Companies are exposing themselves to financial and reputational risk by overlooking the vulnerabilities in spreadsheets, according to survey results released on Wednesday by Forrester Consulting and Incisive Software.

In a survey of manager-level and above personnel at 170 midsize and large North American businesses, Forrester found that more than a third of respondents believed spreadsheet risk was not a priority in their organizations and nearly a third (32%) said that while they recognized the risk in spreadsheets, executive management did not.

“[Spreadsheet] risk is real — and many frontline workers recognize this,” according to the report accompanying the survey. “[But] C-level executives are making decisions based on [spreadsheet] data assumed to be accurate, but that can contain errors.”

While Excel, for example, has some protections, it is weak on content security and offers no location security. “While Excel does provide worksheet and workbook password-based protection, cell locking and hiding of formulas, and password protection of macros and add-ins, the level of protection provided is relatively low, provides a first-line-of-defense only, and can all be broken fairly easily,” according to the Spreadsheet Sentry website.

The Forrester survey also found, perhaps most importantly, that half of the managers believed their organizations had too many spreadsheets to even begin to manage them. Almost a third of respondents noted that their organizations use more than 10,000 spreadsheets on a regular basis.

A little more than a quarter of respondents (28%) said they were “very” or “mildly” concerned and working to change their organizations’ approach to managing the risks inherent in using spreadsheets. But 30% with similar concern levels said they were not in a position to change things. Another 11% were not sure how to proceed with trying to mitigate spreadsheet risks.

The study, conducted in March, also confirmed that spreadsheets are still widely used for critical business tasks:

  • Nearly 50% of companies still rely on spreadsheets alone to do their auditing and controls;
  • More than 35% of finance and accounting departments regularly use spreadsheets to fuel their decision making;
  • About 3 in 10 operations departments (including sales operations and marketing operations) rely on spreadsheets; and
  • Nearly one in five governance, risk, and compliance professionals depend on spreadsheet accuracy.

“Excel is a powerful tool, and as this research proves, its use is prevalent across all areas and levels of every organization,” said Diane Robinette, CEO of Incisive Software. “Asking employees to stop using Excel is not the answer, nor is turning a blind eye.”

, ,

3 responses to “Spreadsheet Risks Still Being Ignored by C-Suite: Study”

  1. Great question Michael. Businesses must acknowledge the risk and raise their standards on what they expect out of their spreadsheet risk management programs. Modernizing these programs with spreadsheet risk management technology will greatly mitigate risks.

  2. There are a couple of really good solutions out there – from direct spreadsheet remediation right up to server level scanning and monitoring/change control. The first step is to get an Inventory, so at least the business knows the files that contain the biggest risk.

Leave a Reply

Your email address will not be published. Required fields are marked *