A move towards automated, rather than manual, checking of information and formulas contained in spreadsheets could save Irish firms embarrassing and costly mistakes, a leading consultant has advised. Computing errors, left unchecked, could potentially lead to incidents such as ‘rogue trader’ John Rusnak’s manipulation of a spreadsheet that cost the AIB subsidiary Allfirst Bank US$750m last year.
According to Patrick O’Beirne, an independent computer consultant and local operator for the European Spreadsheet Risks Interest Group (EUSPRIG), the majority of Irish firms that operate spreadsheets in mission critical working environments fail to automate their analysis and auditing of spreadsheets, relying on eyeballs rather than proven technology.
Failure by Allfirst to develop a US$10,000 spreadsheet that would accomplish a direct data drop from Reuters and eliminate the need to manually check rates gave John Rusnak the opportunity he needed to manipulate the weak control environment at the bank and commit one of the worst financial frauds in history.
“The Rusnak story is a perfect example of how things could slip through the net. There are half a dozen technology tools on the market that would have prevented this from happening. If any auditing had been done, the fraud would have been discovered,” O’Beirne added. He indicated that in most cases of firms auditing for Vat returns in spreadsheets, some 20pc of the files contained errors.
“People forget that in inputting information into a spreadsheet, they are in effect programming logic into the spreadsheet, and often this information is needed to provide a real-time picture of a firm’s turnover. People often don’t realise they are making mistakes, they re not trained to self-check and we are recommending that people acquire these tools and constantly check their work to reduce risks and losses,” O’Beirne told siliconrepublic.com.
Last month, Canadian electricity firm TransAlta Corp lost US$24m in earnings after a bidding error on a spreadsheet-powered online bidding system landed the firm more transmission hedging contracts from a New York based operator than it bargained for, at higher prices. The company’s computer spreadsheet contained mismatched bids for the contracts. The rules of the Independent System Operator did not allow for a reversal of the bids. “It was literally a cut-and-paste error in an Excel spreadsheet that we did not detect when we did our final sorting and ranking bids prior to submission”, said TransAlta’s CEO Steve Snyder.
On 24 and 25 July EUSPRIG, in association with the European Computer Driving Licence Foundation (ECDLF), the Irish Computer Society, KPMG Ireland and the Information Systems Audit and Control Association (ISACA) will be holding a conference at Trinity College to address the subject. The conference will feature numerous experts in this field as well as Dean Buckner, IT control specialist of the Banking Division in the Financial Services Authority (FSA) in London as well as industry researcher Ray Panko of the University of Hawaii. For more information go to www.eusprig.org.
By John Kennedy