Cloud Spreadsheet Manager delivers on-demand control of spreadsheets to support audit and compliance, governance and financial reporting
ClusterSeven, the leading global supplier of strategic spreadsheet and end-user computing (EUC) management software, has launched Cloud Spreadsheet Manager (CSM), an enterprise level, on-demand spreadsheet management solution. CSM will enable organisations to have complete control of their spreadsheet environment to support audit and compliance, governance and financial reporting in the most efficient and productive manner.
Organisations will have the ability to risk check files for errors, compare multiple versions of a spreadsheet to ensure accuracy and manage business-critical spreadsheets with an automatic audit trail in the cloud – in parallel to their enterprise systems – whenever and from where ever they need to. CSM is delivered securely via the Microsoft Azure platform. ClusterSeven is a Microsoft Gold certified partner and a member of the company’s Independent Software Vendor program.
“Financial reporting is putting a major strain on the office of the CFO and the need for transparency around the creation of critical reports has never been greater. In addition to internal reporting, regulatory compliance demands such as Sarbanes Oxley is growing. For instance, the Public Company Accounting Oversight Board (PCAOB) is demanding that organisations institute tighter reporting controls and demonstrate evidence of those processes,” explained Henry Umney, CEO of ClusterSeven. “With spreadsheets used extensively for modelling and reporting, organisations need anytime, anywhere access to spreadsheet management and risk checking processes to ensure timely, accurate reporting. CSM delivers against these requirements.”
Recent research by the FSN Modern Finance Forum reveals that financial reporting is keeping 97% of CFOs awake at night. This finding is based on the largest and most authoritative global survey of its kind.
CSM enables organisations to understand the complexity of spreadsheets and identify where there might be potential for error so that the issue can be proactively remediated by amending the spreadsheet design or implementing stronger controls and usage policies. “This type of remediation is where the ClusterSeven Partner Network adds significant value. Many of our partners are developing specific offerings around CSM to deliver innovative value-added services to their customers,” commented Tony Bethell, VP Strategic Alliances.
Often multiple versions of a spreadsheet get created by users. CSM allows users to compare different versions of a spreadsheet to quickly identify how it has changed, enabling organisations to reduce the risk of errors in business-critical applications. This will facilitate increased confidence in the accuracy of data used for audit and compliance and financial reporting.
Setting up secure remote working for financial services
By Pete Watson, CEO, Atlas Cloud
Financial advisors, insurers, banks and brokers; the entire financial services sector has been forced to rethink operating models to keep staff safe and clients served throughout a global pandemic. Traditionally, the industry as a whole has been slower to embrace home working and the solutions that power it, as roles were heavily office-based, or branch-based in the case of traditional banks.
Underpinned by stringent regulations and with access to an abundance of sensitive data, the process of remote cloud-based working is not only a discussion of logistics. It also throws up huge security considerations for firms making the transition. With 95% of financial services applications now said to possess vulnerabilities, it is easy to understand any reservations these companies might have about implementing a Software-as-a-Service working environment.
However, these same concerns may also hinder success in the long run, as a more flexible digital approach moves from value-added to business-critical in a remote setting. The question is, how do firms create a setup that both minimises risk and maximises success?
Understanding your needs
As with every new technology, the first step is understanding why your business needs it. Like all modern workplaces, financial service firms expect a lot from their IT infrastructure. Users require better connectivity, access and speed from their systems and decision makers must implement a network connectivity infrastructure that can meet these demands. Today, this setup must also account for every device that employees are using to work remotely.
Next is the fundamental security considerations. It goes without saying that financial services epitomise the need for watertight IT systems. Financial service firms store their sensitive information within key applications, all of which vary based on the service requirements. With sensitive customer and company data stored in applications and on devices, their networks are at constant risk of compromise.
Protecting this information is a necessity and managing a large scale shift to the cloud must cover every base – particularly as cybercriminals have raised their game to ‘exploit the chaos’ during lockdown. However, there often is a big difference between where those key applications are hosted.
Setting up securely
If financial firms have older applications, then data will typically be stored on-premise on company servers. Where this is the case, moving to a cloud-hosted virtual desktop environment offers a quick way to get remote working underway securely and with minimal friction. Modern Desktop-as-a-Service (DaaS) solutions can replicate the familiar desktop setting users know and love, but allow them to access all data, email and applications from anywhere and on any device. With all data managed in a secure cloud setting, no sensitive data is stored directly on the end-user device. This improves all-important cyber resilience without having to invest large resources in upgrading to new iterations of required software applications.
