Removing operational risk through comprehensive spreadsheet governance

Removing operational risk through comprehensive spreadsheet governance

By Chris Burke, CEO, EUCplus

Chris, can you please tell the Risk Insights readers a little bit about yourself and what your current professional focus is?

I am an experienced and dedicated transformational business leader with a passion for technology. Ten years ago I set up Brickendon Consulting with the aim of transforming the way management consultancies address challenges in the financial services industry. At the same time, acknowledging the increased appetite for technology-led solutions, I founded Brickendon Digital, an innovative and free-thinking software company from which EUCplus and HotDeskPlus have grown.

With nearly 30 years’ experience in the financial services sector, my goal is to increase efficiency, reduce risk and save our clients time and money by embracing advances in technology to improve IT systems and processes and increase the use of automation.

In addition to my CEO roles at Brickendon, EUCplus and HotDeskPlus, I also sit on the European Council for CPA Australia. I am honoured to have recently been recognised as one of the leaders tipped for great things in LDC’s Top 50 Most Ambitious Business Leaders campaign.

What, for you, are the benefits of attending a conference like the ‘New Generation Operational Risk: Europe’? What can attendees expect to learn from your session?

Understanding operational risk and learning ways to carefully and effectively manage it is critical for business success. The failure of people, processes or systems can be very costly from both a financial and reputational perspective.

My risk expertise lies in the area of end-user computing, and in particular spreadsheets. Working as both an accountant and a developer, I have spent a large part of the past decades reducing spreadsheet-related risk for clients. My experience in this area and a heightened awareness of the problems being encountered by many large institutions led to the development of EUCplus, an application providing an end-to-end process to remove the risks associated with spreadsheet use.

EUCplus takes what is traditionally an extremely labour-intensive, manually-handled task, and converts it into a straight-forward, intuitive process, which can be used across all levels of the organisation and implemented quickly (under six months for even the largest clients).

I am keen to share my knowledge with the conference attendees and to listen to, and learn from, the experiences of the other speakers.

In your opinion, how can we look to effectively perform systematic cross-analysis and why is this important?

One of the key challenges with spreadsheets is that nobody knows what they do until you open, analyse and generally spend vast amounts of time and money looking at them. Even the most security-conscious clients who have numerous sharepoint sites, access databases and excel spreadsheets to manage their data, are not able to produce any detailed cross-analysis.

EUCplus utilises big data to perform systematic cross-analysis of the entire population of business-critical spreadsheets and produce relevant heat maps and correlation matrixes. The benefits of this process are enormous. We are not only able to minimise the impact of IT architectural changes on key processes, but can also eliminate spreadsheets that have similar or complementary functions and reduce costs as processes are simplified and streamlined. This often removes the need for spreadsheets to be handled manually and therefore reduces the risk of human error.

What are the key considerations that need to be made when building an effective attestation framework?

When viewing the impact mis-reporting can have on an organisation through a financial, management or regulatory reporting lens, it is critical to take steps that minimise this risk and provide evidence that it has been done. Often, when auditors or regulators ask questions of organisations they want to see from the board level down that they can attest to the validity of their data and the subsequent reporting of this data. If the board is to have confidence, then this needs to be rolled out to all levels within the organisation to enable each division, region, team and individual to attest that they have confidence in both the process and content of what they have produced. This process can be extremely time consuming and costly to conduct on an annual, or more frequent, basis.

To make it effective, from both a process and cost perspective, we always advise clients that once set up, it should be a structured software-focused process that can be repeated easily. EUCplus uses automation, reducing the cost and effort of future attestations over subsequent years.

How can risk professionals use software to secure spreadsheets from accidental or malicious changes?

One of the key benefits of spreadsheets is that they are adaptive, flexible and can be put together very quickly without the need for any ‘hard’ programming skills. However, while this means that competent professionals, such as accountants or financial modelers can easily set them up, all this flexibility also creates a high level of risk that users may make unintended changes. In addition, if relied upon without controls, spreadsheets are open to manipulation.

Securing spreadsheets in a structured, repeatable and searchable way is extremely complex and time consuming and requires a high level of IT literacy. However, with the right tool, spreadsheets can be secured, and the above risks can be minimised, if not eliminated.

EUCplus was developed to address these challenges. It takes this incredibly complex task and enables the most junior member of your team to register, scan and secure all of their business-critical spreadsheets, ensuring your information is safe, traceable and accurate.

Looking ahead, what operational / emerging risk do you think will keep people up at night?

The greatest challenge facing organisations from an operational risk perspective is how to deal with the speed at which technology, and to a lesser extent regulation, is changing. Organisations need to adapt to the changing landscape and ensure that their people, processes and systems are both efficient and current. Both technology and regulation can rapidly make processes and systems out-of-date and people’s skills obsolete.

Many organisations struggle with technological change because they fail to identify all the activities carried out in a particular business area and ensure they are transferred to the new IT system.

One of the key benefits of EUCplus is that it provides a view across all spreadsheets, enabling organisations to see what activities and processes have been carried out outside of their core IT systems. It also identifies which activities are duplicated. This enables these to either be included in new system builds, streamlined or if necessary, eliminated. In all cases, it also assists with reducing the risk of large-scale IT programmes and helps speed up the rate at which organisations can adapt to the changing world.


Will you be joining us?

Make your free account
You will have access to our latest technology focused magazine, webinars and more…

become-a-risk-insights-member-banner-1