When Excel holds your IP

Brewing a silent storm: Sebastian Dewhurst at EASA describes the hidden risk that spreadsheets represent in every business 

 

In workspaces around the world, there’s a silent foundation that executives know about but very few talk about: an Excel file that sits on someone’s desktop running a critical part of the business. From pricing models and regulatory reports to compliance checks and supply forecasts, these spreadsheets are the lifeblood that keeps the business running.

 

The issue is that in many companies, they exist as undocumented and customised files created by one employee. And when they leave, that knowledge and experience of operating that spreadsheet walks out with them.

 

This article explores the hidden risks businesses face when key knowledge is trapped inside user-built spreadsheets that can only be interpreted by one person, and how modern no-code solutions can safeguard that business logic. 

 

 

Spreadsheet shadow apps

There’s a good reason why spreadsheets are so popular. They’re accessible, versatile in their usage, and endlessly adaptable. They empower teams to automate decisions without approval from IT, as well as give them the ability to work efficiently. Due to this, it’s become common for employees to create what is known as “shadow applications”, spreadsheet-based tools that work outside of IT approval.

 

Over time, these tools develop into operational pillars that are used to create reports, make decisions or track performance. Despite all this, these tools are still undocumented, highly personalised, and informally managed. These factors evolve the usage of these tools into a quiet, yet dangerous risk; critical business data that is saved in a format that is neither secure nor scalable and is only accessible by the original owner.

 

 

Expertise walking out the door

In most cases, the original owner of the spreadsheet is also the only one who fully understands its functions and how it works. They know which formulas need to be applied where and the location of each piece of data. When that individual leaves, it results in the loss of critical operational knowledge that’s vital to the business. 

 

There may potentially be no handover process, no backup, or documentation, which means that the next person to handle this will be left staring at a labyrinth of cells, formulae, and data that they are unable to interpret. This creates a risk of succession, especially for employees who have been at the company for years and have built these tools over time and didn’t transfer access to the data to another person or provide guidance on how to navigate the spreadsheet.

 

 

A ripple effect of organisational risks

When these spreadsheet-based tools are thrown into disarray, the consequences send waves of chaos throughout the business and as such, these risks are split into three main categories. The first is operational disruption. 

 

Operational disruption

This is when a key spreadsheet becomes unusable, so all business operations come to a standstill. For example, pricing decisions are delayed, reports are unsubmitted, and forecasts cannot be updated. As the clock is ticking, teams are scrambling to understand the spreadsheet’s processes and how to recreate it.

 

Recovery is possible, however, it involves a lengthy process of trying to figure out how the spreadsheet worked without any documentation, which essentially means that the employees would have to rebuild its logic from scratch. Not only does this disrupt business flow, but it also diverts valuable resources that could be utilised elsewhere.

 

Financial vulnerabilities

When a key spreadsheet becomes unusable, the financial repercussions that would occur are severe. One of the immediate costs is the effort that is required to rebuild the spreadsheet-based tool. In most cases, this involves involving technical staff or hiring external consultants, which takes time and budget away from more strategic concerns.

 

Beyond this, there’s also the risk of revenue being lost. With there being delays in decision-making, such as pricing approvals, sales forecasting or financial reporting, this can lead to missed opportunities. If a spreadsheet that drives vital business functions suddenly goes out of commission, the financial impact can be significant. 

 

Whilst trying to recover the data, any errors that take place can be costly. Even a single miscalculation in a pricing model or forecasting tool can result in the company making mistakes such as undercharging customers, making poor investment decisions, or applying an excessive amount of resources where they’re not needed. 

 

Compliance risks

In regulated industries such as pharmaceuticals, energy, insurance, or finance, the risks are increased. Regulatory bodies expect businesses to maintain clear audit trails, version control, and verifiable oversight over critical processes. Spreadsheet-based tools that are created unofficially will most likely lack all three. 

 

There is no certainty that the business logic hasn’t been changed, nor is there a way to track the version history or the formal validation of results. This can lead to failed audits, legal exposure, and extensive damage to the company’s reputation. For example, a pharmaceutical company or a bank that relies on spreadsheets to track regulatory submissions and exposure risk simply cannot risk having undocumented tools at the heart of their operations.

 

 

Modernising spreadsheets into accessible systems

In spite of these risks glaring in the face, the answer isn’t to stop using Excel spreadsheets. If anything, it’s the opposite. Excel’s real strength lies in its flexibility and widespread adoption. The real issue is how organisations can retain the value of these tools whilst protecting the business logic and at the same time, ensure its scalability and security.

 

So how do we solve this? By converting these spreadsheet-based tools into web applications that are secure and governed using modern no-code platforms. These platforms have a host of benefits that include: 

• Preserving the core spreadsheet logic, which means that the original data isn’t lost.
• Wrapping the logic in a secure, browser-based interface which gives the user access to only the inputs and outputs they require.
• Controlling access with role-based permissions, which means that no one can make unauthorised changes to the document.

---

 

Sebastian Dewhurst is the Founder of EASA

 

Main image courtesy of iStockPhoto.com and AndreyPopov