In other cases, many firms have already migrated legacy on-premise applications to SaaS-based applications, which alleviates the hosting burden with access enabled through your everyday web browser. However, where sensitive data is concerned, it is not quite so easy to just give employees access to a SaaS platform, where they can use any device and download often sensitive data to uncontrolled personal devices outside of the company network.
This issue has intensified in lockdown. A recent survey found that 23% of those working in financial services are now using their laptop to work, with 43% storing work on their personal devices. Inevitably, more devices in use leads to more potential entry points. A large amount of trust is placed with individuals to make sure they’re working safely. But when handling large caches of highly sensitive data, even the smallest oversight or breach could prove disastrous when adequate levels of threat protection are not in place. With 20% of home workers having taken no action to mitigate potential cyber threats during lockdown, successful security becomes about the safeguards that firms actively put in place.
To alleviate risk, companies would previously look to IP address blocking, which restricts access to SaaS logins to only ‘whitelisted’ IP addresses, such as the company premises. When working out of the office, you could then use a VPN to route your internet back through the office and allow access. However, as many have learned, a VPN-based approach has inherent security challenges that can be exploited by attackers to gain access to a network. A weak identity or unguarded device can allow unwanted visitors access to data through a VPN, with many often flying under the radar undetected. What’s more, in a time where access to on-premise devices and networks is limited, the significant housekeeping to stay on top of patching VPNs is by no means scalable or effective.
Assessing your options
Hosted virtual desktops offer a convenient solution to these issues, as firms no longer need to rely on the security of every device, and all security patching and updates can be applied to all users simultaneously. Yet, for firms already running their business from SaaS applications that enable access from anywhere – albeit not as effectively – this can seem an unnecessary expense. So, how do you then unlock the security benefits without overhauling your IT approach?
There are various solutions that offer add-on security features to your existing SaaS-based setup. The likes of Citrix Workspace can deliver a secure multi-factor login into one controlled cloud environment, providing access to pre-approved company apps and file storage with one-click access. Although a seemingly simple change, this additional layer not only keeps firms in control, but also affords user access to business-critical information and apps from any Internet-enabled location.
This calibre of financial data naturally makes firms across the sector susceptible to an array of other cyber threat tactics. Financial services are no stranger to spam emails which include viruses, or calculated impersonation attacks designed to deceive staff with malicious attachments, URLs and other pieces of content. When assessing an workspace setup, financial service companies must consider exploring multi-level assessment solutions that deliver advanced checks to protect them from this popular method of attack. What’s more, modern disaster recovery from certified suppliers can reduce risk of network downtime, eliminating the potential reputational damage (as TSB suffered) and FCA fines and maintain continuity with data loss measured in seconds, not minutes.
Remote working is here to stay, and the time to act on security is now. While it can be a daunting task for finance companies, simply ignoring the growing cyber risks of a modern working environment could be catastrophic. By working with the right partners to put these safeguards in place, financial services can arm their workforce with secure remote working at scale, keeping threat at bay and maintaining the standard of client care needed to assure customers in times of change.
Why technology is key to the future of auditing
By Piers Wilson, Head of Product Management at Huntsman Security
The Financial Reporting Council (FRC), which is responsible for corporate governance, reporting and auditing in the UK, has been consulting on the role of technology in audit processes. This highlights growing recognition for the fact that technology can assist audits, providing the ability to automate data gathering or assessment to increase quality, remove subjectivity and make the process more trustworthy and consistent. Both the Brydon review and the latest AQR thematic suggest a link between enhanced audit quality and the increasing use of technology. This goes beyond efficiency gains from process automation and relates, in part, to the larger volume of data and evidence which can be extracted from an audited entity and the sophistication of the tools available to interrogate it.
As one example, the PCAOB in the US has for a while advocated for the provision of audit evidence and reports to be timely (which implies computerisation and automation) to assure that risks are being managed, and for the extent of human interaction with evidence or source data to be reflected to ensure influence is minimised (the more that can be achieved programmatically and objectively the better).
