Spreadsheet Risks in Banks

No other industry perhaps handles such large volumes of critical financial data more than the banking industry. For decades now, spreadsheets have become permanent fixtures in the front-line reporting tool sets of banks, providing organised information when and where needed.

But as banks enter into a period of heightened credit risks, elevated levels of fraud, and greater regulatory scrutiny, many are wondering if continued reliance on spreadsheets is a wise decision for banks today.

The downfall of Lehman Brothers which eventually led to its filing for Chapter 11 bankruptcy protection on September 15, 2008, served as a wake up call for many institutions across the globe to make a serious examination of their own risk management practices. But would these reforms include evaluating the security of user developed applications (UDAs), the most common of which are spreadsheets, and putting specific guidelines as to when they can – or cannot be – used?

Banks and Spreadsheet Use

Banks have been known to utilise spreadsheets systems for many critical functions because most personnel are well-acquainted with them, and the freedom of being able to develop customised reports without needing to consult with the IT department offers flexibility and convenience. In fact, more than having a way to do financial budgeting and analysing customer profitability, even loan officers and trade managers have become reliant on spreadsheets for risk management reporting and for making underwriting decisions.

But there are more than a few drawbacks to using spreadsheets for these tasks, and the sooner bank executives realise these, the sooner they can adopt better solutions.

General Limitations

Spreadsheets are far from being data base systems and yet more often than not, they are expected to act as such, with figures constantly added and formulas edited to produce the presumably right set of reports.

In addition, data integrity is always a cause for concern as most values in spreadsheets are entered as manual inputs. Even the mere misplacement of a comma or a negative sign, or an inadvertent ?edit? to a formula can also be a source of significant changes in the outcome.

Confidentiality risk is also another drawback of the use of spreadsheets in banks as these tools do not have adequate?access controls to limit access to only authorised individuals. Pertinent financial information that fall into the wrong hands can lead to a whole new set of problems including the possibility of fraud.

Risks in Trading

For trading transactions, spreadsheets can prove to be of immense use – but only for small market volumes. As trade volumes increase and the types vary, spreadsheets are no longer a viable solution and may likely become more of a hindrance, with calculations taking longer in the face of bigger transaction amounts and growing transaction data.

And in trading, there is always the need for rigorous computational functions. Computing for the Value at Risk (VaR) for large portfolios for instance, is simply way beyond the capabilities of spreadsheets. Banks that persist in using them are increasing the risk of loss on those portfolios. Or, they can be opening up?opportunities for fraud?as Allied Irish Bank (in the case of John Rusnak – $690 million) learned the hard way.

Risks in Underwriting

Bankers who use spreadsheets as their main source of information for underwriting procedures also face certain limitations. Loan transactions require that borrowers? financial data be centralised and easily accessible to risk officers and lending officers involved in making decisions. With spreadsheets, there is no simple and secure way of doing that. Information can be pulled from different sources – individual tax returns, corporate tax documents, partnership documents, audited financial statements – hence there is difficulty in verifying that these reports adhere to underwriting policies.

Spreadsheet control and monitoring

Financial institutions which are having difficulty weaning themselves from the convenience and simplicity that spreadsheets offer are looking for possible control solutions. Essentially, they want to find ways that allow them to continue using these UDAs and yet somehow eliminate the?spreadsheet risks?and limitations involved.

Still, the debate goes back and forth on whether adequate control measures can be implemented on spreadsheets so that that the risks are mitigated. Many services have come forward to herald innovative solutions for better spreadsheet management. But at the end of the day, there really is no guarantee that such solutions would suffice.

More Spreadsheet Blogs


Spreadsheet Risks in Banks


Top 10 Disadvantages of Spreadsheets


Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry


How Internal Auditors can win the War against Spreadsheet Fraud


Spreadsheet Reporting – No Room in your company in an age of Business Intelligence


Still looking for a Way to Consolidate Excel Spreadsheets?


Disadvantages of Spreadsheets


Spreadsheet woes – ill equipped for an Agile Business Environment


Spreadsheet Fraud


Spreadsheet Woes – Limited features for easy adoption of a control framework


Spreadsheet woes – Burden in SOX Compliance and other Regulations


Spreadsheet Risk Issues


Server Application Solutions – Don’t let Spreadsheets hold your Business back


Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Article 8 of the EU Energy Efficiency Directive ? Orientation

Following in-depth discussion of the UK?s ESOS response, we decided to backtrack to the source, especially since every EU member is facing similar challenges. The core purpose of the directive is to place a pair of obligations on member states. These are

  1. To promote the availability of energy audits among final customers in all sectors, and;
  2. To ensure that enterprises that are not SMEs carry out energy audits at least every four years.

