Data plays a critical role in the complex process of stress testing, and as most stress tests are conducted wholly or partially via spreadsheet-based models in banks and financial institutions, it’s hardly surprising that the Bank of England’s programme has been criticised over its quality.
Plagued by numerous ‘fatal flaws’, as highlighted in a recent paper published by the Adam Smith Institute, the underlying issues stem back to the poor input of data which ultimately results in calculation errors. Whilst this isn’t headline news to the Bank of England, who itself has acknowledged the issue of data quality in its 2014 stress test report, it is crucial that the problem is addressed.
Banks and financial institutions, like most businesses, spend huge amounts on IT, but are failing to acknowledge the need for management of their spreadsheet and end user computing (EUC) landscape, which underpins their regulatory compliance and model governance initiatives.
The challenge of EUC
EUCs enable businesses and users to quickly deploy solutions in response to shifting market conditions, industry changes and evolving regulations, but these very aspects that make EUCs so appealing can also make them challenging to manage and control effectively.
Banks are typically reliant on numerous (even hundreds) of spreadsheets to support their models and a single data error in one file can proliferate across a wider EUC landscape, feed inaccurate data into a model to produce inaccurate outputs. Spreadsheets are cumbersome and contain a vast amount of data, stored in multiple sheets, making discrepancies difficult to identify. This is further compounded by linkage of these applications to each other via formulae, creating an environment where changes and discrepancies are not visible, often occurring in data not intended to be viewed after initial data input.
On top of this, spreadsheets are frequently shared and transferred between users, resulting in multiple documents, only one of which is up to date. If they are not stored and labelled correctly, subsequent users are unable to identify which spreadsheet is the current version containing up to date data, and which, potentially causing discrepancies from the use of old or incorrect data.
Organisations and IT in particular prefer the use of enterprise business applications, so gaining their mindshare for proper use of spreadsheets is often a challenge. EUC applications are often developed by individuals without formal software training and most organisations do not implement standardised and structured developmental methodologies, which ultimately results in increased risks.
Automating the EUC management process
A central aspect of EUC management and data quality is transparency, and banks need this to establish how data is created and where the transformations in the data and models are occurring. In doing so, they can verify the processes and controls to ensure good quality data. This is predominantly a manual process, but improving the process of collecting, validating and proofing stress testing data is a complex and high risk function. Being able to integrate and automate the process is a real imperative for businesses in order to reduce risk and deliver a consistent stress testing model.
Technology can facilitate the adoption of best practice processes to ensure data quality by embedding governance into the business operation, supporting everything from creation of new EUC applications through to eventual decommissioning of these files. Enabling banks to understand and control the entire data ecosystem that surrounds the stress testing model can provide a means to establish what type of EUC the data is coming from – e.g. spreadsheets or access databases; whether it is a single spreadsheet or multiple spreadsheets that feed data into the model; and what the data linkages between the various data feeds are etc. This visibility comes from a process of discovery including scanning file shares and repositories; as well as analysing the overall EUC estate structure, properties and content. Banks are then able to rank the inventory of files by the level of risk (or materiality) they pose based on the risk appetite of the organisation, providing a holistic view of the complex web of data flows, on an ongoing basis.
A technology-led approach to EUC data quality management eliminates the need for manual checking as well as credibly demonstrating the validity of stress testing models and the accuracy of the corresponding outputs to satisfy the regulators. EUC management solutions enable financial institutions to set up data change management processes and control mechanisms, supported by an audit trail to ensure that the integrity of the data is always maintained.
Crucially, users can continue to add judgement calls/expert judgment by altering data sets in spreadsheets to improve the alignment between theoretical calculations and the real world. The automation offered by technology solutions facilitate re-attestation of the models, and tools that feed them, with the real-time reporting and monitoring functionality and data, so banks can periodically re-evaluate the models and tools to ensure that they are indeed working as desired by the organisation. Ultimately, while organisations are faced with meeting stringent regulatory requirements, the major benefit of quality data is that it can be utilised strategically to meet business goals. It is imperative that financial institutions are able to accurately and adequately demonstrate the ancestry and validity of their data. Adapting an automated management process will contribute to overall risk management and bottom-line benefits.
By Henry Umney, Vice President of Sales, ClusterSeven