The European Spreadsheet Risk Interest Group is a collection of academic and business people with an interest in the risks in spreadsheet based systems.
They raise awareness of the risks associated with spreadsheets. The annual conference gives a platform to people and organisations to propose their solutions to the issue, as well to researchers working in the area.
I’ve been to the conference a few times, I’ve spoken there a few times, its a great bunch of people.
But I am starting to feel their influence may be having unanticipated negative consequences.
Raising awareness of the dangers of spreadsheets seems like a noble pursuit, but what I see now is fear of spreadsheets in organisations. Which might be ok, except that what really happens is all that budget for well built professional tactical spreadsheet based solutions is diverted to strategic systems. That pressing short term need? The user throws something together in their own time, under the IT radar. So less process, less control, more risk.
Thanks to Eusprig, SOX, Frank Dodd, etc spreadsheets have a bad name. A technology is being blamed for poor usage practices. Like blaming the car when a driver driving too fast crashes..
Eusprig has done a lot of warning, highlighting failures etc, but has always as a matter of principle avoided proposing good practice. They have (deliberately) left that field open for others to address, by presenting at their conference for example.
Avoiding spreadsheets because of the risk is ok if you replace them with something with less risk. But you know what? that thing doesn’t exist.
No technology can deliver many working tools as fast as spreadsheets. So just changing technologies creates a delivery delay during which the organisation is exposed. Not the IT department, but the business department, If they don’t mitigate that exposure (with whatever tools they have to hand) they could be breaching professional codes of conduct even (eg. fiduciary duties for beancounters). not good.
Yes spreadsheets aren’t as stable as forms/browser based CRUD apps, but they are easier to adapt to changing business needs so more likely to be up to date. Try adding a field to a productions database in a large company, and comment on how long that takes. Days or weeks. Add column in a live spreaddie? seconds. Accidentally delete a critical column? seconds also :-)
So I think a big chunk of spreadsheet work has disappeared for now into IT department work queues, and is being worked around (‘temporarily’) by the business, in part due to misplaced and misunderstood fearmongering about spreadsheet danger.
So for me, yes, I think spreadsheet risk is increasing, and I am even more certain that overall organisation risk is increasing as requirements go into IT work backlog queues and/or quick and very dirty end user created temporary workarounds.
Are you seeing this fear of spreadsheets? What do you think is happening to organisational risk?