Spreadsheet Risks in Banks

No other industry perhaps handles such large volumes of critical financial data more than the banking industry. For decades now, spreadsheets have become permanent fixtures in the front-line reporting tool sets of banks, providing organised information when and where needed.

But as banks enter into a period of heightened credit risks, elevated levels of fraud, and greater regulatory scrutiny, many are wondering if continued reliance on spreadsheets is a wise decision for banks today.

The downfall of Lehman Brothers which eventually led to its filing for Chapter 11 bankruptcy protection on September 15, 2008, served as a wake up call for many institutions across the globe to make a serious examination of their own risk management practices. But would these reforms include evaluating the security of user developed applications (UDAs), the most common of which are spreadsheets, and putting specific guidelines as to when they can – or cannot be – used?

Banks and Spreadsheet Use

Banks have been known to utilise spreadsheets systems for many critical functions because most personnel are well-acquainted with them, and the freedom of being able to develop customised reports without needing to consult with the IT department offers flexibility and convenience. In fact, more than having a way to do financial budgeting and analysing customer profitability, even loan officers and trade managers have become reliant on spreadsheets for risk management reporting and for making underwriting decisions.

But there are more than a few drawbacks to using spreadsheets for these tasks, and the sooner bank executives realise these, the sooner they can adopt better solutions.

General Limitations

Spreadsheets are far from being data base systems and yet more often than not, they are expected to act as such, with figures constantly added and formulas edited to produce the presumably right set of reports.

In addition, data integrity is always a cause for concern as most values in spreadsheets are entered as manual inputs. Even the mere misplacement of a comma or a negative sign, or an inadvertent ?edit? to a formula can also be a source of significant changes in the outcome.

Confidentiality risk is also another drawback of the use of spreadsheets in banks as these tools do not have adequate?access controls to limit access to only authorised individuals. Pertinent financial information that fall into the wrong hands can lead to a whole new set of problems including the possibility of fraud.

Risks in Trading

For trading transactions, spreadsheets can prove to be of immense use – but only for small market volumes. As trade volumes increase and the types vary, spreadsheets are no longer a viable solution and may likely become more of a hindrance, with calculations taking longer in the face of bigger transaction amounts and growing transaction data.

And in trading, there is always the need for rigorous computational functions. Computing for the Value at Risk (VaR) for large portfolios for instance, is simply way beyond the capabilities of spreadsheets. Banks that persist in using them are increasing the risk of loss on those portfolios. Or, they can be opening up?opportunities for fraud?as Allied Irish Bank (in the case of John Rusnak – $690 million) learned the hard way.

Risks in Underwriting

Bankers who use spreadsheets as their main source of information for underwriting procedures also face certain limitations. Loan transactions require that borrowers? financial data be centralised and easily accessible to risk officers and lending officers involved in making decisions. With spreadsheets, there is no simple and secure way of doing that. Information can be pulled from different sources – individual tax returns, corporate tax documents, partnership documents, audited financial statements – hence there is difficulty in verifying that these reports adhere to underwriting policies.

Spreadsheet control and monitoring

Financial institutions which are having difficulty weaning themselves from the convenience and simplicity that spreadsheets offer are looking for possible control solutions. Essentially, they want to find ways that allow them to continue using these UDAs and yet somehow eliminate the?spreadsheet risks?and limitations involved.

Still, the debate goes back and forth on whether adequate control measures can be implemented on spreadsheets so that that the risks are mitigated. Many services have come forward to herald innovative solutions for better spreadsheet management. But at the end of the day, there really is no guarantee that such solutions would suffice.

More Spreadsheet Blogs


Spreadsheet Risks in Banks


Top 10 Disadvantages of Spreadsheets


Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry


How Internal Auditors can win the War against Spreadsheet Fraud


Spreadsheet Reporting – No Room in your company in an age of Business Intelligence


Still looking for a Way to Consolidate Excel Spreadsheets?


Disadvantages of Spreadsheets


Spreadsheet woes – ill equipped for an Agile Business Environment


Spreadsheet Fraud


Spreadsheet Woes – Limited features for easy adoption of a control framework


Spreadsheet woes – Burden in SOX Compliance and other Regulations


Spreadsheet Risk Issues


Server Application Solutions – Don’t let Spreadsheets hold your Business back


Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

A Definitive List of the Business Benefits of Cloud Computing

When you run a Google search for the “benefits of cloud computing”, you’ll come across a number of articles with a good list of those. However, most of them don’t go into the details, which nevertheless might still suit some readers. But if you’re looking for compelling business reasons to move your company’s IT to the cloud, a peripheral understanding of what this technology can do for you certainly won’t cut it.

