Spreadsheet Risks in Banks

No other industry perhaps handles such large volumes of critical financial data more than the banking industry. For decades now, spreadsheets have become permanent fixtures in the front-line reporting tool sets of banks, providing organised information when and where needed.

But as banks enter into a period of heightened credit risks, elevated levels of fraud, and greater regulatory scrutiny, many are wondering if continued reliance on spreadsheets is a wise decision for banks today.

The downfall of Lehman Brothers which eventually led to its filing for Chapter 11 bankruptcy protection on September 15, 2008, served as a wake up call for many institutions across the globe to make a serious examination of their own risk management practices. But would these reforms include evaluating the security of user developed applications (UDAs), the most common of which are spreadsheets, and putting specific guidelines as to when they can – or cannot be – used?

Banks and Spreadsheet Use

Banks have been known to utilise spreadsheets systems for many critical functions because most personnel are well-acquainted with them, and the freedom of being able to develop customised reports without needing to consult with the IT department offers flexibility and convenience. In fact, more than having a way to do financial budgeting and analysing customer profitability, even loan officers and trade managers have become reliant on spreadsheets for risk management reporting and for making underwriting decisions.

But there are more than a few drawbacks to using spreadsheets for these tasks, and the sooner bank executives realise these, the sooner they can adopt better solutions.

General Limitations

Spreadsheets are far from being data base systems and yet more often than not, they are expected to act as such, with figures constantly added and formulas edited to produce the presumably right set of reports.

In addition, data integrity is always a cause for concern as most values in spreadsheets are entered as manual inputs. Even the mere misplacement of a comma or a negative sign, or an inadvertent ?edit? to a formula can also be a source of significant changes in the outcome.

Confidentiality risk is also another drawback of the use of spreadsheets in banks as these tools do not have adequate?access controls to limit access to only authorised individuals. Pertinent financial information that fall into the wrong hands can lead to a whole new set of problems including the possibility of fraud.

Risks in Trading

For trading transactions, spreadsheets can prove to be of immense use – but only for small market volumes. As trade volumes increase and the types vary, spreadsheets are no longer a viable solution and may likely become more of a hindrance, with calculations taking longer in the face of bigger transaction amounts and growing transaction data.

And in trading, there is always the need for rigorous computational functions. Computing for the Value at Risk (VaR) for large portfolios for instance, is simply way beyond the capabilities of spreadsheets. Banks that persist in using them are increasing the risk of loss on those portfolios. Or, they can be opening up?opportunities for fraud?as Allied Irish Bank (in the case of John Rusnak – $690 million) learned the hard way.

Risks in Underwriting

Bankers who use spreadsheets as their main source of information for underwriting procedures also face certain limitations. Loan transactions require that borrowers? financial data be centralised and easily accessible to risk officers and lending officers involved in making decisions. With spreadsheets, there is no simple and secure way of doing that. Information can be pulled from different sources – individual tax returns, corporate tax documents, partnership documents, audited financial statements – hence there is difficulty in verifying that these reports adhere to underwriting policies.

Spreadsheet control and monitoring

Financial institutions which are having difficulty weaning themselves from the convenience and simplicity that spreadsheets offer are looking for possible control solutions. Essentially, they want to find ways that allow them to continue using these UDAs and yet somehow eliminate the?spreadsheet risks?and limitations involved.

Still, the debate goes back and forth on whether adequate control measures can be implemented on spreadsheets so that that the risks are mitigated. Many services have come forward to herald innovative solutions for better spreadsheet management. But at the end of the day, there really is no guarantee that such solutions would suffice.

More Spreadsheet Blogs


Spreadsheet Risks in Banks


Top 10 Disadvantages of Spreadsheets


Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry


How Internal Auditors can win the War against Spreadsheet Fraud


Spreadsheet Reporting – No Room in your company in an age of Business Intelligence


Still looking for a Way to Consolidate Excel Spreadsheets?


Disadvantages of Spreadsheets


Spreadsheet woes – ill equipped for an Agile Business Environment


Spreadsheet Fraud


Spreadsheet Woes – Limited features for easy adoption of a control framework


Spreadsheet woes – Burden in SOX Compliance and other Regulations


Spreadsheet Risk Issues


Server Application Solutions – Don’t let Spreadsheets hold your Business back


Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Maturing Into CMMI

 

In all likelihood, the reason why you landed on this page was because you were seeking CMMI experts to help you meet the demands of a growing number of potential clients who require CMMI compliance.

