Stress Testing USA 2018
November 6-7, 2018
New York City
Join us for a Case Study Presentation
Tuesday, November 6 @ 4:25pm
- Why a spreadsheet evaluation process helps both internal audit and regulators easily understand your critical spreadsheets used in DFAST exercises
- Step by step review: Building and deploying a process for critical spreadsheet evaluation in stress testing/DFAST
- Why addressing spreadsheet risk for model risk is a critical success factor you can’t ignore
Janine Jakubauskas, Financial Regulatory Manager, Signature Bank
Diane Robinette, President and CEO, Incisive Software Corporation
There is still time to join us!
Use our discount code INCISIVE15 for 15% off when registering.
Happy Spreadsheet Day 2018!
A holiday sure to appeal to some people more than others, Spreadsheet Day commemorates the date that VisiCalc, the first spreadsheet program for personal computers, was released – October 17th, 1979. VisiCalc paved the way for innovation in personal computer applications, and revolutionized the way finance professionals budget and plan. In fact, Apple founder Steve Jobs is even quoted as saying, “VisiCalc .. propelled … the success [of Apple] … more than any other single event.”
The whole history of how VisiCalc came to be is actually pretty interesting (VisiCalc = Visible Calculator), so be sure to check it out.
How to Celebrate Spreadsheet Day
Since its beginnings, Spreadsheet Day has grown to become a day for celebrating both the advantages and the aggravations of working with spreadsheet software. In keeping with our tradition, we’ve pulled together a few of our favorite spreadsheet-related jokes to make you chuckle.
Then, give yourself a gift of self care (because we all know how important that is, especially for Excel users) and download 18 Best Practices to Mitigate Spreadsheet Risk.
October 14-17, 2018
Music City Center
Visit us at Booth #110
A simple spreadsheet data entry error is forcing Conviviality, one of Britain’s most successful alcohol and beverage vendors, into Britain’s bankruptcy court. Since the beginning of March 2018, when the error was discovered and revealed, the value of the company has been in a death spiral, with share prices dropping from approximately £307.50 on March 3 to under £100 on March 14. A failed attempt to raise £125 million from investors gave corporate leadership no option except to seek legal protection behind the bankruptcy curtain.
Spreadsheet error causes corporate demise
Entry of the now-recognized fatal spreadsheet arithmetic error occurred in January 2018, when a Conviviality wholesale division profit forecast erroneously exaggerated projected profits by as much as £5 million per year. The resulting shareholder excitement was dashed just weeks later when the company discovered the mistake and was forced to issue a profit warning, telling its investors at that time that profits would be decidedly less than anticipated. Worse news followed shortly after when Conviviality was also compelled to report that it hadn’t budgeted for a £30 million tax bill, which would mean yet another hit to the profit projection.
Because of the two profit warnings, the share price dropped 60 percent and forced the London Stock Exchange to suspend Conviviality trading opportunities on March 14. Between the loss of share value and the lack of ready cash with which to pay the government, the beverage retailer and wholesaler was forced to close up shop.
Spreadsheet errors are all too common …
According to Dr. Simon Thorne, senior lecturer in the Department of Computing and Information Systems at Cardiff Metropolitan University, spreadsheet errors are “like dominos, … once the initial mistake is made, it’s only a matter of time until other problems come to the surface.” Thorne believes that the Conviviality error is a typical flaw found in millions of spreadsheets every year. He asserts that poor spreadsheet management practices lead people to blindly accept the validity of the foundational work with no additional testing. His colleague at the European Spreadsheet Risks Interest Group, Patrick O’Beirne, agrees, noting that people will accept their spreadsheet calculations if those look like what they expected to see, regardless of their accuracy.
… and make other errors worse
Conviviality might have weathered the storm if it hadn’t already stretched itself, with recent acquisitions failing to maintain an accurate accounting of its activities. In 2015 and 2016, the company purchased drinks wholesaler Matthew Clark, outdoor bar firm Peppermint and Bibendum Wines, taking the value of Conviviality up near the £1 billion mark. By April 2017, profits had more than doubled to £22.5 million, and revenues had topped £1.65 billion, a climb of 85 percent year over year. In 2017 alone, investors netted £20 million in dividends, which was more than double their take-home over 2016. All that activity, coupled with insufficient bookkeeping habits, left the corporate books in a mess, which was a situation ripe for failure. The spreadsheet arithmetic mistake, honestly made but fatal nevertheless, was all it took to trigger the resulting cascade of warnings and failures.