Now, cloud computing is not just one of those “cool” technologies that come along every couple of years and which can only benefit a particular department.?What we’re talking about here really is a paradigm shift in computing that can transform not only entire IT infrastructures but also how we run our respective organisations.

I hate to think that some people are holding back on cloud adoption just because they haven’t fully grasped what they’re missing. That is why I decided to put together this list. I wanted to produce a list that would help top management gain a deeper understanding of the benefits of the cloud.

Cloud computing is one bandwagon you really can’t afford not to jump into. Here are ten good reasons why:

1.?Zero?CAPEX and low TCO for an enterprise-class IT infrastructure

2. Improves cash flow

3. Strengthens business continuity/disaster recovery capabilities

4. Lowers the cost of analytics

5. Drives business agility

6. Ushers in anytime, anywhere collaboration

7. Enhances information, product, and service delivery

8. Keeps entire organisation in-sync

9. ?Breathes life into innovation in IT

10. Cultivates optimal environments for development and testing

Zero CAPEX and low TCO for an enterprise-class IT infrastructure

Most cloud adopters with whom I’ve talked to cite this particular reason for gaining interest in the cloud.

Of course they had to dig deeper and consider all other factors before ultimately deciding to migrate. But the first time they heard cloud services could give them access to enterprise class IT infrastructures without requiring any upfront capital investment, they realised this was something worth exploring.

A good IT infrastructure can greatly improve both your cost-effectiveness and your capability to compete with larger companies. The more reliable, fast, highly-available, and powerful it is, the better.

But then building such an infrastructure would normally require a huge capital investment for networking equipment, servers, data storage, power supply, cooling, physical space, and others, which could run up to tens or even hundreds of thousands of euros. To acquire an asset this costly, you’d have to take in debt and be burdened by the ensuing amortisation.

If you’ve got volumes of cash stashed in your vault, cost might not be a problem. But then if you really have so much savings, wouldn’t it be more prudent to use it for other sales-generating projects? An extensive marketing endeavour perhaps?

A capital expenditure of this magnitude and nature, which normally has to be approved by shareholders, can be regarded as a high financial risk. What if business doesn’t do well and you wouldn’t need all that computing power? What if the benefits expected from the IT investment are not realised??You cannot easily convert your IT infrastructure into cash.

Remember we’re talking about a depreciating asset. So even assuming you can liquidate it, you still can’t hope to sell it at its buying price. These factors are going to play in the minds of your Board of Directors when they’re asked to decide on this CAPEX.

Incidentally, these issues don’t exist in a cloud-based solution.

A cloud solution typically follows a pay-as-you-go utility pricing model where you get billed monthly (sometimes quarterly) just like your electricity. ?In other words, it’s an expense you’ll need to pay for?at the end of a period over which the service’s value would have already been realised. Compare that with a traditional infrastructure wherein you’ll have to spend upfront but the corresponding value will still have to be delivered gradually in the succeeding months or years.

demand expense traditional infrastructure

From the point of view of your CFO, what could have been a CAPEX to acquire an asset that depreciates with time (and consequently reduces your company’s net worth), becomes a flexible operating expense (OPEX).?Truly, it is an operating expense that you can increase, decrease, or even totally discontinue, depending on what the prevailing business conditions demand.

demand expense cloud infrastructure

People who think they have done the math in comparing cloud-based and traditional IT infrastructures claim that, although they see how cloud solutions transform CAPEX into OPEX, they really don’t see any significant difference in overall costs.

However, these people have only gone as far as adding up the expected monthly expenses of a cloud solution over the estimated duration of an equivalent IT infrastructure’s effective lifespan and comparing the sum with that IT infrastructure’s price tag. You won’t get a clear comparison that way.

You need to consider all factors that contribute to the infrastructure’s Total Cost of Ownership (TCO). Once you factor in the costs of electricity, floor space, storage, and IT administrators, the economical advantages of choosing a cloud solution will be more evident. Add to that the costs of downtime such as: interruptions to business operations, technical support fees, and the need to maintain expensive IT staff who spend most of their time “firefighting”, and you’ll realise just how big the savings of cloud adopters can be.

