The hidden costs of spreadsheets–and their mistakes

Banks think of spreadsheets as an inexpensive way to track all kinds of activities—but it’s often an expensive mistake in the making.

Just ask Goldman Sachs. The investment bank and another firm recently settled a lawsuit for $30 million—and it all started with a spreadsheet error, The Wall Street Journal reports.

Goldman Sachs was handling the sale of Tibco Software Inc. when an inaccurate spreadsheet was used to tally the number of Tibco shares and determine the company’s value. As a result, some shares were accidentally double-counted, causing a $100 million error—one that Goldman allegedly failed to disclose once it was discovered, the paper reports.

Of course, community banks have very little in common with Goldman Sachs—a Wall Street behemoth. Yet there may be one commonality: the potential threat of mismanaged spreadsheets.

Community banks aren’t using spreadsheets to track billion-dollar deals, but many are using them to track bank activities, including risk and vendor management.

One can easily understand the temptation. Spreadsheets are inexpensive, and everyone knows how to use them. Yet spreadsheets are not well-suited to large, enterprise-wide tasks that require careful tracking, documentation and due diligence.

It’s a lesson I learned firsthand when was I was general counsel managing compliance at a large enterprise software firm.  Compliance wasn’t viewed as a revenue-generating activity, so the company didn’t want to spend more than a few hundred dollars on a solution. That left me with spreadsheets to track vendor management, software licenses and end user agreements and protect the company’s best interests—and it was exhausting.

My team and I managed compliance through sheer force of will, putting every last ounce of energy into meticulously tracking every step. We spent countless hours checking, double checking and triple checking our spreadsheets. Yet I’d still spend nights worrying that something had slipped through the cracks. In the end we made it out unscathed, but it’s not something I’d ever want to try again, especially in today’s regulatory environment.

EMV Chips with No Service Dips

Regulatory Risks

As regulatory guidance has expanded the scope of regulations, risk and vendor management have grown more complicated. Enterprise risk management, business continuity planning, compliance, cyber security and vendor management all overlap—meaning many departments and employees are involved in these efforts.

In many cases they are all using the same shared spreadsheets, exposing the bank’s risk management program to serious risk. These risks include:

• Multiple versions. Each spreadsheet should have just one master version with all of the most current data to be effective. This is easier said than done. It just takes one employee to save the spreadsheet to her machine. Once she starts making changes to that document—instead of the master file—the master file is no longer accurate. Often there are multiple versions of the same spreadsheet kept throughout the bank—each with partially correct information. It can take hours to reconcile the different versions into one unified document again—if you even know how many copies exist.
• Limited tracking. When spreadsheets are on a shared drive, it’s easy to find out who last logged in and saved changes—it’s far more complicated to determine what changes were made. The bigger and more complicated the spreadsheet, the harder the changes are to find and understand. There are no logs of who recorded what and when they did it. It’s a tracking nightmare.
• No checks and balances. When managers assign tasks to staff, it’s not enough to know that a task was done—they need to document when it was done and that it was done correctly. A spreadsheet can’t automatically inform a manager a task was done. Nor can it show how the task was done or make it easy to audit the work. That leaves a huge burden for managers.

These are just a few of the ways spreadsheets can wreak havoc on your institution when they are used for out-sized tasks. Rather than rely on spreadsheets, it’s much smarter to adopt a structured system that enables multiple departments and employees to work collaboratively, track and log updates and tasks, and demonstrate due diligence.

Don’t be tricked by “free” spreadsheets—it’s a tool that can have high costs.

Related: Fintechs Lead the Way for Digital Transformation in Financial Institutions