This series of articles will give you an overview of how to manage spreadsheet risk. These articles are written by Myles Arnott from Excel Audit
- Part 1: An Introduction to managing spreadsheet risk
- Part 2: How companies can manage their spreadsheet risk
- Part 3: Excel’s auditing functions
- Part 4: Using external software packages to manage your spreadsheet risk
In the first article in this series we highlighted the risks that poorly managed spreadsheet solutions can introduce to a business. In this article we will demonstrate how companies can manage this risk.
A formal governance framework
The first, and arguably most important step is to ensure that the senior management team buy into the need for a robust spreadsheet risk management framework, and that they define and effectively communicate their spreadsheet risk management policy.
Spreadsheets identified and catalogued
It is impossible to know the level of spreadsheet risk in an organization without first identifying and then risk assessing all of the spreadsheets. It is therefore necessary to create a catalog of all of the spreadsheets and then to gather the key information about each spreadsheet to enable a risk assessment to be carried out.
The two key factors for determining the spreadsheet risk are the probability of there being an error and the impact that that error could have.
Risk = Probability of an error X impact if an error were to occur
The probability of error is related to the complexity of the spreadsheet. Complexity attributes differ across companies but include:
- Spreadsheet size (Mbs)
- Spreadsheet design (hard coded numbers in formulae, poor model structuring etc)
- The number of users
- The use of complex formulae (particularly array formulae, nested formulae etc)
- The number of cells populated
- The number of internal and external links
- The use of VBA
The impact of the error is related to how critical the spreadsheet is within the business. Each company will have a slightly different definition of the impact levels of spreadsheets, but generally:
- A spreadsheet is low impact if it is not used as part of a critical business process and an error would not have a material impact on the business.
- A spreadsheet is medium impact if it contains confidential information and an error could have a material impact on the business.
- A spreadsheet is high impact if it contains highly confidential information and an error would have a significant impact on the business. Spreadsheets used within processes that fall under external regulation (such as Sarbanes-Oxley and Solvency II) are deemed to be of high impact.
Finally, the spreadsheets should be placed in order of risk. Those identified as business critical and high risk should be prioritized for detailed review and placed under control.
This is clearly an on-going process. As new spreadsheets are developed they will need to pass through the risk assessment process as defined by the company’s spreadsheet risk management policy. A periodic review should also be carried out to ensure that all spreadsheets have been correctly categorized.
A best practice standard
The company should define its own best practice spreadsheet development standard that is applied to spreadsheets deemed to be medium or high impact. The standard should clearly outline the standards and conventions to which a spreadsheet should be built. New developments can then be reviewed to ensure that they adhere to the standard.
We advocate the use of the Excel Best Practice Standard from the Spreadsheet Standards Review Board (‘SSRB’).
We also recommend that tailored schedules are added to the standard to reflect your specific design standards. For example this could be a specific color scheme, use of logo or the use of specific text within the header or footer (e.g. document security levels).
Testing
A fundamental, but often overlooked step in the Excel model development cycle is testing. All spreadsheets (but especially business critical spreadsheets) need to be first peer reviewed and then rigorously tested.
It helps to consider the steps that an IT department would take to ensure that something they deliver is correct. It will pass through stages of unit and system testing prior to quality assurance and finally user acceptance testing. So why should a spreadsheet being used for a critical process be any different?
The fact is that no matter how hard we try, humans make errors. The purpose of testing is to identify them and get them resolved before the model goes into the live environment.
Remember that in the first article we highlighted the fact that 94% of spreadsheets and 5% of all formulae within spreadsheets contain errors.
Here is Scott Adams’ view on spreadsheet testing in Dilbert
Training
All staff should be trained so that they have sufficient Excel knowledge for their role and to use the spreadsheets that they are responsible for. As part of the induction process all staff should also be taught the company’s best practice standard.
Whilst this sounds obvious, research has shown that few companies prioritize investment in spreadsheet training.
