Category Archives: Financial Risk Management

Для тех, кто интересуется безопасным доступом к онлайн-играм, наш партнер предлагает зеркало Вавады, которое позволяет обходить любые блокировки и сохранять доступ ко всем функциям казино.

The Risky Side of Unmanaged Spreadsheets

Posted on by

For years enterprises have attempted to move away from spreadsheets in favor of enterprise resource planning (ERP) systems, accounting systems and various other software systems and applications. Yet, no matter how hard organizations try, it seems spreadsheets will not go away.

Besides being easy to use and accessible, people are comfortable working with spreadsheets. When they have a job to do, spreadsheets are there—not waiting for IT. Yet when left unmanaged, the risks associated with spreadsheets can prove costly, resulting in bad business decisions, regulatory penalties, and even lawsuits. In some instances, unmanaged spreadsheets are costing organizations millions of dollars.

For example, last October a spreadsheet mistake cost Tibco shareholders $100 million during a sale to Vista Equity Partners. Goldman, Tibco’s adviser, used a spreadsheet that overstated the company’s share count in the deal. This error led to a miscalculation of Tibco’s equity value, a $100 million savings for Vista and a slightly lower payment to Tibco’s shareholders.

Earlier this year it was discovered that the Lubbock Housing Authority mistakenly posted applicants’ personal information on its website. In a rush to get the spreadsheet online before the holiday break, staff inadvertently posted the wrong file. As a result, the names, addresses, complete social security numbers and estimated incomes of applicants appeared online for all to see.

Then there was the case of Bulkhead Beef. The company filed a federal complaint against rival meat purveyor, Revere Meat Co., for taking key competitive information including its most valuable data found within its yield formula spreadsheet. While one case involved theft and the others appear to be fat finger errors, these cases confirm that left unmanaged, spreadsheets expose organizations to risk.

Despite the risks associated with spreadsheets, however, they remain a critical analysis tool for enterprises large and small. In the coming years, spreadsheets can be expected to grow in size and complexity. This means the challenges of managing them, and the associated risk, will only increase.

Why spreadsheets remain relevant

For years, businesses have attempted to do away with spreadsheets in favor of ERP systems, which offer the controls necessary to minimize risk. In today’s global economy where outsourcing is the norm and M&A activity is high, however, there is a lot more collaboration. The complexities associated with integrating data between multiple ERP systems makes spreadsheets an appealing option for analysis.  Disparate ERP systems don’t work together; therefore, rather than waiting on IT, spreadsheets are being used as the point of integration. Once data is exported to an Excel spreadsheet, however, the controls in place are gone. There is no way to monitor changes, control access, or to ensure that errors or risks were not introduced into the process.

While there are many cloud-based applications businesses can purchase to replace spreadsheets, the reality is that spreadsheets remain a reliable standby. When business shifts and an application that was purchased no longer fits, or an analysis is requested that the application doesn’t provide, the ability to export data to Excel is a reliable option that business users continue to turn to. While there are risks, they are willing to take them to get the job done. Fortunately, technology advances are enabling enterprises to overcome spreadsheet complexities. Automated risk and analysis solutions provide much needed insight into potential risk and errors that may be hiding in spreadsheets. Yet many organizations don’t use spreadsheet management solutions simply because they are unaware this technology exists.

Taking the risk out of spreadsheets

Taking a methodical approach to understanding where risks may hide is the first step in managing spreadsheets across an organization. Spreadsheet management solutions offer detailed insight into spreadsheets, regardless of where they reside on a network or how many exist. These solutions provide visibility into who is working on a spreadsheet, how many people are working on it, when something changes, what changed, and who made those changes. The ability to monitor and track this information over a period of time provides valuable insight into whether policies are being met, while making it significantly easier to identify potential risk.

For even greater transparency and risk management, many spreadsheet management solutions will allow threshold alerts to be set if certain changes occur such as commission percentages or diluted shares. These red flag-type alerts can be customized to meet a certain criteria and can be as basic or detailed as necessary. Thresholds also can be set to alert auditors to disparate currency and tax changes; this information is especially useful when dealing with global mergers and acquisitions. Threshold alerts serve as automated checks and balances to ensure that inaccuracies are not missed. For example, had an alert been set to notify auditors when the number of shares was changed in the Tibco case, this issue could have been avoided.

Threshold alerts also could have prevented the Bulkhead Beef and the LHA situations as well. There is significant value in understanding the data lineage and being alerted when things just don’t appear right. If people are downloading documents and information that is not within their job responsibilities or there is a sudden increase in the amount of data being viewed or pulled that is inconsistent with past access, for example, having an alert system in place can help enterprises stop potentially damaging situations before they occur.

Spreadsheets aren’t going away

Spreadsheets can be found nearly everywhere within a company. Excel spreadsheets continue to meet the analytical needs of companies today, especially when it comes to analyzing and reporting financial results and providing evidentiary support for decision-making. They are used for managing forecasts, inventory levels and much more.

It is clear that spreadsheets are not going away. Until enterprises wake up to this reality, news stories will continue to appear detailing the latest spreadsheet disaster. There are user-friendly enterprise offerings available for managing spreadsheets. With the right infrastructure, transparency and governance can be achieved, and costly errors and unwanted headlines avoided.

 

Why Aren’t We Performing Risk Management Well?

Posted on by

Whenever a project is being planned, risk management has to be part of the equation – things rarely go smoothly or completely as expected, and there will always be areas that present more risks than others. Whether they affect the projected timeframes, budgets or outcomes, it is the job of the project manager to identify them and ensure that provisions are in place to limit their impact should they occur.

However, failures are made in risk management every day – they helped to trigger the economic crisis in 2008, demonstrating that even the world’s biggest banks, which take financial and logistical risks every day, are not immune to risk mismanagement. With this in mind, it’s understandable that smaller projects and processes might suffer from errors made in risk management.

