Excel spreadsheets are increasingly accepted as a core medium for corporate data despite many years of treasuries, chief financial officers (CFOs) and others seeking to downplay their role in favour of ‘off the shelf’ software packages. In recent years there has been a push for corporations to migrate from spreadsheet-based tax calculation and reporting to these packaged software suites. However, the truth is that treasuries, corporate tax departments and other business units still depend heavily on spreadsheet-based processes for data collection, manipulation and computations.
For corporations that have looked to use alternative data systems, migration to tax software has created or exposed additional issues:
- Tax-sensitised information must still be gathered in spreadsheets from multiple legal entities.
- Standard tax software covers the main tax statutes of key jurisdictions; it does not cover many countries. Nor does it address the issues of specific business sectors – for example, generally accepted accounting principles (GAAP) to statutory rules to tax; US Federal Energy Regulatory Commission (FERC) reporting duties, Statement of Statutory Accounting Principles (SSAP) 10R, etc. While customisation can solve these problems it can be very expensive to implement and maintain.
- Not all calculations are covered within standard tax software – for example, tax basis balance sheet, journal entries, depreciation reports, 10k disclosure, etc.
The result is that many businesses now use a mix of both Excel spreadsheets and packaged tax software suites to complete the full tax cycle. This means that the original objectives for the tax software have only been partially met – leaving gaps in governance and risk, with control dependent on inefficient manual workarounds. This could expose corporations and treasuries to financial risk.
In this context stubborn spreadsheet usage, firms have to contend with the continued risk of spreadsheet errors. The processes for data input and data management often lack controls and pose significant financial and reputational risks for corporations.
Growing Awareness by Regulators
Weaknesses in data management and the use of spreadsheets have begun to catch the attention of market regulators, especially over the past 12 months. There is a clear rise in momentum: particularly in the financial services space, regulators are now beginning to understand the role spreadsheets play, and the inherent risks that can follow from poor spreadsheet controls.
The Switzerland-based Basel Committee on Banking Supervision (BCBS) recently made it clear, for instance, that when relying on manual processes, desktop applications or key internal data flow systems such as spreadsheets, organisations should have effective controls in place that are consistently applied to manage risks around incorrect, false or even fraudulent data. This is the first time that spreadsheet management has ever been specifically referenced at such a high level, a watermark in the approach to spreadsheet risk.
The challenge is how to bring the same levels of data governance, risk management and efficiency to those spreadsheet operations that have not been eliminated by the introduction of standardised corporate taxation software. The complexity of many firms’ tax affairs puts extra pressure on spreadsheets and the people that use them, so this is a real issue of concern.
Tax data manipulation and aggregation is typically spread across Excel files, CSV extracts and access databases, which is often now called end user computing (EUC) – almost all of which do not appear in formal IT architecture maps. With the new post-crash focus on compliance and reporting by regulators and wider market pressures, all of these manual activities must now be documented and demonstrably robust. This requires the ability to locate and audit the activity taking place in multiple EUC files.
A Better Way
There is a better way for corporate tax departments to manage data requirements and their firm’s huge estate of spreadsheets: they can automate all their manual checks and reconciliations.
The automation of all the manual checks that employees would otherwise conduct not only saves the time of expensive employees, it can also be done on a far more regularly and consistent basis. Some checks require no input from the business, such as alerting the appearance of cell errors. Other risk procedures and checks require more attention, such as alerts about static data which has not been changed and dynamic data which has, such as foreign exchange (FX) values.
Looking ahead into the near future, it is not alien to think that the defence of misunderstanding, ignorance or denial will no longer be deemed acceptable by global regulators and authorities. Ensuring good quality data management, archiving and reporting is fundamental to the success of businesses, and in the current business environment, this is more important than ever.
Many banks around the world, large and small, continue to experience major security failures. Biometric systems such as pay-by-selfie, iris scanners and vein pattern authentication can help.
The implementation date of Europe's revised Markets in Financial Instruments Directive, aka MiFID II, is fast approaching. Yet evidence suggests that awareness about the impact of Brexit on MiFID II is, at best, only patchy and there are some alarming misconceptions.
Banks might feel justified in victim blaming when fraud occurs, but it does little for customer confidence.
Politicians have united in urging the Reserve Bank of Australia to lend its backing to the digital currency by officially recognising it.