CIS7014: Analysis of Spreadsheet Errors and EUC Risk Management at CCI

Verified

Added on 2022/09/09

AI Summary

This report analyzes the risks associated with spreadsheet use within Cymru Capital Investments (CCI), a mid-sized investment bank. CCI heavily relies on spreadsheets for underwriting activities, including expense accounting, data storage, risk assessment, and financial modeling, despite the lack of formal testing and documentation. The report identifies key risks such as system crashes, data loss, data decentralization, lack of data integrity, and non-compliance with EUC policies. The report emphasizes the importance of understanding and managing spreadsheet errors, especially the role of EUC risk, and discusses the impact on CCI's operations and potential legal issues. The report provides a comprehensive overview of the risks associated with CCI's current practices and underscores the need for improved risk management strategies.

Running head: SPREADSHEET ERRORS 1
Spreadsheet Errors and How They Can be Minimized
Name
Institution

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

SPREADSHEET ERROR AND ROLE OF EUC 2
Spreadsheet Error and Role of EUC in Organizations
Background
Cymru Capital Investments (CCI) is a mid-sized investment bank, with offices
throughout Europe and the United States. So far, the company has employed 20,000 people,
whose core role is to underwrite securities, e.g. shares and bonds, from other financial
corporations as well as the state. The company also engages in active trading of derivatives,
foreign exchange, and other commodities, thus recording profits as high as $2.9 billion, as at the
end of the last financial year. Just like other typical financial institutions, CCI has incorporated
two formal systems to help with its underwriting activities, namely ‘Deal Capture System’ and
‘Aladdin Model Builder’. Nonetheless, it was recently discovered, during an internal audit, that
the bank’s employees frequently used the MS Excel spreadsheets for execution of majority of
their underwriting tasks, e.g. expense accounting, data storage for their clientele contact
information, critical decision making on security risks, resource planning, and financial
modelling among other administration activities. The internal audit also revealed that the
spreadsheets developed had not undergone testing or formal documentation. Worse still, the
heads of departments disclosed that they had a lean understanding of how spreadsheets function,
hence could not confidently conclude that the information derived from the spreadsheets was
thoroughly accurate. Instead, the heads of departments admitted that they merely signed off the
EUC policy documentation, which stipulates that it is the duty of HoDs to declare that the
information held in the spreadsheets is accurate, in good faith. From the information given
above, it is evident that CCI might be putting itself at great risk with regards to underwriting

SPREADSHEET ERROR AND ROLE OF EUC 3
securities, thanks to its heavy reliance on spreadsheets, and the lack of surety of the HoDs
regarding the accuracy of the information obtained. For this reason, the auditors reported their
concerns to the senior management team, who have, in turn, requested a report outlining the risks
to CCI and a pragmatic approach to managing the risks to which the bank is exposed.
Task 1
The purpose of Task 1 is to outline the risks associated with spreadsheet use and relate
this to CCI’s spreadsheet activities and practices. The section shall also highlight the specific
risks CCI faces and comment on any poor practice evident.
As earlier stated, CCI is a mid-sized investment bank, whose core business purpose is to
purchase and underwrite securities, such as shares and bonds, from other financial entities and
the government. To perform these tasks, a financial platform is required for purposes of
accounting and computation of voluminous numerical data in order to assess a client’s cash flow
analysis, credit worthiness, and loan portfolio risk factors (Anderson, Mostert, & Mostert, 2014).
The MS Excel spreadsheets suffice as the ideal financial platform with which to perform these
underwriting computations; since the spreadsheets application is fitted with built-in arithmetic
and mathematical functions, as well as logic, financial, and statistical operations, which enable
the end-user to conduct any math-related tasks in the infinite rows and columns. For this reason,
many underwriters, accountants, and financial experts regularly resort to the MS Excel
spreadsheets as their main operations program.
1.1. Benefits of Using Spreadsheets
As Bralow (2016) explains, there are several reasons why many individuals prefer using
spreadsheets for their computation activities, as opposed to other programs. To begin with, the
program, spreadsheets, is simple to use and increasingly flexible. Spreadsheets contains a

