Spreadsheets in Financial Services: The Last Mile (or Milewide Gap) in Risk Management
Rodney Nelsestuen
Financial Strategies & IT Investments
Many financial services institutions have literally thousands of spreadsheets in use with very little control over their use, quality, or content. The financial services industry as a whole must soon address the paradox that exists where sophisticated risk management data and analytics are entrusted to a variety of staff with a wide range of expertise, each using an unknown number of uncontrolled, ubiquitous, and important spreadsheets from which the institution makes critical business decisions. This Note should be read in conjunction with Research Note V62:05B, Spreadsheet Controls: Gaining Clarity in Technology Selection, in which a number of vendor solutions are reviewed.
Key Findings:
* Although spreadsheets are heavily deployed in supporting key business decisions in financial services institutions (FSIs), the quality control processes surrounding them remain limited.
* As regulations evolve, the need for efficiency, change control, audit trails, and quality monitoring functions for spreadsheets will drive FSIs to invest in one or more solution options.
* Because many errors have little impact on output, FSIs should conduct a careful review of their enterprise spreadsheet practices before investing in control software; doing so will maximize ROI.
* In managing risk, it is important to control those spreadsheets that have a fundamental impact on financial statements, risk management, or business decisions for which the stakes are high.
* The importance of the eight key categories of spreadsheet control varies based on a given spreadsheet’s criticality and the purpose of the control: risk management, operational performance, or compliance.
Global Stress Testing: Certain Mandate, Uncertain Value
Rodney Nelsestuen, Bob McDowall
Financial Strategies & IT Investments
The year 2009 saw the first open public demonstration of risks facing the financial services industry as global regulators required stress testing to a specific set of economic inputs. Standard scenarios driven by regulators are insufficient to any given firm, though. Leading FSIs are establishing or expanding their capabilities for stress testing and weaving it into the fabric of their business decision making. Global differences in stress testing requirements increase the likelihood that test results in one part of the industry will lack coordination with test results in other parts, begging the question of whether anyone has a clear view of systemic risks.
Key Findings:
* The UK Financial Services Authority (FSA) has staked out a leadership position that will make stress testing a core and coordinated part of business planning in financial services institutions (FSIs) in 2010 and beyond.
* US regulators have yet to designate a consistent framework for stress testing, leaving individual FSIs to their own biases as to the types and range of scenarios that should be included.
* The lack of a cohesive approach to stress testing puts US institutions at risk of myopic analysis that could miss systemic events that previously were considered unlikely but now have come to pass.
* Diversity in approaches to stress testing will impede the goal of a cohesive global approach to systemic risk management.
* Stress testing scenarios found in tail risk of statistical probabilities will be fundamental to sound risk management, and FSIs will need to lead not lag in looking at unlikely scenarios.
* Individual firms will have individual stress testing approaches that differ according to their lines of business and the risk inherent in those businesses.
