Spreadsheet Risks
The Use Of Spreadsheets Is Pervasive
“Spreadsheet models are developed to fill the gap between the information needs of an organisation and the information it actually obtains from existing systems. It is not surprising therefore that spreadsheet models are widely used throughout organisations and in particular their finance departments. As a result, the use of the spreadsheets is an integral part of the information and decision-making framework” PWC
But the risk exposure associated with spreadsheets is enormous, and…
Spreadsheets are becoming a serious concern during internal audits, as they lie outside the scope of most managed IT systems, can be easily changed, lack internal control activities, and are vulnerable to human error.
Spreadsheets Carry Operational Risk
- Over 90%# of operational spreadsheets contain errors.
- 5%# of these spreadsheets contain significant errors.
- On average, over 1.5%# of cells contain errors.
- Significant errors can go undetected because formal testing is rare and because even serious errors may not be apparent.
- The actual error rate in spreadsheets depends primarily on the level of expertise of the individuals developing them together with the complexity of the spreadsheets.
- Few users have been trained to follow best practices, to avoid common pitfalls and to build robust models.
- Few organisations have suitable controls over spreadsheet backups, versioning, inventory or user access
Undetected Errors Can Lead To…
- Unprofitable Investment Decisions
- Inaccurate, Impossible-to-Meet Forecasts
- Regulatory Violations leading to Punitive Audits and Fines
- Undetected Cost Abnormalities/Inefficiencies
- Embarrassing Financial Re-statements
- Loss of Investor Confidence
- Higher Scrutiny by Investors, Auditors & Regulatory Bodies
- In Some Cases – Business Failure
…With Serious Consequences
Common Spreadsheet Risks
There are three general categories of spreadsheet integrity risk:-
Structural Design
- Most spreadsheets are built by individuals looking for a quick solution to a problem. Over time they are expanded into complex beasts but lack structural integrity, focus, clear logic and documentation.
Calculation Formulas
- Fixed-Value Formulas (Hard Coding)
- Lack Of Columnar Or Row Consistency Leading to Reference Errors
- No Protection Leading to Copy and Paste Errors
- No Intrinsic Error Checks
Data Inputs
- Data Validation Checks
- Data Entry Controls
- Explanatory Features
Type Of Errors
There are two key types of errors:
- Latent Errors – bad practices that carry significant risks of realised errors
- Realised Errors – actual errors resulting in wrong results
The table below shows the most common errors and their frequencies
Type of Error | Wrong Results | Poor Practices |
---|---|---|
Hard-Coding | 8.1% | 76.7% |
Reference | 36.4% | 8.7% |
Logic | 45.6% | 12.6% |
Copy/Paste | 8.6% | 0.1% |
Omission | 1.1% | 1.6% |
Data Input | 0.1% | 0.3% |
Fortunately, spreadsheets are very controllable by putting in place specific procedures that can all but eliminate spreadsheet risk.