Nearly a quarter of accountants surveyed at a recent ICAEW IT Faculty event have experienced financial or reputational damage due to spreadsheet errors and poor controls.
Conducted by the risk and internal audit consultancy Protiviti, the survey also found that three quarters of those questioned did not have a policy or processes in place to govern the development and use of spreadsheets. However, 37% claimed their organisation had adequate processes in place to manage spreadsheet risk.
“It’s clear that the risks associated with the use of spreadsheets are not taken seriously enough by the vast majority of UK organisations,” said Protiviti director Ewen Ferguson. “While a well-built spreadsheet can be a hugely powerful business tool, its flexibility also presents organisations with a significant set of risks with potentially disastrous consequences.”
According to Ferguson, regulators and auditors are focusing more closely on the way spreadsheets are used within businesses.
In spite of the serious implications, the IT Faculty survey demonstrated that the amateur ethos remains strong in the Excel community. A majority of those questioned had never received any training on spreadsheet design or development and 63% admitted that spreadsheet risk did not fall under the jurisdiction of any particular department or function. The finance department was responsible for spreadsheet control at 15% of the organisations in the survey.
“Some end-users feel confident enough to develop highly complex spreadsheets, often involving complicated macros, but when spreadsheets are then used or inherited by a user who doesn’t have the same level of skill or understand the risk, the results can be catastrophic and have a significant financial impact,” Ferguson said.
He then cited a few of the examples he cited from the EuSpRIG horror stories page.