No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Featured

Organizations Are Unprepared for the Inherent Risks Associated with Spreadsheets

Forrester Study Confirms Spreadsheet Risk is Real

by Diane Robinette
October 3, 2019
in Featured, Risk
illustration of spreadsheets on laptop and tablet

Spreadsheets play a greater role in the risk and compliance process than one may think, according to a recent study conducted by Forrester Consulting. Diane Robinette, CEO at Incisive Software, details the findings from the report.

The Forrester Opportunity Snapshot study reveals, despite easy manipulation and a lack of controls, nearly 50 percent of companies still rely on spreadsheets alone to do their auditing and controls — a process necessary for risk assessment and compliance management.

Almost one-third of respondents noted that their organizations use more than 10,000 spreadsheets on a regular basis. Thirty-five percent of finance and accounting departments report regular use of spreadsheets to fuel their decision-making; and nearly one in five governance, risk and compliance professionals depend on spreadsheet accuracy to inform their critical business decisions. While the majority of respondents report an elevated level of concern with the inherent spreadsheet risk, fewer than 20 percent were actively working to change their risk exposure. For boards, management teams and compliance officers that rely on spreadsheet data for reporting and key business decisions — with the assumption that the data is accurate and compliant — these results are distressing.

A Powerful Yet Precarious Tool

Excel spreadsheets stand the test of time because they are flexible and convenient. It’s a comprehensive software tool that does not depend on IT to make changes to systems, nor require workarounds or compromises. Spreadsheets are frequently used for analyzing, modeling and providing evidentiary support for key business decisions. For complex calculations where data is continuously changing and those that require the use of cell functions, Excel is often the go-to tool to get the job done.

Despite being flexible and convenient, spreadsheet-enabled processes are manually driven and, therefore, prone to errors, both accidental and intentional. The more complicated the spreadsheet, the more difficult it is to manage.

Hidden within each spreadsheet is inherent risk — risk that formulas are not repopulating correctly, risk that co-workers are using different versions of a saved spreadsheet, and risk that information is hidden behind formatting. With Excel there is no easy way locate risk or validate spreadsheet data. Meanwhile, it’s an onerous task at best to attempt to document processes along the way and prove that controls are being met for review internally as well as by examiners. For highly regulated industries such as banking and insurance and public companies, this can quickly turn into a compliance nightmare when an organization is unable to validate their spreadsheets with a high level of accuracy/completeness or explain to regulators how they were built.

Mitigating Spreadsheet Risk

Sarbanes-Oxley (SOX), Basel II and a number of other laws have cast a spotlight on spreadsheets, placing them under the increasing scrutiny of regulators. Companies cannot continue to turn a blind eye to spreadsheet risk. Banning the use of Excel is not a realistic answer. Nor is relying on manual processes. Yet, as the Forrester study reveals, most don’t know where to begin when it comes to mitigating spreadsheet risk.

Gaining control over spreadsheets isn’t as difficult as it may seem. In fact, advances in technology make it significantly easier for companies. Putting policies in place and supporting these policies with automated spreadsheet risk management technology will put companies on a compliant path. To get started, consider the following:

Know Your Risks

Because it’s impossible to manage every spreadsheet with any level of scrutiny, identify those that present the most risk to the company. An obvious place to start is spreadsheets used for external reporting. These high-risk spreadsheets should be given a heavier focus and reviewed more frequently than those with lower risk profiles. To speed the process, employ technology that locates all feeder spreadsheets, regardless of where they reside on a network, and risk-ranks them. Next, a policy should be put in place, supported by technology, to ensure a consistent model risk review.

Visibility Is Key

The ability to monitor and track workflow information over a period of time provides valuable insight into whether policy compliance is being achieved. At the same time, it’s significantly easier to identify potential risk. Spreadsheet risk management technology addresses this need by providing visibility into who and how many people are working on spreadsheets, when something changes, who made those changes and what changed. By documenting this information within the system, companies easily demonstrate policy and procedure compliance and that they have the right checks and balances in place.

Automate Processes

Automation capabilities within spreadsheet risk management technology that test for accuracy in both formulas and calculated values are proving to be a game changer for significantly minimizing traditionally time-consuming, error-prone manual processes. Consider, for example, a single Excel worksheet which can have over one million rows and more than 16,000 columns; workbooks are exponentially larger. Relying on manual methods to test for accuracy in both formulas and calculations is not realistic. Some systems offer interactive capabilities that allow users to easily drill down into cells to see why formulas are not calculating correctly or working as expected. Identifying a lack of audit controls, accessing authority and other critical oversight mechanisms lets users know where changes need to be made to repair gaps. The result is consistent risk management oversight across all spreadsheets. Advanced troubleshooting solutions make the processes of monitoring and managing spreadsheets significantly easier as well.

Avoid Disruption

Excel is complex enough by itself. Spreadsheet risk management technology should not add to user frustration. This technology should fit seamlessly into existing work streams and allow employees to continue to work the way they have always worked inside Excel. Technology exists that operates behind the scenes to significantly and reliably reduce material errors and possible fraud — and save hours associated with detailed spreadsheet review. Look for a system that can quickly pull together standard and configurable reports for audit and compliance reporting requirements.

Spreadsheet risk management solutions fill a very real void by providing insight into potential risk and errors that may be hiding in spreadsheets. Taking a modern and automated approach to spreadsheet risk moves companies toward a risk-resilient posture. In doing so, risk teams have the power to anticipate and reduce exposure, no matter what is thrown their way. And boards, management teams and compliance officers can be confident that the spreadsheet data used for reporting and key business decisions is accurate and compliant.


Tags: AutomationRisk Assessment
Previous Post

Harvard Professor Jeff Karp to Present at Evolution Summit in November

Next Post

Making Anticipatory Compliance Your New Best Practice

Diane Robinette

Diane Robinette

June 15 - Diane Robinette headshotDiane Robinette is president and CEO of Incisive Software, a provider of innovative risk intelligence spreadsheet management solutions. She has more than 20 years of experience in strategic planning, marketing, product management, business operations and management. Diane has worked in companies from startups to large enterprises in various industries including high-tech, aerospace and defense, telecommunications, financial services and transportation.

Related Posts

ai policy

Planning Your AI Policy? Start Here.

by Bradford J. Kelley, Mike Skidgel and Alice Wang
May 7, 2025

Effective AI governance begins with clear policies that establish boundaries for workplace use. Bradford J. Kelley, Mike Skidgel and Alice...

business relationship concept hands

Relationship (Owner) Goals: Why Half Your TPRM Red Flags Stay Hidden

by Chris Audet
April 9, 2025

The front-line staff who manage vendor relationships are uniquely positioned to spot problems before they escalate, yet many organizations fail...

cute robot looking at financial volumes

AI’s Dual Role in FinServ Risk Management

by Nalini Priya Uppari
March 28, 2025

As technology evolves, so do the tools that help banks and investment firms maintain stability amid uncertainty

mineral mining operation

Why Critical Minerals Demand a Compliance Revolution

by Rebeca Vergara Gaona
February 11, 2025

Corporate compliance lessons could help strengthen intergovernmental mineral agreements before problems arise

Next Post
businessman on building rooftop shielding his eyes and looking at the horizon

Making Anticipatory Compliance Your New Best Practice

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights