Financial services firms are too reliant on spreadsheets
for compliance monitoring and reporting, the Chartered Management
Institute has warned.
A CMI survey of 109 City compliance and operational risk
managers found that 71% of firms questioned rely on spreadsheets
for compliance monitoring.
A similar proportion use spreadsheets for reporting, despite
their lack of security and auditability, and the long history of
errors associated with using spreadsheets for consolidation.
The institute said this reliance on spreadsheets was a likely
contributor to the widespread lack of confidence it found in the
systems being used - none of the respondents described their
current systems as highly effective, and only 42% said they were
confident in the capability of systems to meet future changes.
Anthony Epstein, chairman of the operational risk forum at the
CMI, said, "The findings should act as a wake-up call to the City,
given the Financial Service Authority's approach of prosecuting
firms that cannot demonstrate adequate controls."
Survey respondents also highlighted the lack of resources made
available for operational risk and compliance, despite a generally
high level of boardroom awareness about such issues. Only 46% said
operational and compliance risks were adequately funded.
A similar proportion of compliance and operational risk managers
felt they were using reasonably good data and analytical tools to
support operational risk, but nearly all said they saw enormous
scope to improve operational risk management with technology.