Spreadsheet Risk Issues

It is interesting to note that the riskiness of operational spreadsheets are overlooked even by companies with high standards of risk management. Only when errors amount to actual losses do they realize that these risks have been staring them in the face all along.

Common spreadsheet risk issues

Susceptibility to trivial manual errors

Due to the fundamental structure of spreadsheets, a slight change in the formula or value in any of their inhabited cells may already affect their overall output. An

  • accidental copy-paste,
  • omission of a negative sign,
  • erroneous range selection,
  • incorrect data input or
  • unintentional deletion of a character,cell, range, column, or row

are just some of the simple errors spreadsheet users frequently encounter. Rarely are there any counter-checking controls in place in a spreadsheet-based activity and manual errors therefore easily go undetected.

Possibility of the user working on the wrong version

How do you store spreadsheet files?

Since the most common reports are usually generated on a monthly basis, users tend to store them using variations of these two configurations:

spreadsheet storage

If you notice, a user can accidentally work on the wrong version with any of these structures.

Prone to inconsistent company-wide reporting

This happens when a summary or ?final? spreadsheet is fed information by different departments coming from their own spreadsheets. Even if most of the data in their spreadsheets come from one source (the company-wide database), erroneous copy-pasting and linking, or even different interpretations of the same data can result to contradicting information in the end.

Often defenceless against unauthorised access

Some spreadsheets contain information needed by various individuals or department units in an organisation. Hence, they are often shared via email or through shared folders in a network. Now, because spreadsheets don’t normally use any access control, any user can easily open a spreadsheet file and view or modify the contents as he wishes.

Highly vulnerable to fraud

A complex spreadsheet system with zero or very minimal controls provides the perfect setting for would-be fraudsters. Hidden cells with malicious formulas and links to bogus information can go unnoticed for a long time especially if the final figures don’t deviate much from expected values.

Spreadsheet risk mitigation solutions may not suffice

Inherent complexity makes testing and logic inspection very time consuming

Deep testing can uncover possible errors hidden in spreadsheet cells and consequently mitigate risks. But spreadsheets used to support financial reporting are normally large, complex, highly-personalised and, without ample supporting documentation, understandably hard to follow.

No clear ownership of risk management responsibilities

There?s always a dilemma when an organisation starts assigning risk management responsibilities for spreadsheets. IT personnel believe users in the business side of the organisation should be responsible since they are the ones who create, edit, store, duplicate, and share the spreadsheet files. On the other hand, users believe IT should be responsible since they have always been in-charge of managing IT infrastructure, applications, and files.

To get rid of spreadsheet risks, you’ll have to get rid of spreadsheets altogether

One remedy is to have a risk management activity that involves both IT personnel and spreadsheet users. But wouldn’t you want to get rid of the complexity of having to distribute the responsibilities between the two parties instead of just one?

Learn more about Denizon’s server application solutions and how you can get rid of spreadsheet risk issues.

More Spreadsheet Blogs


Spreadsheet Risks in Banks


Top 10 Disadvantages of Spreadsheets


Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry


How Internal Auditors can win the War against Spreadsheet Fraud


Spreadsheet Reporting – No Room in your company in an age of Business Intelligence


Still looking for a Way to Consolidate Excel Spreadsheets?


Disadvantages of Spreadsheets


Spreadsheet woes – ill equipped for an Agile Business Environment


Spreadsheet Fraud


Spreadsheet Woes – Limited features for easy adoption of a control framework


Spreadsheet woes – Burden in SOX Compliance and other Regulations


Spreadsheet Risk Issues


Server Application Solutions – Don’t let Spreadsheets hold your Business back


Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Becoming Nimble the Agile Project Management Way

In dictionary terms, ?agile? means ?able to move quickly and easily?. In project management terms, the definition is ?project management characterized by division of tasks into short work phases called ?sprints?, with frequent reassessments and adaptation of plans?. This technique is popular in software development but is also useful when rolling out other projects.

Managing the Seven Agile Development Phases

  • Stage 1: Vision. Define the software product in terms of how it will support the company vision and strategy, and what value it will provide the user. Customer satisfaction is of paramount value including accommodating user requirement changes.
  • Stage 2: Product Roadmap. Appoint a product owner responsible for liaising with the customer, business stakeholders and the development team. Task the owner with writing a high-level product description, creating a loose time frame and estimating effort for each phase.
  • Stage 3: Release Plan. Agile always looks ahead towards the benefits that will flow. Once agreed, the Product Road-map becomes the target deadline for delivery. With Vision, Road Map and Release Plan in place the next stage is to divide the project into manageable chunks, which may be parallel or serial.
  • Stage 4: Sprint Plans. Manage each of these phases as individual ?sprints?, with emphasis on speed and meeting targets. Before the development team starts working, make sure it agrees a common goal, identifies requirements and lists the tasks it will perform.
  • Stage 5: Daily Meetings. Meet with the development team each morning for a 15-minute review. Discuss what happened yesterday, identify and celebrate progress, and find a way to resolve or work around roadblocks. The goal is to get to alpha phase quickly. Nice-to-haves can be part of subsequent upgrades.
  • Stage 6: Sprint Review. When the phase of the project is complete, facilitate a sprint review with the team to confirm this. Invite the customer, business stakeholders and development team to a presentation where you demonstrate the project/ project phase that is implemented.
  • Stage 7: Sprint Retrospective. Call the team together again (the next day if possible) for a project review to discuss lessons learned. Focus on achievements and how to do even better next time. Document and implement process changes.

