Spreadsheet Risks in Banks

No other industry perhaps handles such large volumes of critical financial data more than the banking industry. For decades now, spreadsheets have become permanent fixtures in the front-line reporting tool sets of banks, providing organised information when and where needed.

But as banks enter into a period of heightened credit risks, elevated levels of fraud, and greater regulatory scrutiny, many are wondering if continued reliance on spreadsheets is a wise decision for banks today.

The downfall of Lehman Brothers which eventually led to its filing for Chapter 11 bankruptcy protection on September 15, 2008, served as a wake up call for many institutions across the globe to make a serious examination of their own risk management practices. But would these reforms include evaluating the security of user developed applications (UDAs), the most common of which are spreadsheets, and putting specific guidelines as to when they can – or cannot be – used?

Banks and Spreadsheet Use

Banks have been known to utilise spreadsheets systems for many critical functions because most personnel are well-acquainted with them, and the freedom of being able to develop customised reports without needing to consult with the IT department offers flexibility and convenience. In fact, more than having a way to do financial budgeting and analysing customer profitability, even loan officers and trade managers have become reliant on spreadsheets for risk management reporting and for making underwriting decisions.

But there are more than a few drawbacks to using spreadsheets for these tasks, and the sooner bank executives realise these, the sooner they can adopt better solutions.

General Limitations

Spreadsheets are far from being data base systems and yet more often than not, they are expected to act as such, with figures constantly added and formulas edited to produce the presumably right set of reports.

In addition, data integrity is always a cause for concern as most values in spreadsheets are entered as manual inputs. Even the mere misplacement of a comma or a negative sign, or an inadvertent ?edit? to a formula can also be a source of significant changes in the outcome.

Confidentiality risk is also another drawback of the use of spreadsheets in banks as these tools do not have adequate?access controls to limit access to only authorised individuals. Pertinent financial information that fall into the wrong hands can lead to a whole new set of problems including the possibility of fraud.

Risks in Trading

For trading transactions, spreadsheets can prove to be of immense use – but only for small market volumes. As trade volumes increase and the types vary, spreadsheets are no longer a viable solution and may likely become more of a hindrance, with calculations taking longer in the face of bigger transaction amounts and growing transaction data.

And in trading, there is always the need for rigorous computational functions. Computing for the Value at Risk (VaR) for large portfolios for instance, is simply way beyond the capabilities of spreadsheets. Banks that persist in using them are increasing the risk of loss on those portfolios. Or, they can be opening up?opportunities for fraud?as Allied Irish Bank (in the case of John Rusnak – $690 million) learned the hard way.

Risks in Underwriting

Bankers who use spreadsheets as their main source of information for underwriting procedures also face certain limitations. Loan transactions require that borrowers? financial data be centralised and easily accessible to risk officers and lending officers involved in making decisions. With spreadsheets, there is no simple and secure way of doing that. Information can be pulled from different sources – individual tax returns, corporate tax documents, partnership documents, audited financial statements – hence there is difficulty in verifying that these reports adhere to underwriting policies.

Spreadsheet control and monitoring

Financial institutions which are having difficulty weaning themselves from the convenience and simplicity that spreadsheets offer are looking for possible control solutions. Essentially, they want to find ways that allow them to continue using these UDAs and yet somehow eliminate the?spreadsheet risks?and limitations involved.

Still, the debate goes back and forth on whether adequate control measures can be implemented on spreadsheets so that that the risks are mitigated. Many services have come forward to herald innovative solutions for better spreadsheet management. But at the end of the day, there really is no guarantee that such solutions would suffice.

More Spreadsheet Blogs


Spreadsheet Risks in Banks


Top 10 Disadvantages of Spreadsheets


Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry


How Internal Auditors can win the War against Spreadsheet Fraud


Spreadsheet Reporting – No Room in your company in an age of Business Intelligence


Still looking for a Way to Consolidate Excel Spreadsheets?


Disadvantages of Spreadsheets


Spreadsheet woes – ill equipped for an Agile Business Environment


Spreadsheet Fraud


Spreadsheet Woes – Limited features for easy adoption of a control framework


Spreadsheet woes – Burden in SOX Compliance and other Regulations


Spreadsheet Risk Issues


Server Application Solutions – Don’t let Spreadsheets hold your Business back


Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

8 Reasons why you Need to Undertake Technical and Application Assessments

Are your information assets enabling you to operate more cost-effectively or are they just drawing in more risks than you are actually aware of? Obviously, you now need to get a better picture of those assets to see if your IT investments are giving you the benefits you were expecting and to help you identify areas where improvements should be made.

The best way to get the answers to those questions is through technical and application assessments. In this post, we?ll identify 8 good reasons why it is now imperative to undertake such assessments.

1. Address known issues – Perhaps the most common reason that drives companies to undertake a technology/application assessment is to identify the causes of existing issues such as those related to data accessibility, hardware and software scalability, and performance.

2. Cut down liabilities and risks – Unless you know what and where the risks are, there is no way you can implement an appropriate risk mitigation strategy. A technology and application assessment will enable you to thoroughly test and examine your information systems to see where your business-critical areas and points of failure are and subsequently allow you to act on them.

3. Discover emerging risks – Some risks may not yet be as threatening as others. But it would certainly be reassuring to be aware if any exist. That way, you can either nip them in the bud or keep them monitored.

4. Comply with regulations – Regulations like SOX require you to establish adequate internal controls to achieve compliance. Other regulations call for the protection of personally identifiable information. Assessments will help you pinpoint processes that lack controls, identify data that need protection, and areas that don’t meet regulatory requirements. This will enable you to act accordingly and keep your company away from tedious, time-consuming and costly sanctions.

