Comment by denimnerd42
5 years ago
problem as described to me is that excel starts being used for regulated processes and it's not well auditable, access controlled, changed controlled, tracked, etc etc. Then people need to implement the exact same process across departments and they're all using a separate excel sheet and they all submit different numbers. becomes a huge mess and so much more complicated and expensive systems become commissioned.
Fun story: I was at a bank that used Excel for everything. As you say, there came a complaint from the auditors that it's not well auditable, and there needed to be "a system".
Solution: the bank put together a system that constructs (from Excel templates and the bank trading data and market data) Excel spreadsheets from scratch every day, then used those for the calculations, and stored them. But now it was "a system", so all good.
Well you can audit the code that generates spreadsheets, which seems to solve the audit problem. Kind of like I prefer reading a Dockerfile that builds a program from the GitHub repo, rather than downloading a pre-compiled package I can't trust.
sounds like a great system. we have something similar where we put excel in and out but doesn't sound as slick as that. on top of the system there is access control, versioning and such. the data gets approved and then stored in the backend to feed the regulated process.
This describes what I've seen happen with Excel over and over again. I'm curious if the use of collaborative Google sheets could be a fix for this? Something where a portion of the sheet could be shared globally, but the rest of the document would be local to the instance working on it.
There's an excellent example of this phenomenon in the JPM "London Whale" report where -- at various points -- poorly maintained and validated spreadsheets appear as minor villains in a $6.2bn loss.
The jargon for this is "user-developed application," and auditors do keep an eye out for these. Banks, from what I've seen at least, typically have some process to document these as they come up, replace them with supported solutions, and retire them. At least, that's the "happy path," where people are willing and able to get all that done before a big-three auditor comes in and tears you a new one.