The Seven Agile Development Phases ? Conclusions and Thoughts

The Agile method is an excellent way of motivating project teams, achieving goals and building result-based communities. It is however, not a static system. The product owner must conduct regular, separate reviews with the customer too.

Top 10 Disadvantages of Spreadsheets

Fraudulent manipulations in company Excel files have already resulted in Billion-Dollar losses. The main underlying reason behind this spreadsheet vulnerability is the inherent lack of controls, which makes it so easy to alter either formulas, values, or dependencies without being detected.


Disadvantages of Spreadsheets - Kindle

Disadvantages of Spreadsheets

Comprehensive information and data your organisation needs, to circumvent the threats posed by spreadsheets.


Buy Now

1. Vulnerable to Fraud

Of all the spreadsheet disadvantages listed here, this is perhaps the most damaging. Fraudulent manipulations in company Excel files have already resulted in Billion-Dollar losses. The main underlying reason behind this spreadsheet vulnerability is the inherent lack of controls, which makes it so easy to alter either formulas, values, or dependencies without being detected.

2. Susceptible to trivial human errors

While fraud will always be a threat to spreadsheet systems, there is a more significant threat that should make you seriously consider getting rid of these outdated systems. And that is its extreme susceptibility to even trivial human errors. Missed negative signs and misaligned rows may sound harmless.

But when they damage investor confidence or cause a considerable loss of opportunity amounting to millions of dollars (Are we serious? Google up ?spreadsheet horror stories? to find out), you should understand that it?s time to move on to better alternatives.

3. Difficult to troubleshoot or test

So how about testing spreadsheets to mitigate the risks of items 1 and 2? Good luck. Spreadsheets just aren?t built for that. It?s not uncommon to have interrelated spreadsheet data scattered across different folders, workstations, offices, or even geographical locations.

Worse, even if you are able pinpoint the locations of every related file, tracing the logic of formulas from one related cell to another can take ages. It?s pretty obvious now how you?ll also encounter a similar problem when troubleshooting questionable data.

4. Obstructive to regulatory compliance

Combine items 1, 2, and 3, and what do you get? A big headache impacting regulatory compliance. There are number of regulations that have a serious impact on the use of spreadsheets.

Some of the many regulations that impact spreadsheet systems include:

And to think it looks like regulatory bodies are just getting warmed up. Over the last two decades, we’ve seen a surge in regulations that directly affect spreadsheet-based systems. Now, you tell me that you haven?t wished there was a better way to beat regulatory compliance deadlines. Well, if you?re still using spreadsheets, then there certainly is a better way.

5. Unfit for agile business practices

We’re now in an age when major changes are shaping and reshaping the business landscape. Mergers and Acquisitions, Management Buyouts, earthquakes, tsunamis, hurricanes, uprisings, climate change, new technologies, and so on. If your business is not agile enough to adapt to such changes, it could easily be left behind or even face extinction.

Spreadsheets are normally created by individuals who have not the slightest know-how regarding software documentation. In the end, spreadsheet files become highly personalised user developed applications. So when it?s time for a new person to take over as part of a large scale business change, the newcomer may have to start from scratch.

Read further about Implementing Large-Scale Business Change

 

6. Not designed for collaborative work

Planning, forecasting, budgeting, and reporting are all collaborative activities. In other words, plans, forecasts, budgets, and reports typically require information from different individuals belonging to different departments. In addition, the final documents are a result of multiple exchanges of data, ideas, and files.

Now, if your company?s offices are scattered throughout the country or if certain team members are separated by large distances, the only way to exchange data stored in spreadsheets is through email.

Experience will tell you that such a method of exchange is susceptible to duplicate and even erroneous data. Team members will tend to find it hard to keep track of similar files going back and forth, and sometimes even end up sending the wrong version.

7. Hard to consolidate

When it comes to simple data entry and quick ad hoc data analysis tasks, spreadsheets are highly favoured by end users. This has made them one of the most ubiquitous office tools on the planet. But as a consequence, data in spreadsheet-based systems are distributed throughout the organisation.