Whether or not you’re here for that reason, you might want to know why CMMI or Capability Maturity Model Integration is steadily becoming a common denominator among highly successful software and engineering development companies. If you stay for a while, we can show you how CMMI can substantially increase your organisation’s chances of:

  • reducing development costs;
  • acquiring new customers and retaining old ones;
  • beating deadlines;
  • bringing down development time;
  • increasing the overall quality of your products and services; and
  • improving the level of satisfaction of customers, employees, and all other stakeholders.

Surely, no organisation can be too small or too big to aspire for such benefits of attaining high levels of maturity and capability.

If you want to look beyond Maturity Level ratings, then you’ve come to the right place. We focus on introducing CMMI principles and blending them into your organisation’s culture to achieve a truly superior and sustainable business advantage. Compliance will then be an inevitable offshoot of the actions you make.

Likewise, if you simply want to obtain a deeper understanding of CMMI and learn how it can be applied either to your entire organisation or to specific projects, we’d be happy to assist you in that regard as well.

Finally, when you’re ready, we can also conduct CMMI appraisals either for benchmarking purposes or simply for determining how well your process improvement initiatives are going.

CMMI Consulting

Are you worried that implementing CMMI might entail an overhaul of your current processes? Don’t be.

CMMI is all about improving current processes, not replacing them. Ideally, the final result of all process improvement activities should be hinged on your own business objectives and context, so we’ll make sure it remains that way when we work with you.

We rely on our extensive knowledge and experience in CMMI, engineering, software development, and technologies as well as in change and project management in providing model-based process improvement services. Whether you’re gearing up for an appraisal or simply want to employ CMMI-based practices, these are the things we can do for you.

  • Help you interpret how CMMI can be implemented in relation to your business.
  • Assist in convincing sponsors and stakeholders to support your CMMI implementation initiatives.
  • Introduce the necessary training to all individuals who need to undertake them.
  • Conduct a Gap Analysis to find out where your company’s current processes stand relative to their CMMI specifications.
  • Assemble a process group that will champion your process improvement initiatives. We’ll facilitate effective collaboration among its team members, transforming them into a cohesive force designed to carry out plans and motivate everyone else down the line.
  • Introduce tools and practices that will improve the efficiency of our process improvement initiatives.
  • Carry out periodic evaluations and produce reports to provide sponsors and stakeholders a clear picture of our progress.

CMMI Training

Still not convinced CMMI is right for you? There’s only one way to fully grasp the benefits of implementing CMMI – take the Introduction to CMMI course. Although what happens next is entirely up to you, we’re pretty sure you’ll make the right decision after passing it.

Do you need to include people from your organisation in a SCAMPI (Standard CMMI Appraisal Method for Process Improvement) team? They’ll have to undergo this course too. The Introduction to CMMI is for systems and software engineering managers and practitioners, appraisal team members, process group members, and basically anyone who want to grasp CMMI fundamentals.

This is what you’ll be able to do after going through 3 days of lectures and exercises:

  • Gain a deeper understanding of the various components of CMMI-DEV models and their relationships.
  • Discuss the process areas in CMMI-DEV models.
  • Extract and interpret aspects in the model relevant to your own organisation’s processes.

We also offer highly specialised training and workshops such as those for:

  • Achieving High Maturity Levels
  • Top Executives
  • Team Building in Preparation for Appraisals

CMMI Appraisal

An organisation new to CMMI will want to know first how far their current processes are relative to the implementation of model-based improvements in order to determine the resources and time that have to be spent to get there.

Similarly, an organisation already well acquainted with CMMI and has begun taking steps in improving processes, will eventually want to know how close it has come to the Maturity Level it has aimed for.

In both cases, these organisations will have to be assessed by a qualified CMMI appraiser to obtain an accurate picture of their current status. We can perform appraisals on either your entire organisation or on specific projects/practices within a process area. Our appraisers can conduct the following SCAMPI (Standard CMMI Appraisal Method for Process Improvement) appraisals:

  • SCAMPI Class A – This is what you’ll need if you’re aiming for a level rating.
  • SCAMPI Class B – You may want to use this for process reviews or for preparing for a SCAMPI Class A.
  • SCAMPI Class C or Gap Analysis – We typically conduct this for organisations who have yet to implement CMMI-based initiatives so that they can design the most cost-effective road map for the implementation proper.
Are Target Operating Models strategic compasses?

