Feeds

Buggy spreadsheets: Russian roulette for the corporation

The chasm between common sense and computer programming

High performance access to file storage

How many scenarios can you imagine where a momentary loss of concentration could cost over $1bn? Perhaps a nuclear power station meltdown...or if a currency trader hit a few wrong keys? Well, another possibility is a simple spreadsheet error.

In October 2003, soon after announcing third quarter earnings, Fannie Mae had to restate its unrealised gains, increasing them by $1.2bn. This highly unwelcome outcome was said to stem from "honest mistakes made in a spreadsheet used in the implementation of a new accounting standard".

The really, really bad news is that millions of similar errors are almost certainly being made every year, many of them in business-critical financial spreadsheets. Although they are the quintessential end-user tool, spreadsheets of any complexity are just as hard to write and maintain as any other kind of software - if they are to yield consistently accurate results, anyway.

At Cutter Consortium's inaugural European Summit in March, I took part in a spirited panel discussion about SOA and related matters. At one point the redoubtable Oliver Sims suggested that Excel was the world's most widely-used software development tool - a statement that struck me as probably correct. But if so, how grave are the implications? After all, the overwhelming majority of spreadsheet users are not professional programmers, and it is doubtful whether most of them have even been formally trained to write spreadsheets.

If only organisations realised the harm they are laying themselves open to, they might be inclined to seek advice from a suitably qualified expert. Such as Dr Louise Pryor, an independent software risk consultant who specialises in complex financial models and spreadsheets.

As a Fellow of the Institute of Actuaries, with a PhD in Computer Science and extensive hands-on experience in commercial software development, Pryor is ideally equipped to explain how spreadsheets should be designed, written, and tested. Her website provides detailed and convincing evidence of prevailing spreadsheet error rates, some hair-raising war stories, good advice, and loads of other useful information.

Other valuable resources include the spreadsheet research (SSR) site maintained by Professor Ray Panko of the University of Hawaii, and the European Spreadsheet Risks Interest Group (EuSpRIG). Several books have been written on the subject; for instance Patrick O'Beirne's Spreadsheet Check and Control.

Panko has collected the best available evidence for spreadsheet error rates, based on field audits by organisations such as Coopers and Lybrand, KPMG, and HMCE (the UK's Customs and Excise department). Of 54 spreadsheets audited between 1997 and 2000, no fewer than 49 were found to contain significant errors - a defect rate of 91 per cent. In a more recent exercise, every single one of 30 project financing spreadsheets scrutinised had at least one mistake.

This is not to suggest that spreadsheets are uniquely bug-ridden; there is convincing evidence that virtually all non-trivial software contains defects. According to Panko's Human Error website, "spreadsheet error rates look like error rates in normal program development and in code inspection". He estimates typical human error rates at about 0.5 per cent for simple mechanical tasks like typing, and five per cent for more complex logical activities such as programming.

High performance access to file storage

More from The Register

next story
Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
Pre-Update versions of new Windows version will no longer support patches
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Windows XP still has 27 per cent market share on its deathbed
Windows 7 making some gains on XP Death Day
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
US taxman blows Win XP deadline, must now spend millions on custom support
Gov't IT likened to 'a Model T with a lot of things on top of it'
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.