This series of articles will give you an overview of how to manage spreadsheet risk. These articles are written by Myles Arnott from Excel Audit
- Part 1: An Introduction to managing spreadsheet risk
- Part 2: How companies can manage their spreadsheet risk
- Part 3: Excel’s auditing functions
- Part 4: Using external software packages to manage your spreadsheet risk
In the first article in this series we highlighted the risks that poorly managed spreadsheet solutions can introduce to a business. In this article we will demonstrate how companies can manage this risk.
A formal governance framework
The first, and arguably most important step is to ensure that the senior management team buy into the need for a robust spreadsheet risk management framework, and that they define and effectively communicate their spreadsheet risk management policy.
Spreadsheets identified and catalogued
It is impossible to know the level of spreadsheet risk in an organization without first identifying and then risk assessing all of the spreadsheets. It is therefore necessary to create a catalog of all of the spreadsheets and then to gather the key information about each spreadsheet to enable a risk assessment to be carried out.
The two key factors for determining the spreadsheet risk are the probability of there being an error and the impact that that error could have.
Risk = Probability of an error X impact if an error were to occur
The probability of error is related to the complexity of the spreadsheet. Complexity attributes differ across companies but include:
- Spreadsheet size (Mbs)
- Spreadsheet design (hard coded numbers in formulae, poor model structuring etc)
- The number of users
- The use of complex formulae (particularly array formulae, nested formulae etc)
- The number of cells populated
- The number of internal and external links
- The use of VBA
The impact of the error is related to how critical the spreadsheet is within the business. Each company will have a slightly different definition of the impact levels of spreadsheets, but generally:
- A spreadsheet is low impact if it is not used as part of a critical business process and an error would not have a material impact on the business.
- A spreadsheet is medium impact if it contains confidential information and an error could have a material impact on the business.
- A spreadsheet is high impact if it contains highly confidential information and an error would have a significant impact on the business. Spreadsheets used within processes that fall under external regulation (such as Sarbanes-Oxley and Solvency II) are deemed to be of high impact.
Finally, the spreadsheets should be placed in order of risk. Those identified as business critical and high risk should be prioritized for detailed review and placed under control.
This is clearly an on-going process. As new spreadsheets are developed they will need to pass through the risk assessment process as defined by the company’s spreadsheet risk management policy. A periodic review should also be carried out to ensure that all spreadsheets have been correctly categorized.
A best practice standard
The company should define its own best practice spreadsheet development standard that is applied to spreadsheets deemed to be medium or high impact. The standard should clearly outline the standards and conventions to which a spreadsheet should be built. New developments can then be reviewed to ensure that they adhere to the standard.
We advocate the use of the Excel Best Practice Standard from the Spreadsheet Standards Review Board (‘SSRB’).
We also recommend that tailored schedules are added to the standard to reflect your specific design standards. For example this could be a specific color scheme, use of logo or the use of specific text within the header or footer (e.g. document security levels).
Testing
A fundamental, but often overlooked step in the Excel model development cycle is testing. All spreadsheets (but especially business critical spreadsheets) need to be first peer reviewed and then rigorously tested.
It helps to consider the steps that an IT department would take to ensure that something they deliver is correct. It will pass through stages of unit and system testing prior to quality assurance and finally user acceptance testing. So why should a spreadsheet being used for a critical process be any different?
The fact is that no matter how hard we try, humans make errors. The purpose of testing is to identify them and get them resolved before the model goes into the live environment.
Remember that in the first article we highlighted the fact that 94% of spreadsheets and 5% of all formulae within spreadsheets contain errors.
Here is Scott Adams’ view on spreadsheet testing in Dilbert
Training
All staff should be trained so that they have sufficient Excel knowledge for their role and to use the spreadsheets that they are responsible for. As part of the induction process all staff should also be taught the company’s best practice standard.
Whilst this sounds obvious, research has shown that few companies prioritize investment in spreadsheet training.
Documentation
A key risk with spreadsheets is that they are often built and used by one individual within a team (often referred to as a “key man dependency”). If this person is ill or leaves unexpectedly the other members are totally reliant on the documentation left behind. From experience this rarely exists.