However, technology may obscure the nature of analysis and decision making and create a barrier to fully transparent audits compared to more manual (yet labour intensive) processes. There is also a competition aspect between larger firms and smaller ones as regards access to technology:
Brydon raised concerns about the ability of challenger firms to keep pace with the Big Four firms in the deployment of innovative new technology.
The FRC consultation paper covers issues, and asks questions, in a number of areas. Examples include:
- The use of AI and machine learning that collect or analyse evidence and due to the continual learning nature, their criteria for assessment may be difficult to establish or could change over time.
- The data issues around greater access to networks and systems putting information at risk (e.g. under GDPR) or a reluctance for audited companies to allow audit firms to connect or install software/technologies into their live environments.
- The nature of technology may mean it is harder for auditors to understand or establish the nature of data collection, analysis or decision making.
- The ongoing need to train auditors on technologies that might be introduced, so they can utilise them in a way that generates trusted outputs.
Clearly these are real issues – for a process that aims to provide trustworthy, objective, transparent and repeatable outputs – any use of technology to speed up or improve the process must maintain these standards.
Audit technology solutions in cyber security
The cyber security realm has grown to quickly become a major area of risk and hence a focus for boards, technologists and auditors alike. The highly technical nature of threats and the adversarial nature of cybers attackers (who will actively try and find/exploit control failures) means that technology solutions that identify weaknesses and report on specific or overall vulnerabilities are becoming more entrenched in the assurance process within this discipline.
While the audit consultations and reports mentioned above cover the wider audit spectrum, similar challenges relate to cyber security as an inherently technology-focussed area of operation.
Benefits of speed
The gains from using technology to conduct data gathering, analysis and reporting are obvious – removing the need for human questionnaires, interviews, inspections and manual number crunching. Increasing the speed of the process has a number of benefits:
- You can cover larger scopes or bigger samples (even avoid sampling all together)
- You can conduct audit/assurance activities more often (weekly instead of annually)
- You can scale your approach beyond one part of the business to encompass multiple business units or even third parties
- You get answers more quickly – which for things that change continually (like patching status) means same day awareness rather than 3 weeks later
Benefits of flexibility
The ability to conduct audits across different sites or scopes, to specify different thresholds of risk for different domains, the ease of conducting audits at remote locations or on suppliers networks (especially during period of restricted travel) are ALL factors that can make technology a useful tool for the auditor.
Benefits of transparency
One part of the FRC’s perceived problem space is that of transparency, you can ask a human how they derived a result, and they can probably tell you, or at least show you the audit trail of correspondence, meeting notes or spreadsheet calculations. But can you do this with software or technology?
Certainly, the use of AI and machine learning makes this hard, the learning nature and often black box calculations are not easy to either understand, recalculate in a repeatable way or to document. The system learns, so is always changing, and hence the rationale that a decision might not always be the same.
In technologies that are geared towards delivering audit outcomes this is easier. First, if you collect and retain data, provide an easy interface to go from results to the underlying cases in the source data, it is possible to take a score/rating/risk and reveal the specifics of what led to it. Secondly, it is vital that the calculations are transparent, i.e. that the methods of calculating risks or the way results are scored is decipherable.
Benefits of consistency
This is one obvious gain from technology, the logic is pre-programmed in. If you take two auditors and give them the same data sets or evidence case files they might draw different conclusions (possibly for valid reasons or due to them having different skill areas or experience), but the same algorithm operating on the same data will produce the same result every time.
Manual evidence gathering suffers a number of drawbacks – it relies on written notes, records of verbal conversations, email trails, spreadsheets, or questionnaire responses in different formats. Retaining all this in a coherent way is difficult and going back through it even harder.
Using a consistent toolset and consistent data format means that if you need to go back to a data source from a particular network domain three months ago, you will have information that is readily available and readable. And as stated above, if the source data and evidence is re-examined using a consistent solution, you will get the same calculations, decisions and results.
Benefits of systematically generated KPIs, cyber maturity measures and issues
The outputs of any audit process need to provide details of the issues found so that the specific or general cases of the failures can be investigated and resolved. But for managers, operational teams and businesses, having a view of the KPIs for the security operations process is extremely useful.
Of course, following the “lines of defence” model, an internal or external “formal” audit might simply want the results and a level of trust in how they were calculated; however for operational management and ongoing continuous visibility, the need to derive performance statistics comes into its own.
