Spreadsheet risk and model governance

Most of the models that drive budgets, forecasts and board decisions are spreadsheets, and most of them sit outside any formal control. There is no version control, no test suite, no sign-off trail. Auditors have a name for this gap: end-user computing risk, or EUC. It is the operational risk that comes from running critical processes on tools built by the people who use them, edited under deadline, and reviewed by eye.

Why spreadsheet risk persists

Spreadsheets are popular for good reasons. They are flexible, immediate, and everyone already knows them. Those same qualities are what make them risky. Because anyone can change a cell, anyone can break one. Because the tool shows values rather than logic, a break stays invisible until the output is reconciled against something external. And because models pass between people, the person reading the number is rarely the person who wrote the formula behind it.

The cases that make the news, from the London Whale to Reinhart and Rogoff, are not freak events. They are the ordinary failure mode of an uncontrolled spreadsheet, scaled up by the size of the decision riding on it.

A governance routine that holds up

Governance has a bad reputation in finance teams because it usually arrives as a heavy process that slows everyone down and gets quietly abandoned. The version that survives is light, consistent, and built into the existing workflow. Four parts carry most of the weight.

1. Tier your models by impact

Not every spreadsheet needs the same scrutiny. Sort them by what depends on the output. A model that feeds the board pack or a regulatory return is a different risk from a scratch calculation. Put the controls where the impact is, and keep the low-impact work light so the team does not resent the process.

2. Standardise the structure

A model everyone can read is a model everyone can review. Agree on a layout: inputs in one place and clearly labelled, calculations separated from assumptions, a consistent direction of flow. Colour-coding cells by type, so inputs, formulas and links are visible at a glance, makes a model far quicker to audit. The Cell Map view does this automatically.

3. Run the mechanical checks before sign-off

Before a model leaves the desk, the same checks should run every time: circular references, errors, external links, hardcoded numbers, inconsistent formulas, and broken or unused named ranges. A fixed checklist removes the guesswork and makes review repeatable across people. The audit checks cover this set, and you can run the core of it free in the browser with the web tools.

4. Own the version

Decide who owns each model and what the current good version is. Even a simple naming and dating convention, plus one named owner, removes the most common governance failure: two people editing different copies and merging the wrong one into the report.

Make the routine cheap to follow

A control only works if it is cheaper to follow than to skip. The reason mechanical checks get dropped is that doing them by hand takes hours, and the deadline does not move. Automating that pass is what makes the routine stick. When the full set of checks runs across every sheet in one click, sign-off becomes a habit rather than a project.

That is the job Model Check in Formula Audit XL is built for: one health report covering the whole workbook, so the governance step takes minutes and actually gets done. Good governance is not about adding ceremony. It is about making the safe path the fast one.