So when it’s time to generate reports, you’ll really have to go through a slow consolidation process. In most cases, end users would have to collect data from different files, summarise them, and submit the same to their department heads through emails, portable storage media (e.g. CDs or USB flash-drives), or by copying to a commonly shared network folder.

Department heads would have to undergo a similar process before submitting them to their own superiors. This has to go on until all the information reaches their organisation’s top decision makers. Throughout the entire consolidation process, data is subjected to numerous error-prone activities such as copy-pasting, cell entry, and range specification.

8. Incapable of supporting quick decision making

In a spreadsheet-based environment, extracting data from different departments, consolidating them, and summarising the information so that it could aid the company’s top brass in making sound decisions can be very time consuming.

And because we know how susceptible spreadsheets are to errors, everyone involved in the information processing has to be ultra careful to keep the integrity of the data intact. Hence it would be prudent to enforce double-checking as much as possible.

This extra but necessary exercise can further delay the process. So, when the final information arrives at the hands of the top executive, he may not have much time to work with. (Read about Business Intelligence)

9. Unsuited for business continuity

As mentioned earlier, data in spreadsheet systems are never kept in a single place. In fact, it’s the exact opposite. The worse thing about it is that they’re always in the hands of non-IT personnel, who are understandably not familiar with storage and backup best practices.

Thus, if a major disaster strikes, full data recovery can be very difficult if not impossible. As a consequence, even if the company has financial reserves, the absence of data (e.g. accounts receivable records, customer records, and inventory) to work on can prevent the company from making a quick restart.

10. Scales poorly

As an organisation grows, data in spreadsheet-based systems get more distributed; subsequently compounding the issues outlined above. It is absolutely not advisable for a large organisation to keep using spreadsheets.

 

More Spreadsheet Blogs

Spreadsheet Risks in Banks

Top 10 Disadvantages of Spreadsheets

Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry

How Internal Auditors can win the War against Spreadsheet Fraud

Spreadsheet Reporting – No Room in your company in an age of Business Intelligence

Still looking for a Way to Consolidate Excel Spreadsheets?

Disadvantages of Spreadsheets

Spreadsheet woes – ill equipped for an Agile Business Environment

Spreadsheet Fraud

Spreadsheet Woes – Limited features for easy adoption of a control framework

Spreadsheet woes – Burden in SOX Compliance and other Regulations

Spreadsheet Risk Issues

Server Application Solutions – Don’t let Spreadsheets hold your Business back

Why Spreadsheets can send the pillars of Solvency II crashing down

 

Advert-Book-UK

amazon.co.uk

 

Advert-Book-USA

amazon.com

 

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Virtualisation

Using an IT solution that can provide the fastest (but still reliable) disaster recovery process is essential for the success of any business continuity plan. Although virtualisation is still considered leading edge technology by many business continuity specialists, it definitely brings a promise that, once fulfilled, can result in the cheapest, fastest, and most comprehensive solution for business continuity.

One great advantage of virtualisation over traditional BC (Business Continuity) methods is the relatively cheaper cost needed to achieve a certain level of business continuity assurance. Thus, more companies will find it easier to reach their required minimum for BC assurance. By contrast, some BCPs (Business Continuity Plan) based on a physical environment require companies to invest more than what they are willing to in order to reach the same minimum level of assurance.

Virtual machines, which can already encapsulate your operating systems and their corresponding applications, can be transported as a file from one machine running a compatible hypervisor to another. This makes the business continuity tasks of backup, replication, and restoration simpler and faster.

As of 2008, about 54% of IT professionals in Europe were willing to implement virtualisation within a maximum of two years. Furthermore, the expected compound annual growth rate of installed virtualised servers from 2008 to 2012 is already pegged at 33%.

If you want your organisation to take advantage of the benefits of this revolutionary technology, we’d be more than willing to help you discover what it can do for you. Then once you decide to make that transition to virtualisation, we can guide you every step of the way.

  • As not all applications are suited for virtualisation (e.g. some are too demanding on I/O and memory access), we’ll start by reviewing your entire IT system to see which portions can be implemented on a virtualized environment.
  • Using virtualisation and replication, we can conduct disaster recovery tests using up-to-date data without interrupting operations in your main IT site. Running these tests will increase your team’s preparedness and will allow you to discover possible weak points.
  • Provide a simple but comprehensive protection and backup system that encapsulates not only data, but also system configurations and application installations. This kind of setup allows for faster and easier disaster recovery operations. Because of these same characteristics, you can enjoy zero downtime while performing scheduled maintenance operations.
  • Since virtual machines are hardware-independent and transparent to operating systems, we can help you run a mix of legacy and new systems as well as open source and proprietary systems, allowing for more flexibility in your BCP budgeting.

We can also assist you with the following:

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today