Why aren’t we performing risk management well, then? With project management an ever-growing sector and more and more jobs being created every day, the next generation of risk managers needs to be able to identify issues in order to rectify them.

Unknown Unknowns

One of the most problematic aspects of risk management is the concept of “unknown unknowns” – the risks that we can’t predict and don’t even know could occur. As thorough as a risk management plan might be, there are some areas that it just can’t cover because they technically do not exist until the project has started and will arise as a result of the ongoing work.

online pharmacy cytotec with best prices today in the USA

There is little that can be done about unknown unknowns – the only way that they can be completely avoided is if the project is never started, which is not a viable option.

online pharmacy sildalis with best prices today in the USA

Any project inherently contains risks, but they can be risks that work out positively for the project and the organization. There is every chance that unknown unknowns may turn out that way.

Lack of Data

A lot of project risks are identified using historical data, which isn’t always credible – in the stock market, it is impossible to figure out future trends by using past events, and it’s the same here. However, data can be utilized to an extent, which means that the job is made a lot more difficult when it isn’t available.

A recent survey by the Economist Intelligence Unit states that more than half of risk executives at banks around the world have insufficient data to support a robust risk management strategy – therefore, there is no reason to suggest that, should the situation be the same in other industries, they would be any better equipped to produce a decent risk management strategy with the same data deficiencies.

Intimidation

On a very basic level, it can be quite intimidating to think about the number of risks that a project might possess, and risk managers can be concerned about seeming overly negative, affecting people’s opinions of the project and potentially the methods and processes used to complete the project. One might argue that if someone lacks this kind of forthrightness, they should not be involved in project management, but it is a weakness that has to be legislated for.

To not perform risk management thoroughly, however, smacks of incompetence and costs the organization as a whole both time and money. The responsible thing is to highlight risks so that they can be planned for in the event that they occur.

online pharmacy neurontin with best prices today in the USA

Don’t worry about telling stakeholders anything they don’t want to hear – it just might trigger a different, better way of doing things.

Biggest Bank Robberies of the 21st Century

Posted on by

Many of the top perceived risks in the banking industry are focused on new developments. According to last year’s Protiviti survey “Executive Perspective on Top Risks for 2014,” financial services industry professionals projected that the biggest risks would be regulatory changes, cyber threats, and protecting the privacy and security of their customers amid greater use of cloud computing, social media and mobile technology.

One of the oldest threats banks face, however, still packs quite a punch for the bottom line. As Ross Smith of Fast Locksmith illustrates in the infographic below, bank robberies may be more closely associated with the days of Bonnie and Clyde and Old West sheriffs, but they have cost the industry billions since 2000. Check out some of the biggest bank robberies of the 21st century:

Bank Robbery Infographic

 

Be Proactive in Managing Whale Phishing Risks

Posted on by

Shutterstock, Chris Roe

The rash of incidents involving whale-phishing has created new challenges for risk managers. In these cases, criminals use a combination of emails and phone calls to scam companies out of large sums of money through fraudulent wire transfers.

Perpetrators use emails that appear to come from senior executives to instruct employees that have access to a company’s finances to transfer large sums of money to temporary accounts held by the criminals. By the time the fraud is discovered, accounts typically have been closed and the criminals can’t be traced.

Managing this exposure calls for careful planning and a coordinated effort both within the organization and with external providers and trading partners. For risk managers, navigating this exposure might involve the following steps:

• Assess your vulnerabilities. Form an “anti-whale-phishing” team with executives from your finance/treasury, security, legal, operations, IT and HR departments to identify where your firm might be vulnerable and the individuals most likely to be targeted by outside perpetrators.

buy biaxin online https://ozgurmd.com/wp-content/uploads/2023/10/jpg/biaxin.html no prescription pharmacy

• Establish clear protocols for any fund transfers. Make sure there are multiple internal steps for approval of any financial transactions that exceed defined sums.  Don’t allow any exceptions and make sure all senior leaders of the firm are aware of the protocols, comply fully and consistently reinforce them with staff.

buy avodart online https://ozgurmd.com/wp-content/uploads/2023/10/jpg/avodart.html no prescription pharmacy

• Communicate protocols within your organization. Be sure everyone with access to funds who might be targeted for these types of scams is fully aware of the protocols, the reasons they are being implemented, understands there are absolutely no exceptions, and knows how to report any email,  phone call or other communication that appears suspicious.

• Coordinate with your banking/financial institutions. Establish protocols with your financial institutions with respect to any requests for wire transfers that exceed clearly identified thresholds.

• Check your crime insurance coverage. Meet with your broker to review how your crime policy might respond to any claims related to whale-phishing losses. You may have to arrange a meeting with your insurer to clarify or add policy language that will extend coverage for these types of losses.

• Look for coverage opportunities under cyber policies. Your broker will help you determine how and whether your current cyber insurance policy might address first-party losses, such as those resulting from a whale-phishing attack. As protection under cyber insurance policies continues to expand, see if there is related coverage under newer stand-alone policies.

• Maintain organizational vigilance. Work with your anti-whale-phishing team to continue to monitor risks associated with whale-phishing. Monitor changes in employee responsibilities, promotions, new hires, adjustments in banking relationships, email system updates, and any other developments that may affect your organization’s vulnerability to potential risks.

• Remember, time is not on your side. Plan ahead to know what federal investigative agency is best for you, such as Secret Service or the FBI. Call them while the bad guys are still communicating and before you take actions to scare them off.

As these scams evolve and become more sophisticated, whale-phishing is likely to remain a significant risk for businesses and other employers. By taking steps before a loss occurs, risk managers can put their organizations in position to manage this difficult and potentially costly exposure.