SPREADSHEET ERROR AND ROLE OF EUC 4
multifold of features that eases the computation process of tabular data (Data Science, 2019).
The application contains built-in formulas and statistical operations, charts, data tools, and data
analysis capabilities, thus enabling the end-user to perform quick automated calculations and
analysis on data given. Also, the program is designed using a user-friendly concept, hence is
interactive and easy to learn. Actually, Locsin (2019) states that end-users of the application are
longtime consumers of the product, since their days in high school and college, hence are well
accustomed to the ins and outs of the program prior to entering the workforce. The ease of use
and familiarity with the program is clearly evident in the case of the CCI’s employees, who when
questioned, reported that they prefer using spreadsheets, as opposed to the two formal systems
incorporated in the company, namely Aladdin model builder and Deal capture system. They
further justified their preference for spreadsheets, claiming that the spreadsheet software is
simple, flexible, and easy to use, hence making it the primary means of calculating risk levels,
pricing levels, brokering deals, negotiations. The reliance on spreadsheets in CCI is so pervasive
that the report by the internal audit reported an excess of 50,000 operational spreadsheets across
the organization, which range from trivial expenses claims through to complex financial
spreadsheet models.
1.2 Risks and Disadvantages of Using Spreadsheets
1.2.1 Potential System Crashes and Data Loss
In as much as spreadsheets have their distinct benefits in a company, Weedmark (2019)
asserts that the application is not the optimal platform for performing large volumes of
accounting or underwriting data or decision making. Several reasons justify this statement. To
start with, spreadsheets is configured to compute small volumes of data, and not large volumes,
hence is ill-equipped to incorporate or consolidate all the input entities of underwriting data

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

SPREADSHEET ERROR AND ROLE OF EUC 5
(Hazell, 2019). For example, when underwriting a stock or bond, an underwriter is required to
carry out an appropriate global cash flow analysis of the issuer of the security, hence is expected
to examine the number of partnerships, corporate tax returns, business financial statements, K-1
forms, and individual tax filings of the clientele (Chovancak, 2013). Efforts to incorporate all
this data into one spreadsheet will overwhelm the computing ability of the application, since
spreadsheets is not designed to hold such large volumes of data. In CCI’s case, the heavy usage
of spreadsheets in consolidating the aforementioned cash flow analysis is a potential source of a
crash of the spreadsheets system, due to overloads and wrongful usage of the program (Hazell,
2019). A software crash would definitely lead to data loss, which would generate adversities in
the company’s financial health, due to expenditure of funds for data recovery, not to mention the
lost time and damaged image reputation.
1.2.2 Data Decentralization and Lack of Consolidation
In addition to being ill-equipped for underwriting tasks, spreadsheets also fall short of
data centralization and consolidation. According to Tennet & Friend (2011), spreadsheets
(including MS Excel spreadsheets, OpenOffice, and Google Suite) are designed for use on
personal computers, and not servers or networks. Database technologies, on the other hand, (e.g.
Oracle, SQL server, and Microsoft Access) are basically installed on main servers and connected
to several networks, for purposes of information access (Weedmark, 2019). Thus, the
personalized nature of spreadsheets makes it difficult for users to store data in a centralized
space, or even access it, unlike databases where data can easily be retrieved, and used as need be,
thanks to storage of data on servers and network access (Mallach, 2011). The limitation of data
centralization by spreadsheets makes it increasingly difficult for underwriters to make vital
decisions regarding whether or not to undertake the risk of a given security (Carysforth & Neild,

SPREADSHEET ERROR AND ROLE OF EUC 6
2010). To make such decisions, it is important for the underwriters and any other officers to be
able to easily retrieve data from a centralized source, in order to quickly assess it, and make
reasonable judgements. However, with spreadsheets, there is no ease of access of data since the
storage of information is decentralized (Marr, 2010). Decentralization means that different files
and bits of information, for example the financial statements, individual tax returns, corporate tax
documentation, and partnership records, are contained in different working stations. Therefore,
in order for one officer to access a specific file, he or she has to make a request to the user
manning that file to send it to him or her via email or any other method of exchange. As the
Chartered Institute of Management Accountants (2011) reiterate, the need to have to send and
receive files via email cripples the decision making process of the personnel at CCI, more so if
the employees work in different offices, separated by long geographical distances. The reason for
this is because communication over such long distances may be slow, due to various hurdles
such as employee unavailability, time constraints, and even poor correspondence or orders
issued.
1.2.3 Lack of Data Integrity
The third risk associated with using spreadsheets is the lack of data integrity. As earlier
stated, spreadsheets, unlike database technologies, are designed for use on personal computers.
Because of this reason, end users can easily change units of data in the various spreadsheet files
they are working on, without being detected (Mallach (2011), Supposing one staff member sends
a file, containing correct data input, to another staff member for reference purposes or decision
making, the second individual may decide to tamper with the file and edit certain data values
within the file. If such changes are made, no one will be able to detect these dubious acts, since
spreadsheets do not have any means of preventing unauthorized data edits (Nickerson, 2011).

