Recent studies by ClusterSeven, risk consultant Protiviti and accountancy institute the ICAEW have concludes that organisations are putting themselves at considerable financial and reputational risk by failing to properly control the way they use spreadsheets.
The Protiviti/ICAEW survey revealed that three quarters (75%) said that their company did not have a policy or processes in place relating to the design, development and/or control of spreadsheets.
Of those accountants surveyed, almost a quarter (23%) claim their organisation has experienced financial or reputational losses that can be directly attributed to the use of spreadsheets or poor controls governing the use of spreadsheets.
According to ClusterSeven, financial institutions will continue to report high profile instances of data mismanagement and fraud unless they take 100% control of the vulnerable financial data files that move and manipulate information between their business systems. These include files known as comma separated variable (CSVs) plus spreadsheets and databases.
"Spreadsheets and CSVs are the 'glue' that joins everything else together," says said Ralph Baxter, chief executive officer (CEO) of ClusterSeven.vIf this 'glue' is contaminated - such as bad data values - then this will be extremely difficult to spot further down the line."
According to Baxter, many firms get used to accepting exceptions in this data such as test values or balancing items. However, these loopholes can hide more malicious entries for long periods.
"Many firms do not realise how vulnerable their unstructured data processes are until it is too late as they lack formal processes and tools to make sure all these critical data files are accurate and truthful," says Baxter.
The study notes that the intense focus on data management by banks and insurers, particularly in light of Basel III, Solvency II and other regulatory moves, has shone the spotlight on the highly sophisticated spreadsheets.
MORE ARTICLES ON ACCOUNTING AND REGULATIONS