Feeds

Managing spreadsheet fraud

Do managers know how much errors cost?

  • alert
  • submit to reddit

Application security programs and practises

From time to time over the last year I have written and spoken about the dangers of using spreadsheets, particularly from the perspective of compliance but also with respect to how much they are error prone and subject to fraud.

However, the truth is that spreadsheets are beloved by managers the world over and nothing I or anyone else says or does will make any difference to that fact. So, if we have to live with spreadsheets then at least we should start by managing them. Since there seems to be very little written on the subject I have written my own white paper, which is available for free download.

Researching this white paper has taken more time that I had expected, most notably because there are all sorts of facilities in Excel (yes, this isn't the only spreadsheet but it is by far the most popular) that most of us don't know about. For example, there is password control in Excel. There is also some limited auditing capability. I wonder how many people actually know that? I wonder how many actually use these features?

The key point about spreadsheets is that you need to know which ones are critical to your business, which ones are merely important and which ones you do not have to bother too much about. Once you know that, you can start to apply appropriate policies depending on the criticality of the spreadsheet involved.

At the highest level (at least), spreadsheets should be treated as a corporate resource. For example, if you use spreadsheets for planning then you need to do everything you can to eliminate the possibility of error. And what do you do with corporate resources? You give them to the IT department which can implement proper testing and control procedures.

The real problem, of course, is that business managers don't know that there is a problem (actually, lots of problems) with spreadsheets, while IT regards spreadsheets as falling outside its jurisdiction. So spreadsheet management falls down a hole in the middle.

That has got to stop. According to both PricewaterhouseCoopers and KPMG, more than 90 per cent of corporate spreadsheets have material errors in them. Worse, estimates suggest that such errors costs between $10,000 and $100,000 per error per month. Let's take the Fortune 500 and let's suppose that each of these companies has just 10 (a pitifully small number) spreadsheets of corporate significance. Then nine have errors. Let's be circumspect and suppose that each has only one error and that it is spotted within three months (wildly optimistic); then each error costs $165,000 on average.

So how much money is the Fortune 500 wasting annually? It is a simple sum: $165,000 times 9 times 500. That amounts to just shy of three quarters of a billion dollars. And is that anywhere near realistic? No. It is probably safe to say that corporate America, for example, loses in excess of $10bn annually through the misuse and abuse of spreadsheets. That's a big number: it suggests a problem worth managing.

Copyright © 2005, IT-Director.com

Related stories

India acts on call centre fraud
Indian call centre staff nicked for fraud
Former PC tycoon jailed for fraud

Application security programs and practises

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Airbus promises Wi-Fi – yay – and 3D movies (meh) in new A330
If the person in front reclines their seat, this could get interesting
UK Parliament rubber-stamps EMERGENCY data grab 'n' keep bill
Just 49 MPs oppose Drip's rushed timetable
Samsung threatens to cut ties with supplier over child labour allegations
Vows to uphold 'zero tolerance' policy on underage workers
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.