Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

Spreadsheets and the biggest data risks of all

By Ralph Baxter, CEO of ClusterSeven

RB-New-York-Wall-StreetOne of the unwritten truths of the modern financial world is the fundamental reliance on spreadsheets for managing business critical data and information. It is unsurprising to find financial institutions such as retail banks, pension funds and insurance firms running hundreds of thousands, millions even, of active spreadsheets – usually Excel – and why? Because they are flexible, easy to use and practical.

However, the ubiquitous nature of spreadsheets means errors creep into data systems all too easily: ‘fat finger’ syndrome, outdated assumptions, poor cut ‘n’ pasting, miscalculations, fraud, corrupted files, erroneous formulae – all these blunders and others mean that data held in spreadsheets can be far from correct.

These significant risks are, unsurprisingly, now being discussed at the very highest levels by key financial regulators such as the Federal Reserve in the US and the Basel Committee on Banking Supervision in Switzerland, among others.In January, for instance, the Basel Committee released the report Principles for Effective Risk Data Aggregation and Risk Reporting – the first time that spreadsheet management has ever been specifically mandated at such a high level.

ClusterSeven has understood this reliance on spreadsheets since the firm was set up back in 2003 specifically to help financial services institutions manage their vast estates of spreadsheets and similar databases. In February of this year, the firm conducted major research on C-level executives and senior managers working in financial services in the UK and found that, despite a profound use of spreadsheets, many people still have poor attitudes to business critical data managed in spreadsheets and similar databases.

Half (51%) of C-level executives said there are either no usage controls at all or poorly applied manual processes over the use of spreadsheets at the firms. Nine in ten (89%) admitted they rely on manual oversight to maintain data integrity, with only one in 10 (11%) saying there was an automated control policy that allows them to fully understand changes between different versions of spreadsheets and see a clear audit trail for data.

Spreadsheet risk rated ‘very serious’

The findings are surprising given that 55% of C-level executives rate spreadsheet risk – the risk of serious financial/reputational loss from poor management of corporate spreadsheets and databases – as either ‘very serious’ or ‘serious’. Moreover, around one in seven (15%) admitted their firm has suffered a ‘significant’ data breach due to poor management of data held in spreadsheets.

spreadsheet-risk

In an indication of the significant role spreadsheets play in the modern financial services industry, one in five (19%) C-level executives said that they use spreadsheets to manage values of over £1bn, with the average from all respondents at £350m. Over nine out of 10 (93%) use spreadsheets as much as, or more than any other applications for managing financial data with over half (53%) saying that they either only use spreadsheets or use them more than other applications for managing financial data.

The research by ClusterSeven confirms two things: firstly, that financial services firms, and the senior managers and executives that run them, rely heavily on spreadsheets for much of their business critical processes; and secondly, that spreadsheets remain highly susceptible to errors.

The study also comes in the wake of recent, high-profile losses announced by financial services firms attributed to poor spreadsheet management.These losses are tangible, real-life indications of the dangers and risks firms are exposed to, and it is not surprising that regulators and supervisors such as the Basel Committee are now focusing on spreadsheets as a fundamental carrier of corporate data.Indeed, the research reveals that over half (51%) of C-level executives think that regulators will become more focused on spreadsheets over the next 12 months.
Spreadsheet risk rated ‘very serious’
The good news is that many financial services firms are making steps to better manage their spreadsheets risks.
ClusterSeven, for instance,has developed a range of market-leading software products that provide oversight and transparency of a firm’s databases and spreadsheets, now has a third of the world’s top 30 banks as clients as well as a number of leadings insurers and asset managers, and the firm has noted a clear shift in sentiment. Internal audit and other key functions are beginning to better assess the effectiveness and efficiency of the internal control, risk management and governance systems and provide assurance on these systems.

Nevertheless, many people will be astonished just how reliant firms still are on spreadsheets and similar databases for their day-to-day processes given how many billions of dollars have been invested in standard financial applications, such as ERP and Business Intelligence.

Another key aspect of this debate is time. Senior managers, including C-level executives, are also spending significant amounts of time on spreadsheets and managing spreadsheet risks. Where this manual activity is part of routine processes much of this effort can be easily replaced by automated checks using spreadsheet management technology.

The automation of all the manual checks that employees would otherwise conduct not only saves the time of expensive employees, it can be done far more regularly/consistently. Some checks require no input from the business (e.g. alerting the appearance of cell errors). Other checks require more attention (e.g. that static data has not been changed and that dynamic data – such as foreign exchange values – have changed).

How firms find, control and deal with data errors forms a key part of the focus by regulators on managing business critical risks. While in the past many financial institutions and firms have simply waited until an major event happens before looking more closely at their systems, looking ahead a defence of misunderstanding, ignorance or denial will no longer be deemed acceptable.