Organisations are risking significant financial loss and reputational damage by failing to take control of their spreadsheets. Now is the time to do it, says Rebecca Lambton-Heys, business development executive at EUCplus.
Spreadsheets play an integral part in the running of a business
Spreadsheets play a major part in the running of many businesses and are indispensable for a range of functions, including financial reporting, ad-hoc analysis and data tracking. In addition, spreadsheets such as Excel make up a large portion of a business’ shadow architecture – software programmes or systems that operate outside of the main IT department. They are flexible, easily updated and can do many things for many people. And therein lies the problem. Flexibility is a positive when it works well but can be a liability when it doesn’t.
There are many examples in recent history of situations where this flexibility has caused problems for large corporations. Take Canopy Growth for example. The listed Canadian company was forced to refile its results after a formula error in a spreadsheet caused the company to understate its financial loss by CA$103m.
Similarly, Conviviality, one of the UK’s largest drinks wholesalers, was forced into administration last year after issuing a profit warning that was blamed on a spreadsheet arithmetic error.
These more recent incidents only add to the heightened awareness of the risks associated with spreadsheet use prompted by the already widely-reported spreadsheet errors that cost JP Morgan a total of US$7bn in fines and financial losses and Societe Generale EU4.6bn.
Pressured environment means businesses need to get it right
In today’s highly competitive environment, businesses are under constant pressure from all angles. Reducing the chances of operational or financial risk by keeping track of their spreadsheets is one thing that should be relatively simple. However, one of the main concerns is the complete lack of awareness around the role spreadsheets play within organisations. According to a recent poll of risk professionals*, 23% said they didn’t know what percentage of spreadsheets used in their organisation are critical to the running of the business and 53% don’t have a robust policy governing the use of such applications.
The key, according to Lambton-Heys, is to develop and implement an effective spreadsheet compliance framework and attestation policy which not only helps ensure regulatory compliance, but also reduces or prevents fraud, accidental errors or mis-reporting and demonstrates best practice spreadsheet risk management. As well as outwardly acting as a kind of ‘hey look at us we’re doing things right’, it will also provide assurance to the board that the issue is being taken seriously.
Spreadsheets, which can also be referred to as end-user computing tools (EUCs), are referenced in a series of financial regulation, including Sarbanes Oxley, MiFID II and SMCR. Failing to approach the issue correctly may not only lead to substantial financial losses and fines but also serious reputational damage.
To address this issue, we have developed EUCplus, a customisable, cloud-based tool that reduces operational and financial risk by registering, scanning and securing all business-critical data (usually within spreadsheets) in one simple process. The key benefit of our process is that it provides an executable policy which not only ensures compliance now, but also future-proofs your business against further compliance-related issues.
Believe it or not, by focusing on what appears to be one single area of your business, you are in fact doing more than just reducing risk and ensuring compliance. You are future-proofing your business by providing a clear attestation framework that can be used as a benchmark for future developments and helping maintain a top-class reputation.
To find out more about what EUCplus can do to protect your business from operational and financial risk, see www.eucplus.co email [email protected] or call 0203 693 2605 for a demonstration.
*The poll was commissioned by EUCplus and conducted at the Cefpro new generation risk conference in London on 13th March. The respondents were all senior operational risk professionals at director level or above.