Given the ability for business to look twice at every piece of legislation it considers unproductive, the Brussels legislators took care to define what constitutes an enterprise larger than an SME.

Definition of a Large Undertaking

A large undertaking meets one or both of the following conditions:

  1. It employs 250 or more people
  2. Its annual turnover is more than ?50 million and its balance sheet total exceeds ?43 million

Rules for Energy Audits

If accredited / qualified in-house specialists are unavailable then independent experts should supervise audits. The talent shortage seems common to many EU businesses. In hindsight, the Union could have ramped up slower, especially since the first compliance date of 5 December 2015 does not leave much swing room.

ecoVaro doubts there was a viable alternative, given the urgent imperative to beat back the scourge of carbon that is threatening the viability of our planet. The legislators must have been of a similar mind when laying down the guidelines. Witness for example the requirement that penalties be ?effective, proportionate and dissuasive?.

In order to be compliant, an energy audit must

  1. Be based on twelve months of verifiable data that is
    • over a continuous period beginning no more than 24 months before the beginning of the energy audit, and;
    • identifies energy saving opportunities including paths to their achievement
  2. Analyse the participant’s energy consumption and energy efficiency
  3. Have not been used as the basis for an energy audit in a previous compliance period

Measurement of current status and progress tracing are at the core of energy saving and good governance generally. EcoVaro has a powerhouse of software tools available on the cloud to help project teams save time and money.

How Armstrong World Industries is going Cradle-to-Cradle

The Cradle-to-Cradle concept holds that human effort must be biometric, in other words enrich the environment within which it functions as opposed to breaking it down. This means manufacturing must be holistic in the sense that everything is reusable and nothing is destroyed. Armstrong World Industries was the first global mineral ceiling tile manufacturer to achieve Cradle-to-Cradle certification. We decided to take a closer look at how they achieved this.

Armstrong Worldwide Industries has five plants in the UK alone. These produce an annual turnover of ?2.7 billion. They have been making ceilings for more than 150 years. Fifteen years ago and way ahead of the curve it started recycling, and has maintained a policy of not charging contractors for waste ever since. Along the way, it developed a product that can be re-used indefinitely.

The Challenge

Going green must also be commercially sustainable. In Armstrong?s case, it faced a rise in landfill tax from ?8 per tonne per year to ?80 per tonne per year. This turned the financial cost of waste from a nuisance to a threat. It calculated that recycling one tonne of ceiling materials would:

  • Eliminate 456kg of CO2 equivalents by saving 1,390 kWh of electricity
  • Preserve 11 tons of virgin material and save 1,892 gallons of potable water

They hoped to extend their own recycling project by asking demolition and strip-out contractors to join it, so they could reprocess their scrap as new batches of tiles too.

The Achievement

As things stand today, an Armstrong ceiling tile now contains an average of 82% recycled content. Indeed, if they could find more ceilings to recycle this could reach 100%. In the past two years alone, Armstrong Worldwide Industries UK has saved 130,399m? of greenfield from landfill, being the equivalent of 520 skips that would otherwise have cost contractors over ?88,000 to dispose of.

The Broader Context

Armstrong Worldwide Industries is a global leader in water management, and is bent on minimising its reliance on fossil for energy. It has implemented online measurement systems that feed data to its corporate environmental, health and safety system. This empowers it to produce reports, track corrective actions and measure progress towards its overall goal of being carbon neutral.

Next time you sit beneath an Armstrong Worldwide Industries panelled ceiling, spare a thought for how much ecoVaro consumption analytics could contribute to your bottom line (and how it would feel to be lighter on carbon too).

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Do you really need a Cloud Broker?

A cloud broker is someone who can serve as your trusted adviser when it comes to your dealings with a cloud service provider. Sort of an IT consultant who: is familiar with cloud computing, can negotiate a mutually beneficial relationship between you and a provider, and help you manage usage, performance and delivery of cloud services.?But do you need one?

Is it even time for cloud adoption?