It is worth noting that there are two dimensions to KPIs: The assessment of the strength or configuration of a control or policy (how good is the control) and the extent or level of coverage (how widely is it enforced).
To give a view of the technical maturity of a defence you really need to combine these two factors together. A weak control that is widely implemented or a strong control that provides only partial coverage are both causes for concern.
Benefits of separation of process stages
The final area where technology can help is in allowing the separation and distribution of the data gathering, analysis and reporting processes. It is hard to take the data, evidence and meeting notes from someone else and analyse it. For one thing, is it trustworthy and reliable (in the case of third-party assurance questionnaires perhaps)? Then it is also hard to draw high-level conclusions about the analysis.
If technology allows the data gathering to be performed in a distributed way, say by local site administrators, third-party IT staff or non-expert users BUT in a trustworthy way, then the overhead of the audit process is much reduced. Instead of a team having to conduct multiple visits, interviews or data collection activities the toolset can be provided to the people nearest to the point of collection.
This allows the data analysis and interpretation to be performed centrally by the experts in a particular field or control area. So giving a non-expert user a way to collect and provide relevant and trustworthy audit evidence takes a large bite out of the resource overhead of conducting the audit, for both auditor and auditee.
It also means that a target organisation doesn’t have to manage the issue of allowing auditors to have access to networks, sites, data, accounts and systems to gather the audit evidence as this can be undertaken by existing administrators in the environment.
Making the right choice
Technology solutions in the audit process can clearly deliver benefits, however if they are too simplistic or aim to be too clever, they can simply move the problem of providing high levels of audit quality. A rapidly generated AI-based risk score is useful, but if it’s not possible to understand the calculation it is hard to either correct the control issues or trouble shoot the underlying process.
Where technology can assist the audit process, speed up data gathering and analysis, and streamline the generation of high- and low-level outputs it can be a boon.
Technology allows organisations to put trustworthy assurance into the hands of operations teams and managers, consultants and auditors alike to provide flexible, rapid and frequent views of control data and understanding of risk posture. If this can be done in a way that is cognisant of the risks and challenges as we have shown, then auditors and regulators such as the FRC can be satisfied.
The Future Growth of AI and ML
By Rachel Roumeliotis, VP of Data and AI at O’Reilly
We’ve all come to terms with the fact that artificial intelligence (AI) is transforming how businesses operate and how much it can help a business in the long term. Over the past few years, this understanding has driven a spike in companies experimenting and evaluating AI technologies and who are now using it specifically in production deployments.
Of course, when organisations adopt new technologies such as AI and machine learning (ML), they gradually start to consider how new areas could be affected by technology. This can range across multiple sectors, including production and logistics, manufacturing, IT and customer service. Once the use of AI and ML techniques becomes ingrained in how businesses function and in the different ways in which they can be used, organisations will be able to gain new knowledge which will help them to adapt to evolving needs.
By delving into O’Reilly’s learning platform, a variety of information about the different trends and topics tech and business leaders need to know can be discovered. This will allow them to better understand their jobs and will ensure that their businesses continue to thrive. Over the last few months, we have analysed the platform’s user usage and have discovered the most popular and most-searched topics in AI and ML. We’ll be exploring some of the most important finding below which gives us a wider picture of where the state of AI and ML is, and ultimately, where it is headed.
AI outpacing growth in ML
First and foremost, our analysis shone a light on how interest in AI is continuing to grow. When comparing 2018 to 2019, engagement in AI increased by 58% – far outpacing growth in the much larger machine learning topic, which increased only 5% in 2019. When aggregating all AI and ML topics, this accounts for nearly 5% of all usage activity on the platform. While this is just slightly less than high-level, well-established topics like data engineering (8% of usage activity) and data science (5% of usage activity), interest in these topics grew 50% faster than data science. Data engineering actually decreased about 8% over the same time due to declines in engagement with data management topics.
We also discovered early signs that organisations are experimenting with advanced tools and methods. Of our findings, engagement in unsupervised learning content is probably one of the most interesting. In unsupervised learning, an AI algorithm is trained to look for previously undetected patterns in a data set with no pre-existing labels or classification with minimum human supervision or guidance. In 2018, the usage for unsupervised learning topics grew by 53% and by 172% in 2019.
