Wednesday, January 27, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

Organizations Are Unprepared for the Inherent Risks Associated with Spreadsheets

Forrester Study Confirms Spreadsheet Risk is Real

by Diane Robinette
October 3, 2019
in Featured, Risk
illustration of spreadsheets on laptop and tablet

Spreadsheets play a greater role in the risk and compliance process than one may think, according to a recent study conducted by Forrester Consulting. Diane Robinette, CEO at Incisive Software, details the findings from the report.

The Forrester Opportunity Snapshot study reveals, despite easy manipulation and a lack of controls, nearly 50 percent of companies still rely on spreadsheets alone to do their auditing and controls — a process necessary for risk assessment and compliance management.

Almost one-third of respondents noted that their organizations use more than 10,000 spreadsheets on a regular basis. Thirty-five percent of finance and accounting departments report regular use of spreadsheets to fuel their decision-making; and nearly one in five governance, risk and compliance professionals depend on spreadsheet accuracy to inform their critical business decisions. While the majority of respondents report an elevated level of concern with the inherent spreadsheet risk, fewer than 20 percent were actively working to change their risk exposure. For boards, management teams and compliance officers that rely on spreadsheet data for reporting and key business decisions — with the assumption that the data is accurate and compliant — these results are distressing.

A Powerful Yet Precarious Tool

Excel spreadsheets stand the test of time because they are flexible and convenient. It’s a comprehensive software tool that does not depend on IT to make changes to systems, nor require workarounds or compromises. Spreadsheets are frequently used for analyzing, modeling and providing evidentiary support for key business decisions. For complex calculations where data is continuously changing and those that require the use of cell functions, Excel is often the go-to tool to get the job done.

Despite being flexible and convenient, spreadsheet-enabled processes are manually driven and, therefore, prone to errors, both accidental and intentional. The more complicated the spreadsheet, the more difficult it is to manage.

Hidden within each spreadsheet is inherent risk — risk that formulas are not repopulating correctly, risk that co-workers are using different versions of a saved spreadsheet, and risk that information is hidden behind formatting. With Excel there is no easy way locate risk or validate spreadsheet data. Meanwhile, it’s an onerous task at best to attempt to document processes along the way and prove that controls are being met for review internally as well as by examiners. For highly regulated industries such as banking and insurance and public companies, this can quickly turn into a compliance nightmare when an organization is unable to validate their spreadsheets with a high level of accuracy/completeness or explain to regulators how they were built.

Mitigating Spreadsheet Risk

Sarbanes-Oxley (SOX), Basel II and a number of other laws have cast a spotlight on spreadsheets, placing them under the increasing scrutiny of regulators. Companies cannot continue to turn a blind eye to spreadsheet risk. Banning the use of Excel is not a realistic answer. Nor is relying on manual processes. Yet, as the Forrester study reveals, most don’t know where to begin when it comes to mitigating spreadsheet risk.

Gaining control over spreadsheets isn’t as difficult as it may seem. In fact, advances in technology make it significantly easier for companies. Putting policies in place and supporting these policies with automated spreadsheet risk management technology will put companies on a compliant path. To get started, consider the following:

Know Your Risks

Because it’s impossible to manage every spreadsheet with any level of scrutiny, identify those that present the most risk to the company. An obvious place to start is spreadsheets used for external reporting. These high-risk spreadsheets should be given a heavier focus and reviewed more frequently than those with lower risk profiles. To speed the process, employ technology that locates all feeder spreadsheets, regardless of where they reside on a network, and risk-ranks them. Next, a policy should be put in place, supported by technology, to ensure a consistent model risk review.

Visibility Is Key

The ability to monitor and track workflow information over a period of time provides valuable insight into whether policy compliance is being achieved. At the same time, it’s significantly easier to identify potential risk. Spreadsheet risk management technology addresses this need by providing visibility into who and how many people are working on spreadsheets, when something changes, who made those changes and what changed. By documenting this information within the system, companies easily demonstrate policy and procedure compliance and that they have the right checks and balances in place.

Automate Processes

Automation capabilities within spreadsheet risk management technology that test for accuracy in both formulas and calculated values are proving to be a game changer for significantly minimizing traditionally time-consuming, error-prone manual processes. Consider, for example, a single Excel worksheet which can have over one million rows and more than 16,000 columns; workbooks are exponentially larger. Relying on manual methods to test for accuracy in both formulas and calculations is not realistic. Some systems offer interactive capabilities that allow users to easily drill down into cells to see why formulas are not calculating correctly or working as expected. Identifying a lack of audit controls, accessing authority and other critical oversight mechanisms lets users know where changes need to be made to repair gaps. The result is consistent risk management oversight across all spreadsheets. Advanced troubleshooting solutions make the processes of monitoring and managing spreadsheets significantly easier as well.

Avoid Disruption

Excel is complex enough by itself. Spreadsheet risk management technology should not add to user frustration. This technology should fit seamlessly into existing work streams and allow employees to continue to work the way they have always worked inside Excel. Technology exists that operates behind the scenes to significantly and reliably reduce material errors and possible fraud — and save hours associated with detailed spreadsheet review. Look for a system that can quickly pull together standard and configurable reports for audit and compliance reporting requirements.

Spreadsheet risk management solutions fill a very real void by providing insight into potential risk and errors that may be hiding in spreadsheets. Taking a modern and automated approach to spreadsheet risk moves companies toward a risk-resilient posture. In doing so, risk teams have the power to anticipate and reduce exposure, no matter what is thrown their way. And boards, management teams and compliance officers can be confident that the spreadsheet data used for reporting and key business decisions is accurate and compliant.


Tags: automationrisk assessment
Previous Post

Harvard Professor Jeff Karp to Present at Evolution Summit in November

Next Post

Making Anticipatory Compliance Your New Best Practice

Diane Robinette

June 15 - Diane Robinette headshotDiane Robinette is president and CEO of Incisive Software, a provider of innovative risk intelligence spreadsheet management solutions. She has more than 20 years of experience in strategic planning, marketing, product management, business operations and management. Diane has worked in companies from startups to large enterprises in various industries including high-tech, aerospace and defense, telecommunications, financial services and transportation.

Related Posts

invisible man in black on neutral background

The Curious Absence of Corporate Monitors

January 27, 2021
businessmen in miniature studying volatile stock market

The Risk of Undervaluing Culture in a Volatile Market

January 27, 2021
digital cybersecurity and network protection

Vetting Vendors’ Cybersecurity

January 26, 2021
RiskMap 2021: Legal and Compliance Outlook

RiskMap 2021: Legal and Compliance Outlook

January 25, 2021
Next Post
businessman on building rooftop shielding his eyes and looking at the horizon

Making Anticipatory Compliance Your New Best Practice

Access realtime data
Dynamic Risk Assessments with Workiva

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security internal audit KYC/know your customer machine learning monitoring regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights