SAS: A New Dimension in Risk:Spreadsheet risk
Posted: 23 April 2009 | Source: SAS
Unlike any other software tool, spreadsheet programs have found their way into everyday reporting. This is in part due to the low initial price and also to the pre-existing knowledge that most employees have. Furthermore, easy access and existing possibilities quickly make spreadsheets the tool of choice when employees want or need to implement individual report requirements. The flexibility with which data can be manipulated and individual calculations can be carried out is especially valued. This extends even to complex spreadsheet programming.
On the report receiver’s side, there is also abundant criticism, such as:
• No access to original data, no data history generation.
• No versioning; different versions contain different results.
• No documentation; the know-how depends on the spreadsheet creator.
• Partially unintelligible macro writing.
• Revision lacks data security and traceability in manually created reports.
The criticism sometimes even goes to the point that boards of directors and IT managers consider spreadsheets to be a serious risk.In line with compliance of statutory provisions, in particular Basel II, IAS and Sarbanes-Oxley, there is even frequent talk of overuse and overreliance on spreadsheets.
“The finance industry is becoming more and more conscious that an overuse of spreadsheets is a key indicator for operational risks that can be directly transferred to regulatory costs,” said Jost Dörken, General Manager of SAS Germany.
Outside consulting companies such as KPMG have even determined in an independent analysis that 90 percent of all spreadsheet solutions are inaccurate and, according to Hackett Group, 95 percent of all companies still plan with Excel or a pencil and paper.
Against this backdrop, we have to take into consideration which professional reporting requirements must be met, how they can be met and where the spreadsheet programs can be utilized.