SPREADSHEET ERROR AND ROLE OF EUC 7
The result is inaccurate data files and client information for the organization at large. Worse still,
if the spreadsheet file contained any calculations, and then an inadvertent edit is made - for
example, if a comma or different formula is added - all the data in the adjacent cells may become
invalid, since one formula may have been copied throughout all the cells.
Many companies are aware of the data integrity issue when it comes to the use of
spreadsheets, and, therefore, put measures to prevent against it (Weedmark, 2019). According to
Turner (2019), the most common measure that is adopted amongst many firms and organizations
is the End-User Computing (EUC) risk. The EUC risk encompasses the flaws that may ensue
following the improper usage of end-user systems or applications (Lee, 2016). Spreadsheets is
clearly an end-user application and, therefore, is highly susceptible to improper usage or
handling by end-users, such as unauthorized data access and edits, erroneous data input,
duplication of values, data losses and corruption, system crashes, and viruses. Emergence of
EUC risks in an organization equals defective data and subsequent breakdown in operations.
1.2.4 Non-Compliance with the EUC Policy and Potential Legal Suits
To prevent manifestation of EUC risks, firms incorporate EUC policies and regulations
set out by the relevant governing body. CCI, for example, has integrated a EUC policy to help
maintain data integrity, as sanctioned by the U.S. Sarbanes Oxley Act of 2007 (Verleun,
Sotiropoulos, & Vasileiou, 2011). The EUC policy scans for existence, or lack thereof, of EUC
systems in an organization, after which it demands the HoDs to keenly examine these systems
and declare whether the information stored in the EUCs is accurate and authentic. If yes, then the
HoDs should append their signatures on the EUC documentation to demonstrate their approval
of the information as factual and truthful (Verleun et al., 2011). If not, then further investigation
should be made to establish the cause of the inaccuracies, and amendments made. While this is

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

SPREADSHEET ERROR AND ROLE OF EUC 8
the procedure expected by the EUC policy, apparently, the CCI’s HoDs do not completely follow
these regulations. When questioned if they examine the systems to approve of their accuracy, or
lack thereof, the HoDs responded they had a limited understanding of how spreadsheets function
as well as how they are utilized in the firm. Their inadequate expertise thus hinders them from
objectively establishing the precision and authenticity of the information developed and stored in
the EUC systems, despite there being over 50,000 operational spreadsheets. Instead, the CCI’s
HoDs reported that they just sign the EUC policy as a symbol of formality and in good faith, as
they are confident that the actuaries are trustworthy and honest. Clearly, the revelation by the
HoDs signifies increased risk of non-authentic work, since limited efforts are made to examine
the information held in the EUC systems. CCI might be at a great risk of non-compliance of the
U.S. Sarbanes Oxley Act of 2007 to always adhere to the EUC policy, and may suffer grave legal
consequences, which will render the company bankrupt (Panko & Port, 2015). Further than the
legal suits which may ensue, the company is also risking severe damages on their public image
and reputation as well as their liquidity, since inaccurate information may adversely impact their
decision-making with regards to underwriting bad, or under-performing, securities.
Task 2
The purpose of Task 2 is to suggest, or recommend, a new approach to managing CCI’s
spreadsheets risk. You are free to adopt any approach you see fit with the exception of removing
spreadsheet use from CCI completely (Your approach should take into account the fact that CCI
has some 50,000 operational spreadsheets)
As discussed in Task 1 above, CCI is exposing itself to serious risks through its extreme
reliance on spreadsheets for their underwriting activities. The risks mentioned above range from
data loss through system crashes, decentralization of information, and insufficient data integrity,

SPREADSHEET ERROR AND ROLE OF EUC 9
bad public image and reputation, non-compliance with the U.S. Sarbanes Oxley Act of 2007,
bankruptcy, and grave financial losses. To counteract these risks, it is, thus, prudent to identify a
feasible approach to reduce, or mitigate, these occurrences.
Considering the reasons given by both the employees and the HoDs as to why they prefer
using spreadsheets rather than the ‘Deal Capture System’ and the ‘Aladdin Model Builder’, the
most ideal solution to alleviate the aforementioned risks would be to reinforce employee training
programs at CCI. Employee training programs encompass schemes that enable work personnel
gain specific awareness, skills, and expertise regarding a particular role or responsibility
(Maimuna & Fard, 2013). As Waheed (2011) stresses, employee training is an increasingly
crucial need in organizations to further enhance employee growth and development, better work
engagement and motivation, skills mastery, competency, and professional learning. The benefits
of employee training programs are multifold, with the major ones being increased employee
satisfaction in their roles, which in turn reduces employee turnover as well as escalates the
overall organizational productivity.
As Khawaja and Nadeem (2013) state, if employees are unable to efficiently operate a
recently integrated technology solution in an organization, then definitely the entity’s production
gains and employee motivation will be adversely impacted, just like is at CCI. The need for
employee training reinforcement at CCI is evident, judging by the reports given by the HoDs,
who confided that they had a limited understanding and expertise in spreadsheets and databases,
hence the reason why they were unable to objectively establish if the EUC systems were accurate
or not. Also, the staff personnel, as well, need the training programs since they also claimed that
they did not know how to use the ‘Deal Capture System’ as well as the ‘Aladdin Model Builder’.
They said that they found both systems inflexible, slow, and restrictive as they lack the ability to

