Henry Umney, Director of ClusterSeven and Teiss guest blogger explains why data chaos caused by spreadsheets is a serious business risk and how it can be managed.
There have been many instances where spreadsheet errors have led to misreporting to clients and regulators alike, resulting in operational, business, compliance and regulatory risk – not to mention embarrassment and reputational damage.
The Australian law group Slater & Gordon is one such example. A couple of years ago, the company discovered a consolidation error in its reporting of historical UK cash-flows to the Australian Securities and Investments Commission.
The organisation confessed that it had found overstatements in the tens of millions in both its cash receipts and cash payments which was caused by spreadsheet error. These overstatements were the result of double counting tax and incorrect client disbursements.
Slater & Gordon’s share price dropped by 25 percent amid accounting concerns following its admission of the errors.
Increasing scrutiny of spreadsheets
Such events are resulting in increasing scrutiny from clients and regulators of organisations’ governance, risk and compliance initiatives.
Today spreadsheet governance features in numerous regulatory frameworks, including:
Dodd-Frank Act Stress Testing
Prudential Practice Guide
In fact, auditors are also increasingly under fire from regulators for audit failures.
The Public Company Accounting Oversight Board (PCAOB) is a case in point. The Board now penalises auditors with penalties in the millions of dollars for violation of the Board’s quality standards to enforce Sarbanes-Oxley (SOX) compliance by companies.
The latest GRC 20/20 survey reveals that 78 percent of organisations state that their external auditors are applying tougher standards in the application of PCAOB pressure on spreadsheet and end user computing (EUC) controls.
Manual spreadsheet management
Manual spreadsheet management of spider-like web of business-critical files is no longer an option. In fact it is futile.
Spreadsheets today are ubiquitously used for financial reporting including final mile, for example; alongside complex financial modelling and data aggregation and manipulation. Nevertheless, due to a lack of internal usage policies and structure, the use of these applications is out of control.
As the spreadsheet landscape grows, the business begins to struggle with a spider-like web of potentially mission-critical spreadsheets with deep and complicated data linkages. It becomes impossible to track the lineages between the various files. This seriously compromises the accuracy and integrity of the data residing in the spreadsheets; and therefore, the outputs of these models.
To be fair, organisations recognise the need to understand their business-critical data across their information supply chain. Many are spending millions of dollars to gain visibility of the data flows across the business – but they are doing this exercise manually.
This approach carries with it a huge efficiency cost. It is also fraught with human error, and the threat and cost of regulatory fines looms large.
A major global bank lost billions of dollars in trading losses and regulatory fines as a consequence of trading inaccurately based on the outputs of a few rogue spreadsheets and EUC files. Investigations have proven that the bank’s risk management systems and internal controls were inadequate.
Why is understanding spreadsheet data such a big problem?
Most organisations deploy sophisticated enterprise systems, which are the preferred destination for the processing of business-critical financial information. However, finance teams are reliant on the IT department for updating processes and configuring the enterprise systems to accommodate their evolving business reporting needs.
This reliance on the IT department causes delays. Because of this, finance departments resort to spreadsheets to fill the functionality gap and use these EUC applications to plaster over the reporting processes.
As a result, a multitude of spreadsheets surround the various core systems such as accounting, risk management, trading and tax – almost halo like.
In this uncontrolled and unmanaged spreadsheet landscape, this lack of visibility and understanding of data flows across the data environment threatens the integrity of many business-critical financial processes.
A single error in a spreadsheet can create a domino effect, causing data anarchy and potentially invalidating the accuracy of financial models and reports. This puts the business at extreme operational risk.
Automation is essential if data processes are to be understood.
The latest research conducted by the FSN Modern Finance Forum amongst 49,000 members globally, has some worrying highlights:
40 percent of CFOs today are unable to agree that their data is always trustworthy
46 percent worry about an unexpected spreadsheet error being identified
55 percent of CFOs worry that controls are not operating as they should
There is a practicable solution. By adopting a best-practice, automation-led approach, businesses can gain complete visibility and an in-depth understanding of their data landscape. This encompasses spreadsheets and their unique data flows, the core enterprise systems and their corresponding data flows; as well as the complex interconnections across this combined landscape.
Furthermore, technology can help institute data controls and spreadsheet change management processes so that there is complete transparency and an audit trail. This will ensure that every single spreadsheet and EUC application is managed across its lifecycle – from creation through to inclusion in the core enterprise systems and its eventual decommissioning.
With the help of technology, organisations can tangibly reduce operational, financial and regulatory risks caused by spreadsheet error.
About the author
Henry Umney is Director at ClusterSeven and is responsible for the commercial operations of ClusterSeven, overseeing globally all Sales and Client activity as well as Partner engagements.
Henry brings over 20 years of experience in sales and account management in financial services. Prior to ClusterSeven, he held the position of sales director in Microgen, London and various sales management positions in AFA Systems and DART, both in the UK and Asia.
Spreadsheet image under licence from Thinkstockphotos.co.uk copyright Rawpixel Ltd.
The West Midlands Police has charged 21-year-old Alex Bessell with 11 cyber-crime offences, including DDoS attacks on the likes of Pokemon, Google an Skype. Liverpool-based Alex Bessell had allegedly infected …
Unidentified hackers who gained access to internal servers of Australian National University and stole personal data belonging to staff, visitors, and students dating back 19 years were possibly sponsored by …
China's new cyber security law could be invoked by government agencies to inspect or obtain proprietary technology or intellectual property from foreign companies. Foreign companies could be forced by the …