Financial services firms are too reliant on spreadsheets for compliance monitoring and reporting, the Chartered Management Institute has warned.
A CMI survey of 109 City compliance and operational risk managers found that 71% of firms questioned rely on spreadsheets for compliance monitoring.
A similar proportion use spreadsheets for reporting, despite their lack of security and auditability, and the long history of errors associated with using spreadsheets for consolidation.
The institute said this reliance on spreadsheets was a likely contributor to the widespread lack of confidence it found in the systems being used - none of the respondents described their current systems as highly effective, and only 42% said they were confident in the capability of systems to meet future changes.
Anthony Epstein, chairman of the operational risk forum at the CMI, said, "The findings should act as a wake-up call to the City, given the Financial Service Authority's approach of prosecuting firms that cannot demonstrate adequate controls."
Survey respondents also highlighted the lack of resources made available for operational risk and compliance, despite a generally high level of boardroom awareness about such issues. Only 46% said operational and compliance risks were adequately funded.
A similar proportion of compliance and operational risk managers felt they were using reasonably good data and analytical tools to support operational risk, but nearly all said they saw enormous scope to improve operational risk management with technology.