Download the authoritative guide: Cloud Computing 2019: Using the Cloud for Competitive Advantage
As a result, public companies have been forced to review and implement controls to help ensure that risks to the financial reporting process are properly managed. Of course, fraud and malicious activities get a lot of trade press and management attention, but the far greater risk to the integrity of financial reporting is human error.
In todays high-speed complex enterprises, errors in the programming of an application, interface or spreadsheet, can lead to mistakes in the financial reports that are disclosed to the public. The dollar amount of the mistake can range from immaterial up to very material with significant repercussions.
Lapses in Logic, Errors in Execution
Errors in logic arise from flawed perceptions, or understandings, that lead to erroneous assumptions and modeling. If an analyst understands that the scrap rate is 25 percent and then creates his/her business model around that, then a developer will create the application with the erroneous logic embedded in it. Later, when someone finds out that the rate is really 53 percent, corrective action will be required and the impacts to the financials reviewed in order to understand the impacts.
Errors in execution arise during the implementation of something in our case above, during the implementation of an application. In the above model, lets assume that the analyst correctly identifies the scrap rate to be 53 percent and correctly documents the required logic. When it reaches the developer though, the developer inadvertently transposes the digits and enters 35 percent due to fatigue. In this case, he executed the instructions incorrectly and has an error in execution.
There are many possible scenarios by which human error can enter into the financial reporting process. Organizations need to design their processes with the recognition that not only must they make reasonable efforts to prevent and detect fraud but they must also address the prevention and detection of human error.
Instead, organizations need to recognize that all processes have some degree of inherent variation and put controls in place to reasonably prevent errors and detect when they occur. In the world of IT, we have many controls to select from that can help, such as:
Fraud and malicious activities gather a lot of attention in the popular media, trade press and board meetings. Statistically speaking, the greater threat is from human error and controls and processes that are put in place to safeguard financial reporting must take that into account.