“Out of Control” Spreadsheets | July 6, 2007
by Jeb Boniakowski
“Spreadsheets … used improperly or incorrectly, or without sufficient control, pose a greater threat to your business than almost anything you can imagine.”
So says Bloor Research in this article, about a Bloor report on enterprise spreadsheet management.
I always read stories like this with interest, and I’m well aware of the risks associated with spreadsheets. We discuss them all the time internally and with clients and some of those risks inspired key design decisions in Proto. That said, I think a lot of these analyst research reports, in their haste to eliminate spreadsheet risks, play a little too fast and loose with eliminating spreadsheet benefits.
I’ve written about this topic before on this blog, because its very near and dear to Proto’s heart. I still feel its best summed up by Ray Ozzie’s phrase, “edge-versus-center” tension.
In many of the organizations where industry analysts are talking about “[pushing] the task of managing spreadsheets into the hands of the IT department,” it is important to remember that many of the tasks the spreadsheets were built to handle were already nominally in the hands of the IT department. The spreadsheet gets trotted out when the details of the problem change, when the solution delivered by IT is slightly inappropriate to the actual business problem, or when a new application or analysis is needed on a schedule that's too fast for the already overworked IT department; when it needs to get done now.
In any organization, there is going to be a tension between the rigor and predictability of central administration, and the agility and effectiveness of edge-level control. Our belief is that adding rigorous centralized controls to spreadsheets will certainly succeed in making spreadsheets less dangerous, but it will also make them useless. Making spreadsheets safer by imposing a heavy centralized change-management process is like reducing a knife’s propensity to cut its user by completely dulling its edge.
We think that change management, auditing, permissioning, versioning, etc., have a great role to play in reducing operational risks associated with spreadsheets, particularly in areas with regulatory issues to consider such as pharmaceuticals research. However, we think there are larger strides to be made in giving people at the edge tools and techniques that enable them to build quick, one-off apps, while encouraging safer practices through design. It is important that the ability to rapidly solve new problems remain in the hands of business users, “shadow” IT people, and other people who are close to business problems. Overly centralization of planning and administration has a tendency to have disastrous results.