SPREADSHEET ERROR AND ROLE OF EUC
10
define the model in great detail and requires extensive re-configuration to be kept up to date with
changing commercial conditions.
Contrary to the opinion of the employees above, the ‘Deal Capture System’ and the
‘Aladdin Model Builder’ platforms are very flexible and competent with regards to underwriting,
insurance, and risk management objectives. As Mveku (2018) states, both these platforms are far
more effective, with regards to underwriting objectives, as compared to spreadsheets. The ‘Deal
Capture System’ is a regulatory requirement of the FSA that allows the CCI to make a formal
record of the details of all deals brokered by the bank including the correspondence between the
bank and the client whilst the deal was negotiated. This system is designed to be live so that the
bank has a real time view on deals progressing at any one time. Aladdin, on the other hand, is a
model building tool that calculates the risk of a deal based on variables input into the system
(Aladdin, 2019). Once the user has collected the relevant data, Aladdin gives an indication of the
risk levels CCI exposes themselves to with each investment. The advantages of both these
platforms over spreadsheets are illustrated below:
 Insurance technologies: Both platforms are built with insurance technologies, meaning
they are specially designed to handle underwriting, insurance, and risk management tasks
(Dunn, 2018; Aladdin, 2019). Unlike spreadsheets, which are configured for simple
arithmetic computations, the Aladdin and Deal capture systems are specifically devoted
to carry out underwriting-related tasks, such as generating and accepting quotes;
formulating policy schedules; claims submission; and cash flow analysis (Mveku, 2018).
Both software are very innovative and allow the automation and optimization of data
mining internal procedures that make risk management and decision making easy to do.
Critical tasks such as an undertaking of a merger & acquisition (M&A), equity research,

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

SPREADSHEET ERROR AND ROLE OF EUC
11
accretion/ dilution analysis, asset management, pricing of fiscal instruments, and sales
and trading require powerful software, and the Deal Capture system and the Aladdin
builder are just the right fit for these roles. Also, the platforms have incorporated
architecture/ technologies, which can be further customized to fit an organization’s
specific needs, hence improved scaling of operations and better work performance. Real-time execution: Both Aladdin and Deal capture systems run on real-time computing
applications, which means that they execute commands and process data in present time,
and give back the desired results (Dunn, 2018). Real-time computing in underwriting and
insurance is increasingly important, due to the need for prompt decision making and
instant communication (Aladdin, 2019). Actuaries in an investment bank often need to
appraise the financial feasibility and risk levels of securities, and make quick judgements
on whether to insure them or not. Vital services such as pre-underwriting counseling,
debt financing, dissemination of securities purchased, and publishing of prospectus
require in-depth assessment of huge sets of data and materialization of invaluable advice
as well as rich business insights (Mveku, 2018). To achieve the aforementioned
objectives, there is an acute need for real-time execution of data. The staff can feed in
raw data in the real-time computing applications and receive solutions that make great
business sense. In addition to this, real-time computing is also a great benefit for any
organization, more so transnational firms which have offices in different towns and cities.
Officers in different geographical regions can easily communicate with each other and
work in unison, since they can log onto the applications and view the data processes in
real time and make decisions together. Spreadsheets, on the other hand, is incapable of

SPREADSHEET ERROR AND ROLE OF EUC
12
real-time execution, hence communication is limited as well as decision-making
competency.
Clearly, the Deal Capture System and Aladdin Model Builder are adept platforms for use
at CCI, and should be incorporated more into the firm’s operations than currently is. There is,
therefore, a dire need to fortify the employee training for this new software, as previously
mentioned. The training should be implemented to ensure full incorporation and a smooth
manipulation of these systems (Culture IQ, 2019). CCI’s management team should formulate a
change management plan whose core focus is employee training. Once organized, all the work
personnel should be required to make regular attendance. Nassazi (2013), however, cautions that
the old staffs might be reluctant to attend training since they may argue that they are already
familiar with the current frameworks and systems in the organization. Thus, the people in charge
of the training must identify feasible strategies with which to work in unison with everyone, the
old staffs included, and embrace them in a shrewd manner (Abeba, Mesele, & Lemessa, 2015).
Failure to this, the old personnel might become averse to the change management plan and
completely resist utilizing the new technologies.
According to Oluwaseun (2018), for the training program to be a success, the trainers
must ensure that they tailor the sessions to suit the needs of each individual band tackle the
underlying issues. For example, the heads of department may require more formal interactions
during the coaching sessions, due to their positions in the organization. Also, since they are
fewer in number compared to the rest of the employees, they may require a one-on-one tutelage
to help them understand more about how to work with spreadsheets and databases. Their training
materials might also be a bit more in-depth than the other employees, since they need to acquire
a vast knowledge of the systems at use in each of their departments, in order to make calculated