Excel is undoubtedly an essential business tool, and Microsoft now claims to have 1 billion users that rely on it to varying degrees. It enables people to do complex number crunching without having a degree in accountancy, and is often the default application we turn to when documenting ideas, plans and is the go to application for anything that requires rows of data.
However, a wide-ranging US study suggests that on average 1% of formula cells, and 88% of all spread sheet documents contain errors. Small errors can have a massive, real-world impact. Governments, financial institutions and large global organisations have all found this out the hard way, but what’s the real impact for the average business?
In Eirtight, we’ve repeatedly seen the chaos that can be caused by relying on spread sheets to store and manage important data. Typically, problems arise because spread sheets:
- Are not secure – they contain raw data that can be accessed easily. Password protection is easily bypassed.
- Have no centralised control or ability to give management automatic visibility over their content.
- Are easily lost, deleted or corrupted.
- Can be accidentally or otherwise distributed to/accessed by unintended parties.
- Contain errors ranging from the insignificant to the critical.
- Often have multiple versions in circulation, each containing slightly different variations of the data. No single source of data produces multiple problems.
- Have no tracking or logging which means the last person to edit data is not known and previous values are not stored.
- Are difficult to backup due to proliferation of versions.
- Are not SOX compliant.
One of our clients lost a mid-six-figure sum some years ago due solely to a financial modelling spread sheet containing an incorrect formula.
So what can you do to protect your organisation? We’ve drawn up the following guidelines to enable you to gauge how vulnerable your organisation may be:
- Understand where spread sheets are being used in your organisation, who is using them and what data is being managed in each one. Document all of this thoroughly. It’s worth noting that the irony of the probability of a spread sheet being used to capture this information hasn’t escaped the author of this post!
- Use a traffic-light system to assign a level of criticality to each spread sheet in use. Document the importance and sensitivity of the data as well as the potential risk if the data contained errors. For example, Mary in Marketing may have a list of all the staff who’ve signed up for the next football tournament. That’s green. However, Bill in Accounts may have a spread sheet showing the rebate payments due from affiliate partners. That’s red!
- Find out where and how each spread sheet is stored, managed, backed up and shared. Are staff emailing a highly sensitive spread sheet to each other regularly? This is a huge security threat and needs to be stopped.
Once this has been done you should have a picture of how open to risk your organisation is. The next stage is to put in place a system to store, manage and report on the information that is currently stored in spread sheets classified as ‘Red’, with the aim of eliminating this practice entirely.
It’s important to note that putting a system in place to centrally store, manage and control your critical data does not mean staff cannot export that data and manipulate it in Excel for convenience if that’s something that’s required. It means changes, formulas and data can be verified and logged which will go a long way towards preventing bad data from causing you to make bad decisions.
Wherever Excel fits in your organisation, please don’t pretend this is not a potential problem for your business – all the research suggests that it is. The good news is that it isn’t difficult to put a fix in place. Don’t wait until you have hindsight of a disaster before taking action. To read some horror stories on this topic visit http://www.eusprig.org/horror-stories.htm, or give us a call to discuss how we can help you mitigate the risk.