The short answer is they usually are, because every organisation needs a road-map of where they are going. Target operating models can be complex documents with illustrative details including project management structures, special tools, implementation procedures and management metrics. They can also be simple statements, as for example Winston Churchill?s promise that ?we shall fight them on the beaches, on the landing grounds and in the fields? which gave Britain the strategic direction it needed.

Many initiatives unfortunately fail because managers are ?too busy? to bottom on what their target operating model should say, or simply don’t believe in paperwork. As a result, promising initiatives may blunder off course or die a slow death without them really noticing. We cannot manage what we cannot measure, which is where the management metrics fit in. One of my favourite quotes is ?if you don’t know where you are going any road will get you there? which is what the Cheshire Cat said to Alice in Wonderland when she got lost.

The author blundered through life without a plan because there was no one else with his particular brand of imagination. The current business climate is different because everybody is trying to ramp up, and investors want to know exactly what is going to happen to their money and by when. Hence a target operating model can be indispensable throughout a change or product cycle.

The benefits of having a measurable operations / technology plan can produce powerfully tangible results if the organisation follows through on it. Built-in metrics with milestones are powerful tool for management, and, when they map through to the company financial plan almost irreplaceable as cash-flow forecasters.

Other benefits may include:

  • Shorter times to market and greater agility when launching new ideas
  • Reduced investor risk through a predictable process that’s readily monitored
  • A stable operating environment where there is consensus on direction
  • Greater likelihood of delivering on time and leading to repeat orders
  • A more cost-effective process, with less risk of loss of quality and money

Although it dates back a few years the Wills UK and Ireland Retail model still provides an excellent benchmark of a target operating plan that worked. The strategic goals were exceptionally clear, and they brought in a proven project manager to help them drive the program forward.

We have delivered advanced business management services to many of our clients, and believe you will find our personalised approach time-efficient and effective too.

Outsourcing

Are you ready to outsource? Do you even need to outsource? We’ll help you answer those and other questions regarding outsourcing and your company.

Once we’ve determined that outsourcing will render your organisation more focused on your core competencies, more cost-effective, and more flexible, we’ll offer you the full spectrum of our services. Our specialists can assist you in every stage of the entire outsourcing life-cycle.

Starting from evaluating what can be outsourced, through finding the right outsourcing service provider, building the contract and agreements, getting everything in place, and managing the outsourcing relationship – we’ll be with you every step of the way.

Learn more about some of the outsourcing services we offer:

Outsourcing Contracts and Agreements

When an outsourcing project fails, both customer and service provider are quick to put the blame on the other party. But in most cases, the actual culprit was really just sitting there since day one – a poorly planned and implemented agreement.

We understand how costly and disruptive a failed outsourcing project can be for your business. That is why we put utmost attention to each contract and SLA (Service Level Agreement) that our customers enter into. This always reduces the likelihood of having unmet expectations, one of the major reasons why some outsourcing relationships fail.

We make sure that each agreement is fair, not only for our customers but also for the service providers themselves. Why? Because a disadvantaged provider will most likely end up delivering poor service as an offshoot of efforts to improve its profitability and ROI.

To accomplish this, we’ll thoroughly assess the infrastructure, resources, and expertise of your potential service provider to ensure they have the capability to meet your expectations. We’ll also make sure that their expectations are realistic and clear to you as well.

Here’s what you can expect from us when we start managing your outsourcing contracts and agreements:

  • A thorough assessment of your specific needs and the service provider’s profile to determine whether you have the right match before proceeding with any agreement.
  • Professional assistance when the time comes for you to discuss the scope of work, expected service levels, and when negotiating for appropriate pricing. We’ll also help you set up provisions for possible changes in the scope later on.
  • Expert counsel during drafting and finalisation of the contract and Service Level Agreements. Whenever applicable, we’ll help you propose penalties whenever service levels are not met and rewards when they are exceeded.
  • Regular reviews to determine whether everything agreed upon in the past, like pricing and service levels, are still realistic or competitive enough in view of current technological advancements and the prevailing social and economic environment.
  • Mediation expertise whenever the outsourcing project appears to be falling apart. We’ll work with you and the service provider to resolve conflicts and avoid the expensive exercise of having to terminate the contract. But if the best solution is to part ways, we’ll make sure you make an exit with the least disruption, missed opportunities and financial loss.

