ERM is only as effective as the people using the analytical frameworks to characterize business risks. Enterprise Systems Analytics staff is cross-trained in related functional areas and deploy the appropriate methods to match your specific business needs.
An ESA Think Tank Report:
Mitigating Excel Risk via an Enterprise Risk Management Solution
The ability to quickly and autonomously analyze data is critical to corporations across the globe every day. The use of Excel spreadsheets is an all too common yet risk-laden practice for such data manipulation. If your entity regularly deploys Excel throughout its scope of operations, there are key critical threats to be aware of that can result in damage to corporate reputation, financials, and regulatory or compliance issues. From understated bids and revenues to overcharging clients to duplicated costs – extraordinary fees, charges, and regulatory non-conformities have all resulted to the detriment of organizations utilizing Excel. Sarbanes-Oxley Section 404 only validates the inherent risks and supplemental legal responsibilities of multiple entity types utilizing Excel.
Enterprise Systems Analytics (ESA) assists government and private sector entities with Excel risk assessments, and in turn offers custom Enterprise Risk Management (ERM) solutions that characterize, organize and individually address risk factors facing your entity via ESA’s tested working methodology. The ESA ERM practice implements custom, hub-based solutions, dictating your organization’s process flow from a software standpoint, governing access and timing. Data currently in Excel can be migrated into a central database system with automated reporting mechanisms and fail safes for any sign offs for the application of any critical data calculations. This ESA think tank report has identified various risks associated with the use of Excel spreadsheets, as well as more robust options for capturing, leveraging and recording data in order to realize stronger risk management through ERM implementation.
Arguably the greatest single risk associated with Excel use within an organization is that of End-User Programming. Because Excel is a very static versus dynamic application, it is difficult to program in. Yet Excel is regularly deployed by employees writing macros and formulas who are not computer scientists or professional programmers, and thus have not been taught how to write code in conventional programming languages. Without a proper training baseline established, not to mention continual improvement training regularly implemented, organizations expose themselves to varying levels of risk through the incorporation of Excel across its ranks.
ESA’s ERM team implements hub-based solutions populated with algorithms that can immediately and safely calculate data on your entity’s behalf in a robust platform. Regulatory conformant demands, whether based on laws, standards or other requirements are aligned with standardized business processes deployed by your organization. ESA also provides training both in implementations and as improvements and new versions are coded concerning your precise solution. Your employees are empowered to effectively and efficiently utilize the various controls and mechanisms available in an ESA ERM deliverable. Regardless of your employees’ level of comfort using software, ESA can customize the right solution to seamlessly integrate your entity’s initiatives and best practices, providing your employees a comfortable rhythm in performing their required tasks and related data calculations.
ESA’s ERM solutions follow an organization’s business process flow. In Excel it is left to the whim of the end user/programmer. With such end user programming reliance, an entity’s ability to rigorously adhere to a business process is substantially lessened. If Excel formulas are loaded into an enterprise flowchart for example, the application can be customized to hold how instructions and processes are delivered, accepted and tracked. Access and timing can be dictated. A simple decision-diamond of A goes to B, B goes to C would illustrate this point. However in a standard Excel spreadsheet, this governance does not exist.
Other routine iterations in Excel that can result in damaging effects in a spreadsheet’s accuracy are deleting , copying and pasting, or inserting rows and cells. Formulas that don’t seamlessly transfer can create errors, yet copy and paste is an encouraged mechanism for reusing previously established calculations. How a certain formula will react if moved to another cell, or referencing, is an all too common risk in Excel programming. Formulas that don’t align from one data set to another can result in improper calculation. If various spreadsheets are linked to one another, workbooks must all be open simultaneously in the event any formula or data is altered. If changes are made independently to cells connected to different data sets without all workbooks open, calculation errors can arise.
ESA’s ERM solutions team customizes its solution to your precise needs by aligning the collation and transference of data and reporting with your entity’s stated process flow and core measurement benchmarks.
No Quality Control
Well managed processes and employee competence in terms of skills and qualifications are core elements of any quality control program. Yet when deploying Excel, most organizations don’t maintain any type of formal process concerning such data calculation and the application of that data. The skill level of a particular employee utilizing Excel is also not typically accredited against any type of procedural baseline or working methodology implemented by their employer. A common example of how this poses risk to an organization versus a well implemented ERM solution is the access – or rather lack of access – provided by the original Excel programmer when sharing or transferring data internally. Document control in Excel is extremely limited. An individual can lock down the program so others can only edit certain fields, yet there is no mechanism for data validation within fields. If an audience is in a remote location it’s challenging since data being transferred and discussed is not handled in a network-based application. There is no web-based interface, and access cannot be governed. How individuals within your organization utilize Excel and consequently leverage or channel the data spreadsheets emit is not always cohesive much less regulated. Therefore errors in inputting data could exist, but aren’t appropriately tracked. There is no corrective action trail unless your entity performs regular training of those who deploy Excel regularly, as well as some sort of editing mechanism by a more technically proficient employee. If a pre-existing Excel spreadsheet programmed by another individual is being used, a key consideration is if the original programmer inserted any hidden cells, since calculations could overlap and produce inaccurate or unintended results. Copying over hidden cells can cause pre-existing formulas to be overwritten, thus rendering the assumed accuracy of the calculations to be invalid.
An ESA hub-based solution eliminates these risks, since various calculations are embedded within algorithms in the enterprise architecture of your custom application. One of the core definitions of an enterprise application is multiple people can deal in the same data set at the same time. While revisions or other ways of manipulating data can be suggested, the established process flow of an entity’s governing mechanism provides administrators and management the ability to sign off or confirm any changes prior to that data being validated or integrated. Internal quality control can be maintained at a much higher level.
Generating Business Intelligence and Reports
A business intelligence caveat with an Excel spreadsheet is, assuming data is input correctly and formulas are accurate, how do you glean or tear out the core synopses, top line summaries, and mission critical realizations? What is the process for taking data in a spreadsheet and transforming it into a useful, timely report that can be acted on to the benefit of your organization’s goals? While there are add-on programs and features available to advanced Excel programmers for displaying results in pie charts and graphs, the ability to further manipulate that data and drill down to a core issue in a robust, elegant display is limited or in many cases nonexistent.
ESA’s web-based ERM interface uses SQL Server to provide turnkey methods of instantaneously seeing the most critical data, in as wide or narrow a scope on demand, in customized reports. Other custom deliverables include Dashboards that provide real-time views of various data sets and correlating calculations, leveraged automatically against important regulatory requirements or other established parameters or targets.
ESA’s ERM team can assess your current level of risk utilizing Excel spreadsheets and offer a custom, hosted solution to help your organization avoid costly errors while maximizing performance and quality assurance. Please Contact sales at 206.607.8839 for more information.