Documentation
A key risk with spreadsheets is that they are often built and used by one individual within a team (often referred to as a “key man dependency”). If this person is ill or leaves unexpectedly the other members are totally reliant on the documentation left behind. From experience this rarely exists.
Each spreadsheet that is used within a process should as a bare minimum have documentation stating:
- the purpose of the spreadsheet;
- how the spreadsheet fits within the process;
- the source of all inputs for the spreadsheet;
- all key assumptions and drivers;
- key calculations;
- distribution list for outputs.
Spreadsheets that are part of as critical business process should have detailed documentation. This should include a technical specification and user notes.
Security
All business critical and confidential spreadsheets should be subject to access control. Security controls can be implemented across three levels:
- Directory level: Only specific individuals have access to key directories
- File level: Confidential and critical spreadsheets should be password protected to restrict access
- Cell level: Non-input cells should be password protected
Change control, backups and archives
To minimize the risk of losing the current version of a spreadsheet and ensuring that the correct version is being used at all times, all business critical spreadsheets should be backed up, archived and subject to change control procedures.
So, in summary..,
the characteristics of a well-managed environment are:
- a formal governance framework, sponsored by the senior management team, is in place for all spreadsheet development;
- a catalog of spreadsheets is maintained and prioritized by risk profile;
- a best practice standard is applied to the development of all new spreadsheets;
- all new spreadsheets pass through a formal risk assessment, are peer reviewed and formally tested;
- staff are provided with sufficient training to carry out their roles;
- all spreadsheets and their associated processes are well documented;
- access to critical spreadsheets is subject to security controls;
- spreadsheets are subject to change control and are regularly backed up and archived.
What next?
In the next article we will look at the built in Excel functions that can help you to manage spreadsheet risk.
What about you?
How do you (or your company) manage spreadsheet risk? What best practices & guidelines you follow? Please share using comments.
Thank you Myles
Many thanks to Myles for writing this series. Your experience in this area is invaluable. If you enjoy this series, drop a note of thanks to Myles thru comments. You can also reach him at Excel Audit or his linkedin profile.
22 Responses to “Formula Forensic No 019. Converting uneven Text Strings to Time”
Why not let the TIME function take care of the math:
=TIME(LEFT(TEXT(A1,"000000"),2),MID(TEXT(A1,"000000"),3,2),RIGHT(TEXT(A1,"000000"),2))
I was going to point out the same thing, except to note that useing the time function and doing the divide method are not interchangeable.
I have spent hours investigating a spreadsheet working with a couple of years worth of hourly data, and found that the reason things weren't working is because the rounding on the divide method is only close to the correct time values. In order to have it work for comparisons, (like sub-totaling by time value, or pivoting) you MUST use the TIME function.
Great use of the TEXT function, Hui. I will be using this concept for sure.
Why not just.
=TEXT(A1,"00\:00\:00")*1
Regards
Elegant!
Hi Elias,
I tried to use your formula. But, it doesn't seem to work for me. I am getting an error message "The formula you typed contains an error". It seems I have the problem in using \: in the format. How can I overcome this?
Thanks
Manick, it isn't the /: that causes the problem. If you copy/paste it, you're getting “'s instead of the actual quotation marks that Excel uses. Change the quotation marks by deleting from the pasted formula and retype them.
Hi Manick...
use this alternate formula :
=1*TEXT(A1,"00"":""00"":""00")
note twice double quote each side of :
@Manick,
Did you copy the formula and pasted in Excel or did you typed? Also, do you use , or ; as separator of arguments?
Regards
@Elias: I had no problem using your formula, in fact, I have used your method to convert a number such as 20120419 to an Excel date using =TEXT(A1,"0000\/00\/00")*1. Thanks for posting.
@Joe: For date convertion you can use this as well.