Each spreadsheet that is used within a process should as a bare minimum have documentation stating:
- the purpose of the spreadsheet;
- how the spreadsheet fits within the process;
- the source of all inputs for the spreadsheet;
- all key assumptions and drivers;
- key calculations;
- distribution list for outputs.
Spreadsheets that are part of as critical business process should have detailed documentation. This should include a technical specification and user notes.
Security
All business critical and confidential spreadsheets should be subject to access control. Security controls can be implemented across three levels:
- Directory level: Only specific individuals have access to key directories
- File level: Confidential and critical spreadsheets should be password protected to restrict access
- Cell level: Non-input cells should be password protected
Change control, backups and archives
To minimize the risk of losing the current version of a spreadsheet and ensuring that the correct version is being used at all times, all business critical spreadsheets should be backed up, archived and subject to change control procedures.
So, in summary..,
the characteristics of a well-managed environment are:
- a formal governance framework, sponsored by the senior management team, is in place for all spreadsheet development;
- a catalog of spreadsheets is maintained and prioritized by risk profile;
- a best practice standard is applied to the development of all new spreadsheets;
- all new spreadsheets pass through a formal risk assessment, are peer reviewed and formally tested;
- staff are provided with sufficient training to carry out their roles;
- all spreadsheets and their associated processes are well documented;
- access to critical spreadsheets is subject to security controls;
- spreadsheets are subject to change control and are regularly backed up and archived.
What next?
In the next article we will look at the built in Excel functions that can help you to manage spreadsheet risk.
What about you?
How do you (or your company) manage spreadsheet risk? What best practices & guidelines you follow? Please share using comments.
Thank you Myles
Many thanks to Myles for writing this series. Your experience in this area is invaluable. If you enjoy this series, drop a note of thanks to Myles thru comments. You can also reach him at Excel Audit or his linkedin profile.
54 Responses
Hi Chandoo,
This is awesome *****
Found 6, just one remaining, and I think it should be in sheet2, as I found 1 in each sheet but didn’t found anything in sheet2 (till yet, I am keep looking).
Very cleaver and amazing work, enjoyed a lot…
Thanks Chandoo for this beautiful work.
Wish you have great time at Hyderabad.
Regards,
Khalid
go to AB201 on Sheet2, you will see Panda there !!!
Press F2 in Cell A1 and then read the actual text !!
In Sheet 2 go to Cell AB201. You will find one.
There is one on first sheet, if you press F5 (goto), the word PANDA can be seen there.
Oh I found the last one, (custom format hmm)
Truly Amazing and the beauty of this forum.
You are an Artist Chandoo.
Hi Chandoo,
Wow, you really have magical skills. I am in office and this sheet ate up an hour of my time….didn’t expect that.
I could find 5 of the 7 pandas. Didn’t know one could hide so much data in innocent looking excel sheets.
Thanks!
-Ranjith
yeah! found all 7 panda, time to go to china.
This was very fun and challenging, thanks for posting! I found all of them (well, Sheet1 was tricky, it seems you’re supposed to find the cell and type it in yourself?). Wasn’t sure if it was cool to post the answers here or not, though. Guess I’ll post SPOILER ALERTS so you can skip the rest of the message if you don’t want to see what I came up with.
SPOILER! SPOILER! SPOILER!
My answers appear below.
Sheet1: type PANDA in cell PAN3489
Sheet2: cell AB201
Sheet3: cell J8 (Picture1)
Sheet4: cell H9
Sheet5: expand Chart1
Sheet6: formula = “=MID(ADDRESS(9,2^3*23*59,4),1,3)&BIN2HEX(11011010)”
Sheet7: named range (A1:I18)
Wookie – I would love to get a walkthrough of HOW you figured out sheet 1 and a bit of a formula walkthrough for Sheet 6.
Basically, I don’t know how I could have found that particular cell input message on Sheet 1.
