The Journey of the Unpretentious Spreadsheet – See How It Morphs into an Uncontrollable Spider-like Web
By Ian Cleaver, VP of Professional Services, ClusterSeven
If the humble Excel spreadsheet was a person, the individual may potentially suffer from an identity crisis – agonised by sentiments such as under-rated, under-valued and brazenly taken for granted. Despite it being the reliable workhorse and offering all the flexibility that users in business need from this end user computing (EUC) tool, many organisations (to their detriment) don’t invest in managing and optimising the use of spreadsheets. But perhaps it has another side to its character?
Consider this illustration of the lifecycle of a spreadsheet. An individual in an organisation has an innovative idea for developing a new business process for pricing. Because the organisation’s core enterprise business system doesn’t offer the functionality to facilitate the demonstration of the idea, the employee prototypes it in a spreadsheet. The spreadsheet is shared with another team member, and progressively the two individuals evolve the original idea into a pricing model for traders. Gradually, data from other sources is fed into this tool and the once unpretentious spreadsheet has morphed into a fully-fledged, business critical ‘application’!
With similar scenarios replicated across the organisation (recognising the flexibility limitations of the enterprise IT systems), soon the business is grappling with an enormous spider-like web of potentially mission-critical EUC applications with deep and intrinsic data linkages. So now ensuring data accuracy and integrity in these applications, which are used for all manner of complex calculations becomes a nightmare. Manually identifying which of the EUC applications indeed house the most accurate data is neigh impossible. Perhaps the monster has raised its head for the first time – the operational risk of using this benign tool (uncontrolled) becomes apparent.
Due to the ever-increasing regulatory and compliance burden, data governance is a top priority for organisations today. Take the example of the EU General Data Protection Regulation (GDPR). Ensuring that the typically mammoth Excel files comply with the various GDPR requirements, including the right to be forgotten, data portability, and anonymisation and pseudonymisation of personal information, becomes a major challenge. Similarly, an unmanaged EUC applications estate is a significant operational risk to an insurance organisation, eliminating which is fundamental to Solvency II compliance. For solvency-related risk assessment, data validation is key. The regulation demands that insurers must use the correct and fully auditable data for calculations such as minimum capital requirements (MCR) and solvency capital requirements (SCR). It also demands the existence of a data directory – i.e. a repository where different end-users can refer to understand how input data is being used in the financial models.
Given the ubiquity of spreadsheets and indeed other EUC (e.g. databases, financial modelling tools) applications in business, adopting best practice processes for change management and control across the lifecycle of every single, business critical file is fundamental to data accuracy, compliance and informed decision-making. Automation is the only fool-proof way of achieving these goals and reducing overall operational business risk. Technology guarantees the ‘stickability’ and enforcement of controls, which isn’t possible if attempted via manual processes.