While fixing the short-term problem, the prized power and flexibility of spreadsheets pose a significant operational risk.
Firstly, spreadsheets lack the controls found in corporate IT applications, so auditability and transparency are lacking. It can be unclear who made changes to a spreadsheet and who reviewed and approved it. It is also difficult to enforce any workflows needed to review and approve changes to spreadsheets.
There is little visibility of missing data or errors in spreadsheets that can lead to operational issues. Users can also easily fall into the bad habit of hard-coding information into cells, again with no transparency, leading to data quality issues and errors. Finding and updating these hard coded cells is time-consuming and error-prone.
In an ideal world, banks would replace these spreadsheets with corporate IT applications, but as we’ve seen, this is impractical. Instead, institutions need to accept that spreadsheets, and the risks involved, will feature in many core business processes, in one way or another, for the foreseeable future.
So, what can banks do to bring the management of key spreadsheets in line with corporate IT applications, reduce the risks involved, and address regulators’ concerns?