. Indeed, despite their prevalent use, the life of the average spreadsheet is unstructured, untracked, insecure, and potentially just inaccurate. Learn how to pre-emptively control challenges that can run afoul of Sarbanes-Oxley (SOX), Basel II, or numerous other laws which regulate the integrity of financial processes.

Bet on auditors wanting to see all spreadsheets relating to your companyâ??s financial reporting practices. Will your rows and columns pass compliance muster? To help mitigate the regulatory risks posed by spreadsheets, consider these 10 tips.

1: Acknowledge Spreadsheetsâ?? Programming Power

One issue with spreadsheets is theyâ??re simply so powerful.  The spreadsheet problem is largely due to the fact that weâ??ve given a programming language to a non-IT user without any development environment-type oversight or safeguards.  Theyâ??ve become the programmer, tester and the user – so youâ??ve just lost all objectivity. Whoâ??s going to detect the errors in that spreadsheet?

2: Expect Errors

The average spreadsheet contains a substantial number of errors Human error research indicates that for things about as complex as creating a spreadsheet formula, the error rate floor is about 2 percent to 5 percent. The reason: people tend to take shortcuts when doing math, and these shortcuts often produce errors. Regarding automation, please see tip number eight. On a related note, spreadsheet novices are three times as likely as experts to make mistakes.

Few companies, however, test for spreadsheet errors or outright fraud, preferring instead to eyeball resultsâ??often with predictable consequences. For example, one software developer may use two 15,000-cell Excel spreadsheets to project the market for its products, with figures rounded to whole numbers. Yet another user may inadvertently round the modifier for inflation down say from 1.06 to 1, consequently resulting in a market undervaluation. Such an error would obviously qualify as a material weakness.

3: Manage Spreadsheet Changes

One solution: donâ??t prohibit spreadsheet use, but rather identify which spreadsheets handle critical business functions, and then implement controls to ensure their integrity and accuracy, and especially to prevent fraud. For starters, apply change management controls to spreadsheets, including sign-offs, a record of all changes and the rationale for every change, plus rollback capabilities. Each spreadsheetâ??s business logic must also be thoroughly vetted, as with any application which handles complex business functions.

4: Beware the Orphans

When auditing spreadsheets, pay particular attention to the orphans: spreadsheets of unknown provenance which today still drive critical business processes. As Arthur C. Clarke wrote, “any sufficiently advanced technology is indistinguishable from magic,” and as anyone whoâ??s ever inherited a spreadsheet knows, some operate if not by magic, then at least through unintuitive logic that might take a lifetime to unravel.

Certainly, the average business user canâ??t be expected to accurately keep a 50-tab Excel workbook current.

5: Consider Versioning Software

The poster child of the spreadsheet world is Microsoft Excel. Until recently, however, software to manage Excel in regulated environments was scant. Beginning with Excel 2007, though, Microsoft itself began offering businesses a way to enforce change management, audit controls, and versioning for Excel spreadsheets. Together with SharePoint Server 2007, companies can even manage spreadsheets centrally and offer role-based access to HTML versions of spreadsheets.

Change Control Challenges: a Few Ways to Beat Them Up

Simply put, change control is the way that pharmaceutical, life science and technology companies (or any company for that matter) handle set-backs, “unpredictables” and upsets. Like people, companies have distinct ways of dealing with challenges and change. Some companies are calm……some have nervous breakdowns.

The question is this: How can your company avoid the change control breakdown?

The Change Control Debate

Some may say the key to good change control is a good quality control department. Others might say that interpersonal communication is the key.

Perhaps their arguments are convincing but they’ve missed the big picture: change control software.

Change Control Software: Calm, Secure and Streamlined

Effective change control software (yep, technology wins again) is actually remaking change control processes and giving some companies the “heads up” on a calm and very streamlined change control process.

This article is designed to help companies see how the “nervous breakdown” change control process and the calm and collected change control process differ with the variance of only one factor: change control software.

Change Control Challenge Scenario #1: Communication

Communication is obviously central to change control processes. However, the way companies use communication in relation to their change control processes is not always commensurate with wisdom!

Company #1

Company #1 decides to handle communication the paper-based way. Company #1 wants to save money and to avoid the hassle of looking for effective change management software. Because their system is paper-based the company does save money (at least at first) but company #1’s employees also spend more time connecting processes that are naturally disconnected (such as electronic spreadsheets, email clients and outdated hard copy SOPs). Their creation, routing and approval processes are manual (or hybrid) solutions and require that a lot of people waste a lot of time running around looking for the right people who are often inconveniently away from their desks. This results in a lot of outdated SOPs floating around on production floors, uncertainty regarding which document versions are the most recent, and frustrations with the “ignorant” lack of accountability on the part of employees who are supposed to be an essential part of the change control line up—not to mention a variety of headaches.

Poor Company #1. It’s about to have a nervous breakdown.

Company #2

Company #2, on the other hand, is skipping gleefully through the meadows of change control bliss. Okay, so maybe they aren’t skipping but at least they are confident that their change control process works. Why? Because their change control software system allows them to completely control their change control process online while simultaneously meeting all regulatory standards (FDA, ISO, EMEA and Sarbanes-Oxley compliance regulations). They can sit back and relax a bit because their change control process is connected. Their document management system is actually integrated with their change control system and with their CAPA, audit, customer complaint and training applications as well. Creation, routing and approval processes are all done electronically and/or automatically and are accompanied by version control features which act as assurances for companies who want only the latest (and greatest) version of a document to be available for revision. With their change control software, company #2’s records are also archived for regulatory compliance.

Change Control Challenge Scenario #2: Subsequent Training

The training procedures associated with change control documentation and regulation make a difference in every department from research to production. Take a look at how two distinct companies manage their change control associated training.

Company #1

Company #1 decides that a paper based system is the way to go. After hours of legwork and manual routing and approvals, the change control process is “finished” (hopefully) and their documentation is delivered to the respective personnel who will implement it. Personnel members who receive the documentation however often fail to locate and destroy old versions of the new SOP (or related document) and will likely be uninformed as to 1) whether associated training is necessary for new SOP procedures, 2) when and where the training will occur and 3) whether any type of exam will be required for the training to be completed.

Company #2

Company #2 is NOT sweating the small stuff. They know their resultant SOPs will be automatically routed and approved by those persons specified during the set-up of their change control software. Applicable personnel will also 1) be aware of any outdated documents because those documents will either be electronically inaccessible or (for hard copies) be watermarked with appropriate dates, 2) will be updated regarding whether or not training is necessary, 3) will be apprised as to when and where training will occur, and 4) will be provided with electronic quizzes or exams if required for training procedures.

What are you waiting for?

It’s no wonder that some companies are walking through change control wonderland. They have access to viable change control software! Start searching for a flexible change control software solution for your own company and save yourself a change control breakdown.