5. Enhance performance – Poor performance is not always caused by an ageing hardware or an overloaded infrastructure. Sometimes, the culprits are: unsuitable configuration settings, inappropriate security policies, or misplaced business logic. A well-executed assessment can provide enough information that would lead to a more cost-effective action plan and help you avoid an expensive but useless purchase.

6. Improve interoperability – Disparate technologies working completely separate from each other may be preventing you from realising the maximum potential of your entire IT ecosystem. If you can examine your IT systems, you may be able to discover ways to make them interoperate and in turn harness untapped capabilities of already existing assets.

7. Ensure alignment of IT with business goals – An important factor in achieving IT governance is the proper alignment of IT with business goals. IT processes need to be assessed regularly to ensure that this alignment continues to exist. If it does not, then necessary adjustments can be made.

8. Provide assurance to customers and investors – Escalating cases of data breaches and identity theft are making customers and investors more conscious with a company?s capability of preserving the confidentiality of sensitive information. By conducting regular assessments, you can show your customers and investors concrete steps for keeping sensitive information confidential.

What ISO 14001 Status did for Cummins Inc.

Cummins manufactures engines and power generation products, and has been a household name almost since inception in 1919. It sells its products in over 300 countries, through approximately 6,000 dealerships employing 40,000 people. Because its product line runs off fossil fuel it is under steady pressure to display a cleaner carbon footprint.

Cummins decided to go for the big one by qualifying for ISO 14001 certification. This is a subset of a family of standards relating to managing environmental impact while complying with all applicable legislation. In this sense, it is similar to the ISO 9000 quality management system, because it focuses on how products are produced (as opposed to how those products perform). Compliance with ISO 14001 was a doubly important goal, because it is part of the European Union?s Eco Management and Audit Scheme and fast becoming mandatory on suppliers to governments.

The qualification process follows the well-established principle of plan, do, check, act. It begins with gap analysis to detect materials and processes that affect the environment. This is followed by implementation of necessary changes affecting operations, documentation, emergency strategies and employee education. The third step involves measuring and monitoring performance. Finally, the project moves into a phase of ongoing maintenance, and continuous improvement as circumstances change.

In Cummins case, the project was almost worldwide and called for environmental, health and safety reporting throughout the organisation. The information was shared via a globally accessible document repository, and then processed centrally at the head office in Columbia, Indiana USA.

Measuring environmental performance almost inevitably has other benefits that make it doubly worthwhile. Speaking at the 2014 National Safety Council Congress after receiving the top award for excellence, Cummins chairman and ceo Tom Linebarger commented on a journey that was ?nothing short of amazing? yet wasn’t even a ?pathway to the finish line?.

?All of us feel like we have way more to do to make sure that our environment is as safe as it could be,? he added, ?so that our sustainability footprint is as good as it can be and that we continue to set more aggressive goals every year. That’s just how we think about it.? Linebarger concluded.

If you are taking your company on a journey to new heights of environmental excellence, then you should consider choosing ecoVaro as your travelling companion. We are environmental management specialists and have proprietary software geared to process your data. We also have a wealth of experience, and a treasure chest of roadmaps to help you achieve your goal.

Keys to Successful Matrix Management

Matrix management, in itself, is a breakthrough concept. In fact, there are a lot of organizations today that became successful when they implemented this management technique. However, there are also organizations that started it but failed. And eventually abandoned it in the end.

Looking at these scenarios, we can say that when you implement matrix management in your organisation, two things can happen – you either succeed or fail. And there?s nothing in between. The truth is, the effectiveness of matrix management lies in your hands and in your implementation. To ensure that you achieve your desired results, recognise these essential keys to successful matrix management.

Establish Performance Goals and Metrics

This should be done as soon as the team is formed, at the beginning of the year or during the process of setting organisational objectives. Whenever it is, the most important thing is that each team player understands the objectives and metrics to which their performances will be evaluated. This ensures that everyone is looking at the same set of objectives as they carry out their individual tasks.

Define Roles and Responsibilities

One pitfall of matrix management is its internal complexity. Awareness of this limitation teaches you to clearly define the roles and responsibilities of the team players up front. Basically, there are three principal sets of roles that should be explained vividly ? the matrix leader, matrix managers and the matrixed employees. It is important to discuss all the possible details on these roles, as well as their specific responsibilities, to keep track of each other?s participation in the projects of the organisation.

One effective tool to facilitate this discussion is through the RACI chart – Who is Responsible? Who is Accountable? Who should be Consulted? Who will Implement? With this, clarification of roles and responsibilities would be more efficient.

When roles are already clearly defined, each participant should review their job descriptions and key performance metrics. This is to make sure that the roles and responsibilities expected of you integrates consistently with your job in the organisation, as a whole.

Manage Deadlines

In matrix management, the employees report to several managers. They will likely have multiple deadlines to attend to and accomplish. There might even be conflicts from one deadline to another. Hence, each should learn how to schedule and prioritise their tasks. Time management and action programs should be incorporated to keep the grace under pressure.

Deliver Clear Communication

Another pitfall of matrix management is heightened conflict. To avoid unrealistic expectations, the matrix leaders and managers should communicate decisions and information clearly to their subordinates, vice versa. It would help if everyone will find time to meet regularly or send timely reports on progress.

Empower Diversity

Knowledge, working styles, opinions, skills and talents are diverse in a matrix organisation. Knowing this fact, each should understand, appreciate and empower the learning opportunities that this diversity presents. Trust is important. Respect to each other?s opinions is vital. And acknowledgement of differing viewpoints is crucial.

The impetus of matrix management is the same ? mobilise the organisation’s resources and skills to cope with the fast-paced changes in the environment. So, maximise the benefits of matrix management as you consider these essential keys to its successful implementation.

Ready to work with Denizon?

Contact Us Today