And I have no clue about the BIN2HEX part of the formula…before your hint I was able to get the output to read AN9DA. The change to MID and the addition of that ‘,1’ changed it to PANDA…
Hi Rachel,
To get to the cell in sheet 1 you can press: ctrl G. Then special and then data validation: all. This is also the way to find panda in sheet 7 😉
I agree, this was a fun way to test your ability to navigate through the functionality of Excel! And since you already posted the SPOILER ALERT warning, I should be safe posting a reply to your comment with some solutions of my own… 🙂
I found all the same solutions you did with a few minor changes:
Sheet1: If you notice, cell PAN3489 has Custom formatting. You don’t have to type “PANDA”, just the number 1.
Sheet6: The MID function works as you described, but you can also simply change the RIGHT function to the LEFT function without having to add in the start and end positions for MID.
Sheet7: Yes, the range name for these cells is called PANDA, but you don’t see the actual word in the sheet unless you change the Zoom setting to 39% or less (hence the clue “Z” 39%).
Thanks again for a great post, Chandoo!!
I must admit sheet 7 defeated me, but I have some corrections
Sheet 1 – you type =LEFT(ADDRESS(ROW(),COLUMN(),2),3)&DEC2HEX(ROW())
in PAN3489 to get “PANDA1”. As it is the first panda. I think panda1 is appropriate, but maybe
=LEFT(ADDRESS(ROW(),COLUMN(),2),3)&LEFT(DEC2HEX(ROW()),2)
is better, because it leaves you with “PANDA”
Sheet 6 – I corrected to
=LEFT(ADDRESS(9,2^3*23*59,4),3)&BIN2HEX(11011010)
Picky I know, but who uses mid when a right or a left will do?
I know; that was weird. I did try using a LEFT formula, but I kept getting the $ prefix from the cell address. So I tried a couple of variations using MID and it gave me the result I needed. This is actually the first time I’ve ever tried using a MID formula starting at the first character, but I wasn’t trying to spend a lot of time on it, so I went with what worked.
Sheet1: Type 1 in PAN3489
Sheet6: =LEFT(ADDRESS(9,2^3*23*59,4),3)&BIN2HEX(11011010)
Slight change…
For sheet 1 goto PAN3489 and type in 1. The word PANDA appears.
Love it!
Sheet 6 was my favorite. How many people still know what binary, hex and octal are? :o)
—–Spoilers———
Alternate Solutions
1) Type “1” (not the quotes) in PAN3489 and Excel will turn “1” into “PANDA”
6) The formula Wookie lists also works with LEFT in place of MID
Lot of fun. Solve time ~20 mins.
@ Rob
How this 1 turns to PANDA .. means How this is done by excel any formula or something in VBA
Also how to reach cell PAN3489 .. there are no clues given on sheet 1
You reach PAN3489 by pressing Ctrl + End to bring you to the last used cell in Sheet 1
@ Navdeep I found PAN3489 by going to “Formulas” and then “Name Manager” and saw there was a field called “Clue1” listed in the Name Manger that references 3489. Finding PAN as the column index was just a bit of a lucky guess through trial and error. Then a note in cell PAN3489 when you navigate there says to try “typing something.” I tried scrolling through the Format Cells menu to see if the text typed in the cell needed to be formatted a certain way, and noticed that “1= Panda” was listed in the custom text menu and tried it. A bit brute force, but I think the desired text entry.
Clever!
The Data Validation one took me a bit. Had to resort to brute force.
Thanks for the fun!
Awesome! Found 7 pandas in 20 minutes)))
Sheets 1 and 6 were the best!
Thanks!
Sheet 1: The answer is not type in Panda. Type 1. There’s a special formatting that replaces 1 with Panda.
Sheet 6: Just replace right with left, don’t worry about changing the numbers.
Sheet 7: I found the named range, but don’t know what the Z 39% means. Thoughts?
when you changed the zoom level to 39% or below, you will see the name of namedrange (if any)
WOW! I’ve just found the secret eighth PANDA!
Truly awesome!!!
Am I the first one who figured that out, guys?
Btw, thanks for the puzzle!
Found them all – very inventive. Had to think outside the “box”. Great fun!
