| |
| |
 |
| |
 Our system is the complete
solution for pricing and
structuring specialized
assets with Basel II compliance. |
 |
| |
 |
| |
The SFS System is live on
over $100 Bn of CRE assets
in over 20 countries. |
|
| |
 |
| |
Cashflow models for
infrastructure projects are
embedded in the system for
automatic risk analysis. |
|
| |
 |
| |
Advanced analytics
in a complete enterprise-level
IT solution. |
|
|
|
|
Our Solution
The Risk Integrated Enterprise Spreadsheet Platform (ESP) helps banks avoid the typical sources of spreadsheet risk by centralizing the frequently used spreadsheets within a rock-solid enterprise solution. ESP is a new approach to the near-elimination of spreadsheet risk in the enterprise computing environment that still maintains the full flexibility of spreadsheets for modelling complex financial structures and processes. If your company already uses complex models that are spreadsheet based, but are trying to figure out how to make them run enterprise-wide and connect to your banking systems, our technology can help. ESP keeps the best of spreadsheets—their flexibility—and the best of fully integrated systems. ESP turns spreadsheets into real applications. Please view the short ESP video to see the system in action, see our press and publications pages, or contact us at ESP@RiskIntegrated.com to learn more..
The Problem of Spreadsheet Risk
Today most banks already have established sets of rules, standards and controls over their accounting systems and many of the databases they access. However controls have not yet been put into place in many institutions for their smaller systems such as spreadsheets. Spreadsheet risk is the danger that errors in such a common business tool as spreadsheets can lead to material losses. The lack of internal control and audit reporting is now being addressed in the U.S. in response to the Sarbanes-Oxley Act of 2002 banking regulation and the operating risk section of Basel II.
The problem with spreadsheets is that they are being built in general by nonprogrammers. In fact, they are built mainly by users who are self-taught. Errors creep into formulas, via formatting, or through links to other spreadsheets. Most are due to negligence but a few to fraud. There are not thorough procedures used to check the accuracy of the spreadsheets or to test multiple runs of data through them as would be done in conventional programming.
Magnitude of Spreadsheet Risk Losses
There are numerous stories in the press about how errors in spreadsheets have cost companies a lot of money and credibility. EuSpRIG, the European Spreadsheet Risk Interest Group, in the U.K. keeps track of them. The table below details how Risk Integrated’s ESP could have helped the company avoid their loss:
Date |
Description |
ESP Solution |
November 2005 |
The Australian bank, Westpac, was forced to halt trading on its shares and deliver its annual profit briefing a day early after it accidentally sent its results by email to research analysts. Details of the $2.8 billion record profit result for the 12 months ending 30 Sep 05 were embedded in a template of last year's results and were accessible with minor manipulation of the spreadsheet.
|
The ESP solution has completely separable and customizable outputs. Results never have to be sent in complete spreadsheet form so private formulas, calculations, and numbers remain that way. |
June
2005 |
Natural gas consumers sued Dominion Transmission over a clerical error. A Federal Energy Regulatory Commission investigation found that the subsidiary of Virginia-based Dominion Resources Inc. submitted the wrong week's gas storage figures in November, leading to an artificial inflation of natural gas prices. The lawsuit estimates that consumer prices were hiked by between $200 million-$1 billion. "The investigation concluded that it was not deliberate, but when I hear the words clerical error, I think of negligence," said the plaintiff's attorney.
One explanation for the error was that the company had used the same computer file name for each week's storage balance spreadsheet report, making it easy for the wrong one to be sent. |
Instead of keeping a single file on a computer for storage information, that storage information could have been fed in from an external system, and weekly reports could have been generated from the spreadsheet, timestamped along with the data that was fed in, and reported on.