The spreadsheet error was just the stick that broke that camel’s back. Rapid growth by any company can create risk across several corporate sectors such as quality control, financial management and reputational status, according to Stewart Roberts, the executive vice president of fintech firm iZettle. He states that his company’s success comes, in part, from reviewing all activities every three months then automating as much as possible to scale services accurately. Clearly, Conviviality failed to adequately review its strategies, which contributed to its eventual failure.
Both Thorne and O’Beirne still love spreadsheets, however, and assert that it’s not the function that fails most often but the human inputs. They encourage that every firm that uses spreadsheets to follow best spreadsheet practices, build safeguards into the process and do plenty of testing before relying on the accuracy of the data.
Learn how Incisive’s Risk Intelligence Platform enables companies like yours gain the visibility and control required to manage the risks associated with their business- critical spreadsheets.
Cybercrime is a frequent hot topic on most newsfeeds these days, but inadvertent internal errors can be more costly to companies than any single data breach, both financially and reputationally. Internal errors in databases or spreadsheets can skew the entire corporate information structure, leading to inappropriate decisions and expensive mistakes. However, many in the C-Suite don’t yet implement the tools available to protect the enterprise against these very real threats often because they still don’t understand how an honest but harmful error in one tiny aspect of the enterprise infrastructure can negatively affect the entire organization.
One error = too much damage
One Boeing employee simply wanted to share some company data with his wife but accidentally emailed her a spreadsheet that contained hidden columns with personal information of over 7,000 colleagues. The incident was especially embarrassing for Boeing because it also sells a data loss prevention program that “ensures that hidden information is not inadvertently included in and transmitted with a file.”
Although the risk of a further breach was small (there was no evidence that either the employee or his wife exploited the “personally identifiable information” goldmine), the aircraft manufacturer subsequently offered its workers a free two-year subscription to Experian’s identity theft protection service. One estimate put the cost to Boeing as high as $5.7 million.
Reputation loss exacerbates financial loss
Companies that suffer an inadvertent breach like what hit Boeing usually also experience a corresponding reputational hit, too. One expert service evaluated the reputational decline of 10 companies that have endured ethics and breach crises since 2010 (including Wells Fargo, Volkswagon and Uber) and concluded that:
- Those companies all suffered a median share price decline that averaged 33 percent over two years.
- All were able to repair the damage to a certain extent and regain their position in their industry.
- Each company has spent billions to repair its reputation since the public reporting of the incident.
Inadvertent spreadsheet errors elevate the risk of reputational damage
Spreadsheet errors are more frequent than most people realize and can cause more harm than most C-Suite inhabitants expect. The European Spreadsheet Risks Interest Group estimates that as many as 90 percent of all spreadsheets contain errors and that most of those flaws are simple human mistakes that are completely avoidable. The most common forms of spreadsheet mistakes are erroneous inputs, mistakes in logic and simple “copy-and-paste” errors. Incorrect cell ranges and cell range omissions also cause expensive calculations errors, as do incorrect hard-coded value errors. According to the 2016 Insider Threat report, 71 percent of survey respondents were most concerned about this type of inadvertent data security breach: an inattentive user causing an accidental security breach.
Spreadsheet risk management avoids inadvertent errors
Automated spreadsheet controls go a long way to prevent or avoid inadvertent data errors and their long-term consequences. Reputational risk intelligence programming provides safeguards that scan for, detect and alert to spreadsheet errors that can create havoc for both companies and their clients. In addition to checking for accuracy and functionality, these advanced tools also look for other vulnerabilities typically found in spreadsheet use patterns such as version, audit, authority and access controls. By implementing a comprehensive spreadsheet risk management protocol, most companies can avoid the damage – both financial and reputational – that Boeing suffered.
Additionally, the Boeing case also offers perhaps the most educational spreadsheet security training lesson: When you have the technology available to avoid costly errors, your most important decision is to use it.
At Incisive, our continuous risk intelligence programming for spreadsheets will keep your organization safe from inadvertent insider errors so your data security professionals can watch out for the real crooks waiting just outside your security perimeter. Watch our video to learn how Incisive can help you mitigate reputation risk.