It was truly a artists work
chandoo you are grate
all sheets are deigned different from each other
@Wookiee: you have a good for others by posting the answers, Thank you too
it is fun and great invent
Guys I Got 8 PANDA in the workbook… 🙂
[Look Chandoo has against played great trick by reserving one more ester egg, but we are also fan of none other than Chandoo, who can get hold of hidden 8th (untold) ester egg]
Here is the full list:
1) Sheet1: Type 1 in Cell PAN3489
2) Sheet2: Goto Cell AB201
3) Sheet3: Check the picture located above cell J8
4) Sheet4: Goto Cell H8
5) Sheet5: Cells, viz., A4, A10, A16, A21, A29 have all alphabets of PANDA
6) Sheet5: Resize the chart to see PANDA
7) Sheet6: Correct the formula as LEFT(ADDRESS(9,2^3*23*59,4),3)&BIN2HEX(11011010)
8) Sheet7: Range A1:I18 is named as PANDA
1) Sheet1: Type 1 in Cell PAN3489
2) Sheet2: Goto Cell AB201
3) Sheet3: Check the picture in the cell J8
4) Sheet4: Goto Cell H9
5) Sheet5: Resize the chart to see PANDA
6) Sheet6: Correct the formula as LEFT(ADDRESS(9,2^3*23*59,4),3)&BIN2HEX(11011010)
7) Sheet7: Range A1:I18 is named as PANDA
Actually, for sheet7, if you set the zoom to 39% or less, you will see the word PANDA. Yet another PANDA! 🙂
Hi,
i want to know how to manage bill wise manage vendor invoice and payment in excel please suggest.
Thanks,
Ram
Hi Chandoo!
You rock with these amazing skills!
Sheet 1: ??
Sheet 2: ??
Sheet 3: Cell J8
Sheet 4: Cell H9
Sheet 5: A4, A10, A16, A21, A29
Sheet 6: B2
Sheet 7: ???
Sheet1 F5
Sheet2 AB201
Sheet3 Picture1
Sheet4 H9
Sheet5 Chart
Sheet7 Zoom to 30%
I love this time of year and look forward to Chandoo’s egg hunts. Whilst I got all the pandas, I do not understand how sheet 7 works; Where is the source data and why does it only work when zoomed out to 39% or more?
@Leon-K
When you change the zoom level to be less than 40% Excel shows the Ranges which have Names applied to them
Ha ha, that’s fantastic. Thanks Hui. @Chandoo, thanks for yet another method to decrypt worksheets in order to re-build or explain them better to clients.
These were fantastic and kept me intrigued until I could finish them. (Had to look here for help with Sheet1!) Definitely learning a lot about some new formulas. Awesome, Chandoo!
Ok, just saw the notes on the Zoom 39% on Sheet 7. Can someone explain what’s happening here and why PANDA shows up at that level?
@Bryan
When you change the zoom level to be less than 40% Excel shows the Ranges which have Names applied to them
Wow, great exercise.
Tried and solved 5 out of seven and other two solved incorrectly (1 & 6).
Thanks 🙂
Hi Chandoo,
Gr8 …had fun in searching it. I got 5 out of 7.
You are brilliant.
Found all except in sheet6 as not able to understand formula.
thanks
Raja Aurongzeb
Hi,
I am not able to find 1st Panda, which is on Sheet1. Rest all I have found.
Wonderful Chandooji… you are brilliant.
Wow.. Awesome set of puzzles Chandoo!!
Am now trying to figure out how sheet 7 was prepared.. 39% Zoom setting logic.. Can someone help me with a hint?
Thanks!
Looks like this is an XL feature.. Zooming out the worksheets below 40% level, by default displays all named ranges (more than 2 cells)! Had not come across this till date..
Great works! Was having FUN in finding the pandas. Thanks.
btw, I used one basic function (Find, CTRL+F) to find 2 pandas. Simply Find “Panda” within “Workbook”… To my surprise, seems no one mentioned that in the process.
On other other hand, Selection and Visibility Pane is a handy tool to see if there is “extra” shapes for locating pandas hidden in chart/picture.
Had fun doing this, Found 5 and the rest I saw clues on here 🙂
I really enjoyed when finding the pandas.And also I am so surprised.Very Nice thought and Excellent.
This was fun! Thanks!
Nice and fun post. Thanks, Chandoo!