Clusterseven launches guide to managing spreadsheet risk for insureres
ClusterSeven, an international provider of strategic spreadsheet and data management software, has responded to growing customer demand for guidance on managing widespread spreadsheet risk.
The issue of spreadsheet risk management was recently highlighted in the FSA’s Solvency II Internal Model Approval Process, which stated that spreadsheets are often outside the control of central IT and therefore prone to errors or difficult and expensive to audit.
Ralph Baxter, CEO of ClusterSeven, said:“Spreadsheets are a business critical tool and will always be in demand with end-users. Building on our experience of working with organisations in the insurance sector to manage spreadsheet risk, we have developed a short guide that lists the warning signs to look out for as well as the practical steps organisations should take as they prepare for Solvency II.”
The top three warning signs include:
-
Expensive audits caused by poor integrity of data
-
Regulatory criticism and failure to meet legislative or regulatory requirements
-
Delays in reporting processes caused by information being difficult to collate
The new guide* outlines the stages companies should go through when addressing the spreadsheet risk problem. The first stage ‘discovery for end-user computing’ is all about understanding where business-critical spreadsheets and Access databases occur across the business.
Ralph Baxter explains:“Organisations that we talk to are typically very surprised not just by how many spreadsheets are operating across the business but also how they are connected to each other and key internal systems. Within a few hours of processing we have actuaries, CIOs and COOs planning their route forward based on information they didn’t think was possible.”
The second step is to understand the risk presented by each file. ClusterSeven has worked with auditors and risk experts to establish a comprehensive list of rules that define the ‘riskiness’ of each file. Factors can include poor code quality, sensitive data and unsecured macros.
The process ends with the registration of applications for continuous monitoring to ensure that they remain correct, and the development of a joint roadmap for end-users and the central IT team to plan the retirement of existing spreadsheets and ensure that those developed in future are more manageable.
According to a study** by Deloitte, 70 percent of companies rely on spreadsheets to support their business-critical financial reporting. Bodies such as the Institute of Internal Auditors, the Financial Industry Regulatory Authority, and the Public Company Accounting Oversight Board have all demanded more attention from auditors.
|