Banking & Insurance Model Regulation of Spreadsheets
Banking & Insurance industry reviews in the UK, US, Canada & Europe have resulted in a raft of regulations and guidelines that have resonated with a common theme. That is to address the inherent risks associated with internal Excel models, thereby re-establishing the trust and credibility of the results generated by these models in their specific use and report generation.
Spreadsheets are part of a group of applications called End-User Computing (EUC). The most pervasive of the EUC apps are spreadsheets. The most compelling attribute of EUC’s is that they are created and maintained by non-Programmers. Many of these EUC working applications that lie outside of corporate influence don’t have the controls that IT has imposed on their applications. Many EUC applications are as complex as IT applications.
An organization would expect their IT development staff to test and document their IT applications. However, this is not always the case with EUC applications. This lack of testing and documentation gives rise to the many spreadsheet horror stories that end up in the public domain and represent only the tip of the iceberg.
Research shows that 62% of an organization’s critical business decisions are made using Excel spreadsheets. However, research states that 80 – 95% of spreadsheets contain errors (Source: CIO Magazine, KPMG). Basing business decisions on flawed data can expose an organization to financial, commercial, and reputational risk.
Spreadsheetsoftware has canvassed many organizations for how they check their spreadsheets for errors, which has identified four main categories of spreadsheet management and mismanagement:
PROCESS | CONSEQUENCE | RISK | |
1 | They are checked cell by cell manually, sheet by sheet. | Very time-consuming (days, weeks, months) and still prone to errors | Possible Risk |
2 | Assumption – If it looks right, we go with it. | A Gamble | High Risk |
3 | We don’t check. | Potential Financial, Commercial & Reputational Loss | Highest Risk |
4 | We use the most comprehensive Excel Add-in Review & Audit tool -> ExcelAnalyzer. | Trust & Confidence | NO RISK |
The UK’s Financial Conduct Authority SYSC 13.7 states: “A firm should establish and maintain appropriate systems and controls for managing operational risks that can arise from inadequacies or failures in its processes and systems.” SYSC 13.7.1 (2) states, “in doing so a firm should have regard to…..controls that will help it prevent system and process failures or identify them to permit prompt rectification”.
Canada’s Office of the Superintendent of Financial Institutions (OSFI) also provided regulations and guideline E-23 stating, “OSFI’S objective is to issue comprehensive and clear guidance to institutions outlining common standards for enterprise-wide model risk management.”
Many other regulators have also provided guidelines, including European Central Bank (TRIM), Sarbanes-Oxley, Basel Committee on Banking Supervision, Financial Services Authority, Dodd-Frank Act Stress Testing (DFAST), Solvency II, and many others.
So, the question is:
How can an organization quickly identify and eliminate spreadsheet errors and provide up-to-date documentation, thereby meeting the Regulators’ guidelines and requirements?
Spreadsheetsoftware’s unprecedented, easy-to-use and intuitive ExcelAnalyzer Excel Review and Audit tool discover the DNA of spreadsheets identifying any errors and inconsistencies to help organizations to mitigate risk. It provides a range of error-checking and Formula Analysis, and Workbook Summary reports that can be printed, saved as PDF’s or stored with the spreadsheet model in the sheet tab ribbon as up to date documentation.
Remember:
Errors aren’t just constrained to formulas; there are many other facets of a spreadsheet that can jeopardize an organizations’ reputation.
ExcelAnalyzer is available in 2 versions:
- the Gold version that supports reviewing spreadsheets, identifying errors and inconsistencies, editing and correcting spreadsheets, or
- The Platinum version includes the Gold version but also contains a powerful Comment feature.
ExcelAnalyzer’s Comment Feature is especially useful for anyone who needs to review a colleague’s or client’s spreadsheet. Instead of the Reviewer editing somebody else’s spreadsheet they can question/comment the validity of any issues or anomalies in the spreadsheet and generate a Comment Report that they can send to the Model Builder as part of the Model or as a separate report.
The Model Builder can then enter their responses to the Reviewer’s comments, which are then uploaded into the Comment Report. Afterwards, the Model Builder or the Reviewer can correct the spreadsheet issues, and the Comment Report can be stored as part of the Model, printed, or saved as a PDF to form an audit document of the approved corrections.
The Comment Feature also generates a second report, which provides general information about the spreadsheet and, importantly, a risk assessment of the Model.
Just as with the Formula Report and the three Workbook Summary Reports, the two Comment Reports can be printed, saved as PDF’s and/or saved with the Model, thereby creating an audit trail of all activities carried out on the model.
The elimination of errors and provision of documentation helps to address the Regulators Model Risk Management regulations and guidelines.
No Comments