Application Outsourcing

I’m sure you’ve come to realise that to gain competitive advantage these days, you really need to invest in IT applications.

There are applications for enhancing your customer relationships, speeding up production, streamlining processes, advancing collaboration, protecting your systems from malware and many more. Selecting the right application, testing it, implementing it into your system, and then managing it can deviate resources which would have otherwise been used in other areas to build business value, increase profits, and enhance innovation.

Wouldn’t it be nice to unload yourself of the management processes which usually accompany IT applications? Actually, you can – through application outsourcing. Application outsourcing providers possess the expertise to either partially or fully assume responsibility of your IT applications.

Our job is to see to it that you link up with the provider who can best answer your needs. The overall proficiency of these providers spans both proprietary and opensource solutions, allowing them to cater to a wide range of preferences and budgetary limits. At the very least, they can provide professional support for well established applications.

If needed, they can develop applications for your organisation, taking charge of every step in the system development life-cycle: starting from system initiation, requirements analysis, through design, construction, acceptance and eventually to implementation.

Here are some of the benefits you can enjoy once we start managing your application outsourcing initiatives:

  • Freedom from time-consuming tasks such as installations, upgrades, configurations and repairs.
  • Reduced total cost of ownership (TCO).
  • 24/7 support from well-trained personnel. This can substantially cut downtimes caused by inexperienced troubleshooting.
  • The option to have your applications housed in more secure and reliable environments with much higher availability and much lower planned/unplanned downtimes.
  • Dedicated specialists who can focus on providing better regulatory compliance and risk mitigation initiatives.

Infrastructure Outsourcing

Keeping up with the competition nowadays usually requires technological advancements as well as the capability to manage and maintain the infrastructure that has to support them. These undertakings can suck your resources dry.

If you’re looking to reduce costs even while improving the performance of your networks, servers, databases, firewalls, desktops and mobile devices, you might want to consider IT infrastructure outsourcing among your top options. Infrastructure outsourcing service providers have the resources dedicated to a stable, secure, scalable and always available IT infrastructure.

Typical service provider facilities include data centrers equipped with high-speed networks, reliable power, dependable security, as well as provisions for upgrades, consolidation, disaster recovery, or even business continuity.

These providers employ specialists and staff who can manage and maintain all of these for you. While your provider juggles your core IT-related tasks, you can keep your eye on the ball and refocus on your company’s business goals.

Here are some of the benefits you can enjoy out of infrastructure outsourcing:

  • Freedom from time-consuming tasks such as installations, upgrades, configurations and repairs.
  • Since service providers, who are expected to have better horizontal and vertical scalability, will deal with the technological intricacies, your company’s strategic development initiatives can proceed unhampered.
  • Greatly reduced electricity expenses as a result of consolidation.
  • Easier, faster, cheaper, and more reliable disaster-recovery solutions through virtualisation.
  • Lesser risks of disruptions caused by power outages, cyber attacks, or Internet connection downtimes.

Business Process Outsourcing

With the sheer number of business processes your company has to attend to, it wouldn’t be surprising if you rarely have room to innovate.

Through business process outsourcing, we can free a considerable part of your financial and manpower resources which are currently focused on routine activities. With more resources to drive innovative initiatives, you’ll be able to accelerate production, improve customer service, enhance overall business value, and arrive at a stronger bottom line.

Some of the business processes that may be outsourced include data entry, finance and accounting, form processing, procurement, and HR, among others. If you’re interested in finding answers to the what, how, who, and where of BPO, specific to your organisation, we’ll be happy to enlighten you.

Here are some of the benefits you can enjoy once we start managing your BPO initiatives:

  • Professional guidance to ensure that your BPO undertakings will really result in substantial savings and significant improvements to your organisation’s business value.
  • Careful monitoring of service levels to ensure faster turnaround, accurate data, and high quality outputs.
  • Expert evaluation of information handling processes to guarantee full confidentiality.
  • Professional and unbiased management dedicated to establishing a strong, reliable, and fruitful relationship between you and your provider.

Ready to work with Denizon?

Contact Us Today