Excel User Conference: What to look for in a dodgy spreadsheet

Simon Hurst reports on the first day of the Excel User Conference taking place in Cambridge.

By now, most Excel users should be aware of the potential dangers inherent in inappropriately used spreadsheets.

Continued...

» Register now

The full article is available to registered AccountingWEB members only. To read the rest of this article you’ll need to login or register.

Registration is FREE and allows you to view all content, ask questions, comment and much more.

Comments
dahowlett's picture

Why?

dahowlett | | Permalink

If spreadsheets are such potentially dangerous beasts - nothing new there - I've been banging that drum for 10+ years - why do professionals still insist on using them for business critical applications? Madness.

Does using Excel invalidate your PI ..............

Anonymous | | Permalink

Agree completely with Dennis

However, this area does raise an interesting question. If despite all the warnings members of the profession continue to use spreadsheets for overly complex or critical applications then what is the position with their PI (Professional Indemnity) Insurance.

We were always given to understand that insurance of any kind was to cover/indemnify in the case of unforeseen circumstances and not to underwrite those who knowingly adopt risky practices

Therefore does this mean that those using spreadsheets in these circumstances have forfeited their PI cover?

Security breach

mikewhit | | Permalink

Having credit card numbers in a spreadsheet, unless you are just showing which card was used for an expense claim, is surely a security cockup ?

Customer payments should be handled by a Merchant Services 'black box' which does not leak sensitive data.

In any case, isn't the final digit just a check digit which could be recalculated if required ?

listerramjet's picture

I love terms like

listerramjet | | Permalink

"business critical" and "black-box". These are good examples of magic words which people use to hide their ignorance!

I guess it is compounding the crass stupidity of putting a credit card number into an Excel worksheet, by using a format not capable of actually storing it.

I have been banging on about the joys of combining Access and Excel for reporting purposes for far too many moons, so its good to hear of a kindred spirit.

BTW I bet most users are not aware of the potential dangers inherent in spreadsheets, whether inappropriately used or not.

Terminology

mikewhit | | Permalink

How exactly does using the term 'black box' show ignorance ?

I am using in the sense described by e.g.the Merriam-Webster online dictionary:
"1: a usually complicated electronic device that functions and is packaged as a unit and whose internal mechanism is usually hidden from or mysterious to the user; "

Surely once the transaction has been authorised by the credit card system, there is only need to retain the authorisation code, although I must confess to not having written software to talk to the c-c servers.

Are you saying from experience, that interfacing to a credit card system is a messy process that requires you to be aware of all kinds of internal complexities ?

Card processing ....

Anonymous | | Permalink

'Black Box' is a valid testing term - one doesn't care what goes on inside the routine just that it provides the correct solution on pre-defined input parameters

Now-a-days the card interface can be very simple (per example below), although a lot depends upon the eventual goal (repeat monthly billing etc)

WorldPay example - http://support.worldpay.com/examples/body.html

i.e. - form action="https://select.worldpay.com/wcc/purchase" name="BuyForm" method="POST"
(a simple one liner once the parameters have been entered)

(SecPay & other card processors have a similar method)

Under normal circumstances card details should not be held anywhere other than on the providers servers - any other approach is a greater risk