News
End User Computing Risk Widely Recognised, Yet UK Organisations Lacking Controls to Mitigate Threats, New Survey Reveals
December 2016 by ClusterSeven
Findings of a new survey by ClusterSeven reveals that EUC risk is widely recognised by organisations in the UK and yet there’s only a small minority of businesses that are even imposing manual control policies to mitigate the emanating threats. The report entitled ‘The Spreadsheet is Here to Stay’, suggests that this is indeed surprising as EUCs are one of the key contributors of financial, regulatory, operational and reputational risk.
An overwhelming 88% of respondents acknowledge the risks posed by spreadsheets and other EUCs, but only 24% are enforcing manual controls and even a smaller minority are instituting automated checks to curtail the risks. Particularly in the financial services industry, nearly 57% of respondents rate ‘spreadsheet’ risk as a serious or very serious.
More than 60% of organisations are relying on spreadsheets for business critical data processes, which represents a significant amount of work taking place in an unmonitored and uncontrolled business environment. Furthermore, auditors (nearly 60%), regulators (40%) and risk and compliance professionals (nearly 45%) believe that this use of spreadsheets for business critical processes will increase over the next two years. Clearly, EUC applications are the preferred option for numerical manipulation and problem solving. This is despite the fact that financial and reputational loss due to EUC error is almost an expected outcome by organisations with early 50% of respondents expecting such an event to occur in the next two years.
Interestingly, 76% of organisations want to replace spreadsheets with a different type of business information management system, but 25% acknowledge that it is an unrealistic aspiration.
“The title of this report is very apt, spreadsheets are indeed here to stay,” commented Chris Gomersall, CEO of ClusterSeven. “Imperfect as spreadsheets and other EUCs might be, they offer users the flexibility and agility to speedily undertake complex calculations, produce reports and develop models to meet changing business needs. Rather than negligently risk loss, organisations are better off automating and adopting management processes so that EUCs and corporate systems can safely and securely co-exist to meet the needs of the users and business alike. The alternative – i.e. using EUCs uncontrolled – isn’t a business risk work taking as potentially the penalties could be crippling.”
This study was commissioned by ClusterSeven in 2016, surveying nearly 160 internal audit, finance, compliance and risk management professionals working in organisations across the UK.