Still not convinced? Well, we’re still getting started.?On our next post, we’ll take a closer look at the additional benefits of paying under an OPEX model instead of a CAPEX model.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Energy efficiency- succeed and benefit

Energy is neither created nor destroyed; it is only transformed. This being the law of conservation of energy, and given that the process of transforming energy is inefficient resulting in loss of usable energy in the process of transforming one form of energy into another form, Energy Efficiency finds a home.
Talking of Energy efficiency, think of how much useful energy can be obtained from a system or a particular technology. It is also about the use of technology that requires a lesser amount of energy to carry out the same task.

Energy efficiency is the responsibility of both demand side and supply side. Supply-side energy efficiency refers to a set of actions taken to ensure efficiency through the electricity supply chain. Supply side efficiency measures are about efficiency in electricity generation; be it operation and maintenance of existing equipment or upgrading existing equipment with state-of-the-art energy-efficient generating equipment.

The demand side energy efficiency on the other hand refers to the actions taken to use less/demand less energy. Think of less energy usage in relation to improvement of energy efficiency in buildings, solar water heaters, energy efficient lighting systems such as Compact Fluorescent Lamps, conducting energy audits to identify potential energy saving opportunities, efficient water heating systems and the list is endless.

Success of energy efficiency is a win ? win to YOU-ME-US – the energy consumers, to THEM the energy producers and suppliers and to our precious ENVIRONMENT.
Gain to energy suppliers: – Less energy usage and better energy usage patterns among consumers consequently reduces the customer load which reduces losses on the supply side. Less energy loss creates capacity on the system to serve more customers.

Gain to you-me-us: – Less energy usage and better energy usage patterns Benefits the customer through reduced Electricity bills / $ savings through lower bills.

Benefits to the environment: – Usage of less energy reduces use of fossil fuels, hence reduction in GHG emissions hence conserving our environment. Companies look at means to make rational use of their least efficient generating equipment. The objective is to improve the operation and maintenance of existing equipment or upgrade it with state-of-the-art energy-efficient technologies. Some companies have on-site electricity generation alternatives and thus tend to consider the supply side in addition to demand-side energy efficiency.

2015 ESOS Guidelines Chapter 3 to 5 ? The ESOS Assessment

ESOS operates in tandem with the ISO 50001 (Energy Management) system that encourages continual improvement in the efficient use of energy. Any UK enterprise qualifying for ESOS that has current ISO 50001 certification on the compliance date by an approved body (and that covers the entire UK corporate group) may present this as evidence of having completed its ESOS assessment. It does however still require board-level certification, following which it must notify the Environment Agency accordingly.

The Alternate ESOS Route

In the absence of an ISO 50001 energy management certificate addressing comprehensive energy use, a qualifying UK enterprise must:

  1. Measure Total Energy Consumption in either kWh or energy spend in pounds sterling, and across the entire operation including buildings, industrial processes and transport.
  2. Identify Areas of Significant Energy Consumption that account for at least 90% of the total. The balance falls into a de minimis group that is officially too trivial to merit consideration.
  1. Consider Available Routes to Compliance. These could include ISO 500001 part-certification, display energy certificates, green deal assessments, ESOS compliant energy audits, self-audits and independent assessments
  1. Do an Internal Review to make sure that you have covered every area of significant consumption. This is an important strategic step to avoid the possibility of failing to comply completely.
  1. Appoint an Approved Lead Assessor who may be internal or external to your enterprise, but must have ESOS approval. This person confirms you have met all ESOS requirements (unless you have no de minimis exceptions).
  1. Obtain Internal Certification by one of more board-level directors. They must certify they are satisfied with the veracity of the reports. They must also confirm that the enterprise is compliant with the scheme.
  1. Notify the Environment Agency of Compliance within the deadline using the online notification system as soon as the enterprise believes is fully compliant.
  1. Assemble your ESOS Evidential Pack and back it up in a safe place. Remember, it is your responsibility to provide proof of the above. Unearthing evidence a year later it not something to look forward to.

The ESOS assessment process is largely self-regulatory, although there are checks and balances in place including lead assessor and board-level certifications. As you work through what may seem to be a nuisance remember the primary objectives. These are saving money and reducing carbon emissions. Contact ecoVaro if we can assist in any way.

Ready to work with Denizon?

Contact Us Today