But what’s driving this growth? While the names of its methods (clustering and association) and its applications (neural networks) are familiar, unsupervised learning isn’t as well understood as its supervised learning counterpart, which serves as the default strategy for ML for most people and most use cases. This surge in unsupervised learning activity is likely driven by a lack of familiarity with the term itself, as well as with its uses, benefits, and requirements by more sophisticated users who are faced with use cases not easily addressed with supervised methods. It is also likely that that the visible success of unsupervised learning in neural networks and deep learning has helped our interest, as has the diversity of open source tools, libraries and tutorials, that support unsupervised learning.
A Deep Learning Resurrection
While deep learning cooled slightly in 2019, it still accounted for 22% of all AI and ML usage. We also suspect that its success has helped spur the resurrection of a number of other disused or neglected ideas. The biggest example of this is reinforcement learning. This topic experienced exponential growth, growing over 1,500% since 2017.
Even with engagement rates dropping by 10% in 2019, deep learning itself is one of the most popular ML methods among companies that are evaluating AI, with many companies choosing the technique to support production use cases. It might be that engagement with deep learning topics has plateaued because most people are already actively engaging with the technology, meaning growth could slow down.
Natural language processing is another topic that has showed consistent growth. While its growth rate isn’t huge – it grew by 15% in 2018 and 9% in 2019 – natural language processing accounts for about 12% of all AI and ML usage on our platform. This is around 6x the share of unsupervised learning and 5x the share of reinforcement learning usage, despite the significant growth these two topics have experienced over the last two years.
Not all AI/ML methods are treated equally, however. For example, interest in chatbots seems to be waning, with engagement decreasing by 17% in 2018 and by 34% in 2019. This is likely because chatbots were one of the first application of AI and is probably a reflection of the relative maturity of its application.
The growing engagement in unsupervised learning and reinforcement learning demonstrates that organisations are experimenting with advanced analytics tools and methods. These tools and techniques open up new use cases for businesses to experiment and benefit from, including decision support, interactive games, and real-time retail recommendation engines. We can only imagine that organisations will continue to use AI and ML to solve problems, increase productivity, accelerate processes, and deliver new products and services.
As organisations adopt analytic technologies, they’re discovering more about themselves and their worlds. Adoption of ML, in particular, prompts people at all levels of an organisation to start asking questions that challenge what an organisation thinks it knows about itself. With ML and AI, we’re training machines to surface new objects of knowledge that help us as we learn to ask new, different, and sometimes difficult questions about ourselves. By all indications, we seem to be having some success with this. Who knows what the future holds, but as technologies become smarter, there is no doubt that we will we become more dependent.
Setting up secure remote working for financial services
By Pete Watson, CEO, Atlas Cloud Financial advisors, insurers, banks and brokers; the entire financial services sector has been forced...
Ensuring ATMs aren’t the weakest link to banking cybersecurity
By Elida Policastro, Regional VP – Cybersecurity division at Auriga Digital banking brings huge benefits to customers, but the risks...
A sleeping digital giant wakes? 4 key trends accelerating payments transformation in the US
By Lauren Jones, International Payments Ambassador, Icon Solutions The US payments industry is undoubtedly ripe for change. Before the unprecedented...
Return to Work Doesn’t Mean Business as Usual When it Comes to Travel and Expense
By Rob Harrison, MD UK & Ireland, SAP Concur The last few months have been an exercise in adaptability for...
Why technology is key to the future of auditing
By Piers Wilson, Head of Product Management at Huntsman Security The Financial Reporting Council (FRC), which is responsible for corporate governance,...
Staff training crucial for SME recovery post-COVID
47% of UK’s top performing SMEs provide regular, formalised training for all staff Despite this, 15% of small businesses report to...
What Is Globalization
What is globalization? Globalization, or inter-connectedness, is the ever-growing process of integration and interaction among countries, individuals, businesses, and even...
What Is Microsoft Teams
Microsoft Teams is an application and web-based collaboration tool that combines chat, videos, online collaboration, document storage, and collaboration with...
What Is Capitalism
What is capitalism? Is it a great economic system or just another economic system that is not so great? Well,...
How To Start A Youtube Channel
How to Start a YouTube Channel For Your Business: Do you have a blog or website? If you do, it’s...