|
| 29 March 2005 |
Shares of RedEnvelope Inc. tumbled more than 25% after the online retailer of specialty gifts drastically reduced its fourth-quarter outlook and said its chief financial officer will resign in April. Stanford Group analyst Rebecca Jones Kujawa said in an interview. "...they were underestimating the cost of goods sold....it is likely CFO Eric Wong is being pushed out because of this error, which could demonstrate a material weakness in controls over financial reporting, an issue that usually leads to a lengthy review of accounting practices. RedEnvelope spokeswoman Jordan Goldstein said the budgeting error was simply due to a number mis-recorded in one cell of a spreadsheet that then threw off the cost forecast. |
With the ESP solution, there is no longer the concept of the wrong spreadsheet cell. Each data that is input is tagged with a descriptive name, and will always go into the correct cell because the system, not the user, is populating the data. |
| 3 June 2003 |
TransAlta Corp. said on Tuesday it will take a $24 million charge to earnings after a bidding snafu landed it more U.S. power transmission hedging contracts than it bargained for, at higher prices than it wanted to pay. The company's computer spreadsheet contained mismatched bids for the contracts, it said. "It was literally a cut-and-paste error in an Excel spreadsheet that we did not detect when we did our final sorting and ranking bids prior to submission.” |
The ESP solution separates the underlying Excel spreadsheet from the user. There is no cutting or pasting, each input is placed into the cell where it is supposed to go, and each input is given a descriptive name. Various outputs could have also then been examined to make sure there was no error in the calculations. |
| 2001 |
Allfirst, a subsidiary of Allied Irish Bank, “Would not pay the $10,000 for a direct data feed from Reuters to the risk control section”. Instead, they got John Rusnak to download his Reuters feed into a spreadsheet. He then substituted links to his private manipulated spreadsheet. The total losses hidden by the fraud were almost $700 million. |
With the ESP, only privileged users may load spreadsheets onto the system. Each one of these spreadsheets is traceable and auditable. The Reuters feed could also have been made an automatic link into the system, therefore avoiding the issue with a user manipulating the data before it got into the spreadsheet. With the spreadsheet safely stored away on a remote server, a user can never insert links to a private manipulated spreadsheet. |
|
Source: www.eusprig.org/stories.htm
New Regulation Driving Public Companies
Sarbanes-Oxley Act of 2002
Sarbanes-Oxley (SOX) was introduced by the SEC to protect the public from accounting error and fraud in the wake of the Enron, WorldCom, and Arthur Andersen scandals. For one, it demands companies to archive for five years all business records including electronic records and emails. Additionally, each company's external auditors are required to audit and report on the internal control reports of management, submitting an annual report of the effectiveness of their internal accounting controls to the SEC. This affects public U.S. companies and non-U.S. companies with a U.S. presence.
These are the main sections of SOX which public companies are grappling with:
Section of SOX |
Significance |
|
CEO and CFO are directly responsible for the accuracy, documentation and submission of all financial reports as well as the internal control structure to the SEC. |
| |
All annual financial reports must include an internal control report stating that management is responsible for an "adequate" internal control structure, and an assessment by management of the effectiveness of the control structure. |
409 |
Companies are required to disclose, on an almost real-time basis, information concerning material changes in its financial condition or operations. |
902 |
Covers attempts and conspiracies to commit fraud offenses. |
All applicable companies must establish a financial accounting framework that can generate financial reports that are readily verifiable with traceable source data. This source data must remain intact and cannot undergo undocumented revisions. In addition, any revisions to financial or accounting software must be fully documented as to what was changed, why, by whom and when. This means that every version of a spreadsheet a bank sends to a client must be carefully controlled, checked for error, saved, documented and be retrievable.
Basel II Operational Risk
Basel II defines operational risk as the risk of loss resulting from inadequate or failed internal processes, people or systems, or from external events. In the U.S. , advanced measurement approaches are being approved by the government which factor in operational risk into the calculation of total capital requirements. The more effective a bank’s internal operational risk management system is, the less money it needs to set aside in reserve. A bank needs to able to measure the risk and manage it with tools sensitive enough to analyze all internal and external data and perform scenario analysis. They also need to take into account any mitigating factors, such as insurance coverage. Central to Basel II compliance, and to a bank’s ability to ultimately drive down its capital requirements, is the need to create a so-called “risk culture,” one that recognizes there are many consequences for failing to handle information correctly.
|
|