Of course, if you haven’t even started considering moving your IT systems to the cloud, what’s the point of reading this article, right? Well, if you’re running a business in Ireland or the UK maybe you should start thinking about it. The benefits (of moving to the cloud) are simply overwhelming. But then that’s for another post.

For now, let’s just briefly talk about the rate of cloud adoption so far. This should give you an idea what other decision makers nearby think about cloud computing and what they’ve done in this regard so far.

According to research conducted by the Cloud Industry Forum (CIF), the number of first-time users of cloud computing in the United Kingdom has risen by about 27% compared to last year.

The study, which was carried out by research company Vanson Bourne and which involved IT decision-makers from both the private and public sector in UK, also showed that 61% of companies are subscribing to cloud-based services. A similar research conducted last year (2011) revealed only 48%.

In Ireland, plans are underway to adopt cloud computing. According to Pricewaterhouse Coopers, 75% of Ireland’s CIOs and IT directors are already adopting a cloud computing strategy.

Definitely, the number of cloud adopters is growing. If that number already includes your hottest competitor, then perhaps there’s no time to waste.

But while a migration to the cloud should be in your pipeline, it shouldn’t be something you should rush into. Generally speaking, there are at least three kinds of services offered by cloud service providers: IaaS (Infrastructure as a Service), PaaS (Platform as a Service), and SaaS (Software as a Service).

Some providers offer variations of these services. You might only need one type of service or a little of everything. There are also technical and regulatory compliance issues that need consideration.

Obviously, if you have no idea where or how to start, you’ll need someone who can help you. But what kind of help do you need?

Let’s proceed by talking about the kinds of services cloud brokers offer as these are obviously indicative of the needs of current cloud customers.

What cloud brokers do?

Cloud brokers offer three main types of services.

Cloud?inter-mediation

Cloud inter-mediation services are designed to add value to existing services and improve capabilities. ?Examples of cloud inter-mediation include managing access to cloud-based services, carrying out performance reporting, and establishing stronger security.

Cloud aggregation

As mentioned earlier, some cloud customers may end up subscribing to multiple cloud services; most likely from different cloud service providers. To get optimal return on their various cloud subscriptions, these customers will need to apply data integration and make these disparate systems work together. They will also have to make sure data flowing from one system to another is kept secure. This is where cloud aggregation comes into play.

Cloud arbitrage

This entails finding the best cloud service provider(s) to solve a particular problem. One example is comparing different providers offering data storage services and identifying the one offering the most competitive rates.

Other cloud arbitrage brokers develop new solutions by combining the services of different cloud service providers and then offer them to cloud customers. While there are similarities between cloud arbitrage and cloud aggregation, the former is more flexible and allows the customer to transfer from one provider to another where conditions are more favourable.

Problems a cloud broker can help you solve

Just like with natural clouds, your experiences in cloud computing won’t be all white and fluffy. You’ll also encounter gray and uncertain (or even stormy) clouds.

One major issue in cloud computing is cloud security. In fact, cloud security (or the apparent lack of it) is the one thing that’s really clouding up the sky of cloud computing. But that doesn’t mean the cloud is totally insecure. Besides, there are certain types of information that really don’t require a high level of security. These types you can easily migrate to the cloud.

For sensitive information, you really need to conduct due diligence to make sure your cloud service providers’ data centres are secure enough.

Where exactly will your data be stored? Are there enough provisions for regulatory compliance? How will your data be segregated? Does the infrastructure readily support ?data forensics? Is there a sound disaster recovery/business continuity plan? These are just some of the questions that need clear answers before you sign a contract with a cloud service provider.

Suggested reading: 9 Cloud Security Questions You Need To Ask Service Providers

Also, before you sign, you need to study the SLA (Service Level Agreement) very carefully. Look at the guaranteed uptime. Is it enough to meet your own desired service levels?

Bear in mind that the answers to these questions may be too technical. This is one of those instances when a cloud broker can come in handy. As your trusted adviser, your cloud broker can break down the technical jargon and present everything in a language that you can make intelligent decisions from.

A cloud broker will also be able to study the cloud provider’s security architecture and policies and determine whether they’re sufficient to meet your own security requirements. Basically, a cloud broker will not only help you obtain answers to your questions.

He will also know exactly what vital information to extract from providers in order to ensure that you find the best deal possible.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today