Is the potential fallout from toxic spreadsheets worth the risk?

Share this with your network

Although businesses are constantly vigilant for possible cyber-attacks from the outside; the real enemy may be comfortably incubating behind the security of our own corporate firewalls—completely unnoticed until the moment it explodes and everything goes into meltdown. That is exactly what happened to UK services provider Mouchel back in 2011 when a spreadsheet error resulted in a pension fund being wrongly valued by £4.3m ($6.9 M). The subsequent profit warning resulted in the price of its stock dropping by a third and the company having to be rescued by its banks.

But multinationals operating in the financial services sector run the same risks too and in that sector the numbers are many time larger. A little-mentioned aspect of the notorious “London Whale” debacle at J.P. Morgan in 2012 was how errors made while copying and pasting data from one spreadsheet to another were partly to blame for a single $6 billion trading loss. Thankfully the bank is well diversified and still earned a record profit of $21.3 billion the same year.

Financial services regulators recognize the risk of using spreadsheets

The financial services industry is heavily regulated and both the Switzerland-based Basel Committee on Banking Supervision (BCBS) and the UK’s Financial Services Authority (FSA) have recently made it clear that banks and insurers should have effective controls in place to manage risks of errors and fraud involved in using desktop applications such as spreadsheets.

That both of these regulators have specifically mentioned spreadsheets as being a problem is laudable and should motivate companies in the financial services industry (and beyond) to take the issue of spreadsheet controls very seriously. However, it is difficult to see how such institutions can ever put in place enterprise-level controls for access to data and the many manual copy-and-paste data management routines when faced with thousands, if not millions, of disparate spreadsheets. Even if they each employed a legion of internal auditors, it is simply impossible to mitigate such risks while continuing to rely on a desktop solution that was primarily designed for personal use.

Only enterprise tools can provide the controls the regulators seek

The only realistic solution is to abandon spreadsheets and move to an enterprise tool that addresses the needs of the regulators without removing any of the flexibility users are naturally loathe to relinquish. This would provide:

Better control of enterprise data

Although passwords can be applied to spreadsheets and cells may be protected, spreadsheets were never intended to be shared among users where access rights and authorization are imperative. Enterprise solutions address this issue with flexible security levels, which allow anyone, from the corporate level to front-line users, to safely share data. Additionally, most have some kind of audit trail that makes it easy to tracks changes and some have a built-in revision control that makes it easy to restore previous versions.

Less chance of hidden errors

We all know the nervousness that comes with changing formulae in a standalone spreadsheet. But only corporate users really know the white-knuckle trepidation associated with tracking amendments through a string of interrelated spreadsheets that share cell values. Eventually, fixing the syntax errors and repairing the broken macros make it all work again. But because spreadsheets are so difficult to audit, who knows what errors remain hidden?

Enterprise tools minimize the risk of errors in a number of ways. In the most advanced enterprise solutions, business rules are written in natural syntax rather than some specialist scripting language and stored in a single worksheet where they are easy to locate and audit. Additionally, the complex and overlapping relationships between core dimensions, such as responsibility centers, locations, and products are often mapped so that when any member of a hierarchy is moved, all its connections and history automatically move with it without any of the restructuring that would be required with spreadsheets.

Improved data integrity

The size limitations and flatness of spreadsheets cannot cope with the complex dimensionality of business data. That means reporting by alternative hierarchies or by different time periods is laborious and time consuming – and notoriously error prone. So too is data management, because every time an update is required, data has to be manually uploaded from disparate systems, dumped into various spreadsheets, and cleansed before anything can be done with it. Using the latest enterprise modelling tools, you can now build models with any number of dimensions, automatically switching between different time periods, hierarchies, and versions quickly and easily. Similarly, today’s integration tools mean data can be automatically uploaded into a central repository so that everyone is working with the most up-to-date, consistent data set.

While it is these three issues that are of most concern to the regulators, there is a plethora of other benefits that moving away from spreadsheets to an enterprise solution brings, such as improved productivity, greater agility, and the capability to work with larger and more granular data sets. Download our new whitepaper “7 reasons to choose Anaplan to replace your planning spreadsheets” to learn how our solution addresses each of the shortcomings of spreadsheets and how our customers have benefited from moving away from them.

Leave a Reply