=TEXT(A1,"00-00-00")*1
Regards
Sweet! It appears this also works with =TEXT(A1,"0-00-00")*1. I come from the old days when you counted every byte. I also like to try an make formulas as small as possible for the fun of it 🙂
Elias's suggestion is the simplest, but here is yet another way with TIME and MOD functions...
=TIME(MOD(A2/10000,100),MOD(A2/100,100),MOD(A2,100))
Since the seconds appear to always be 0, why not simply the input to minutes and above and save yourself the trouble of typing those zeroes...
0 => 0:00
1 => 1:00
10 => 10:00
100 => 1:00:00
etc.
Then just use this formula...
=TEXT(A1,"0\:00\:")*1
@ Rick, the numbers to convert are no typed, they are imported. Then your formula will return the wrong result.
Regards.
Hmm! My formula lost some backslash-zero combinations (two of them to be exact). The formula was supposed to be this...
=TEXT(A1,"0\:00\:\zero\zero")*1
where the words "zero" should actually be the number 0. Another way to write the formula is this...
=TEXT(A1,"0\:00\:""00""")*1
Hi Master,
While writing the formulae you have considered only upto "seconds factor" . I think you should take the centi-seconds factor also to achieve best results. Please look into it and rectify the problem...?
For Example.
In horse racing timings are noted in minute, seconds and centi-seconds, like if a horse finished in 70 seconds over a scurry of 1200 metres, is noted as 1.10 min. Nowadays it is noted in centi-seconds everywhere, like 70.00 if you want to convert it to centi seconds (should multiply by 100) = 7000 centi seconds. If you put this figure into your formula as a general number (7000) it will return as 1:10:00. As per your formula, it should be taken as 1 hour 10 seconds 0 minutes. However for a racing enthusiast like me it can be taken as 1 minute 10 seconds also.
Just look what happens if we race goers use this figure as 7000 centi seconds in your formulae, it will correctly show as 1 minute 10 seconds(?) Suppose a horse finishing over a 1200m in 70.60 seconds or in racing terms written as 1.10.60 mins, where 1 minute 10 seconds, & 60 centi-seconds can be counted as 7060, if you put this figure in the formula it will return as 1 minute 11 seconds, that is correct.
My point is if you can incorporate Centi Seconds in the formulae, it would be of great help to us also.
Thanks and regards.
Rajagopal (Mumbai)
Awesome techniques !
I tried with 235960 just to see if it will fail but this is great.
Although a little longer, this too work:
=CHOOSE(LEN(A2);A2/(24*3600);A2/(24*3600);LEFT(A2;1)/(24*60) + RIGHT(A2;2)/(24*3600);LEFT(A2;2)/(24*60) + RIGHT(A2;2)/(24*3600);LEFT(A2;1)/24 + MID(A2;2;2)/(24*60) + RIGHT(A2;2)/(24*3600);LEFT(A2;2)/24 + MID(A2;3;2)/(24*60) + RIGHT(A2;2)/(24*3600))
Converting uneven Text Strings to Time I have imported some data that comes in as a number that I need to convert to h:mm.
Just come across this while googling
find interesting challenge and come up with this
=TEXT(TEXT(SUBSTITUTE(A1,RIGHT(A1,1),""),"000000"),"00\:00\:00")
I need to convert a string of numbers representing average minutes, to reflect correct time values. For example, the numbers below currently represent 5.79 minutes, 15.82 minutes, etc.
I need to convert these values to their correct corresponding value within time parameters. So 5.79 would be something close to 5 minutes and 45 seconds.
5.79
15.82
3.92
12.40
6.70
3.62
I know there has to be a way to compute this in Excel, it can do anything, I believe!
Thank you for any and all assistance~
@Renee... You can use a formula like this. Assuming A1 has the minutes.seconds,
=INT(A1) + MOD(A1, 1)*0.6
If you want to see it in 5 minutes 45 seconds format, use
=INT(A1) & " mins " & ROUND(MOD(A1, 1)*0.6,2) & " secs"