Spreadsheet gurus have carved out a significant role in managing financial and operational data in many companies. The problem with this approach is that it’s a) manually intensive and b) highly reliant on the individuals that manage and operate these spreadsheets. Further, the processes for linking, updating and archiving data in spreadsheets is mostly ad hoc, leading to significant risks associated with this data.
Freddie Mac, for instance, in their 2005 annual report noted that their reliance on “end user computing systems” (read: Excel) posed a significant risk to their ability to report accurately on their financial data. More recently, other financial institutions have noted that the Fed and OCC are shining a light on this undocumented spreadsheet problem, looking for more transparency to the data in spreadsheets and file shares.
The reality is that using spreadsheets and file shares for risk and compliance data is a dead end. While companies may be able to get through one cycle of review with internal auditors, a regulator and/or rating agency, the long term implications of adopting a spreadsheet-based architecture for risk and compliance data are extremely problematic. Not only will risk managers have trouble getting visibility into the data because of poor reporting capabilities, but they will also rightly question the accuracy of the data itself. This skepticism is precisely why so many companies are moving off spreadsheets to a more programmatic approach to managing risk and compliance initiatives.