A Best Practice Approach to Managing Spreadsheet Risk & Governance in CECL
Calculating Current Expected Credit Loss (CECL) is a significant challenge for US-based credit lending institutions. The extensive use of models, loan data, as well as historical economic and loan default metrics present an operational challenge for filers. This complexity, combined with the December 2019 deadline means that many institutions will reach for their standby tool of choice – the Excel Spreadsheet – to plan, manage and report on some or all of their CECL reporting. The spreadsheet’s power, flexibility and widespread use offers a way of successfully overcoming the challenges of CECL, while remaining on time and on budget.
Reporting CECL accurately is challenging but essential. The way it recognizes potential losses over the lifetime of loans alone will drive earnings volatility. Having to restate earnings because of errors in calculating CECL will only add to complexity of managing CECL reporting, industry stakeholders and the business.
Given the challenges of calculating CECL, and the significance of the results, institutions need to think carefully about how best to leverage the power of spreadsheets, while also mitigating the risks associated with them. They need to assure the data governance that management, auditors and regulators expect.
A Best Practice Approach to Spreadsheet Risk Management Under CECL
Based on the experience of helping financial institutions address spreadsheet risk management under a range of compliance regimes, this is a best practice approach managing spreadsheet risk in CECL reporting.
1. Identify the CECL Spreadsheets
Effective CECL reporting depends on having proper foundations, and identifying all the key CECL spreadsheets is vital. These spreadsheets may cover credit loss models, covering past, present or future scenarios, and historical loss data, including probability of default (PD) and loss given default (LGD) metrics for example. These combined, with an institution’s loan portfolio data set, provide the final CECL results.
These spreadsheets will be located in different departments, business units and even countries. Initially at least, as institutions start their CECL journey, there may be different versions, formats and definitions. This provides ample scope for the emergence of spreadsheet risk further down the implantation and reporting path.
2. Risk Assess your CECL Spreadsheets
In a CECL framework that utilizes spreadsheets, all the spreadsheets will be important, but a subset will be vital, and need to be monitored closely. Identifying these key spreadsheets is not straightforward, The significance of a spreadsheet may, for example, depend on how many other spreadsheets are linked to it, how many formulas and worksheets it contains and the complexity of its formulas and macros. While a useful yardstick, other, much simpler spreadsheets, may be equally critical to CECL reporting.
Having a systematic risk assessment model for CECL allows people across the business to agree objectively which are the spreadsheets that require the closest scrutiny. This can form the basis of an effective CECL project implementation model, as well as serving to develop the risk management, audit and governance framework that institutions will have to adhere to when CECL comes into force in 2019.
It also ensures that the risk management focus is targeted at the right areas, rather than having the effort dissipated through assessing too many of the wrong spreadsheets.
3. Monitor and Audit your CECL Spreadsheets
The final stage is to closely monitor your key CECL spreadsheets, to identify changes to them and their potential impact to the CECL results and the wider business. It is important that changes to the spreadsheets – to formulas, data sources, individual worksheets and macros for example – can be easily identified, as they can have a material impact on the final CECL results, as well as the project implementation. Equally the absence of approved changes need to be easily identified, to ensure that the project remains on track.
These changes need to easily identifiable, auditable and reportable, so that the risk management and governance framework central to calculating CECL is fully supported.
However an institution approaches this challenge, it is important that the risk and governance management model is considered as a pre-requisite of a CECL implementation framework, alongside data management, loan loss modelling, as well as systems integration and design. As well as assuring accuracy of the final results, this approach ensures that the CECL models is fully aligned with the audit and data governance requirements of CECL. It also helps ensure that the CECL implementation project proceeds smoothly and efficiently and is delivered on time.
January 17, 2018
Data governance is back on the business agendaMay 10, 2016
19th April 2016 Mel Glass, Business Manager, ClusterSeven In my experience the safest place...
Get In Touch
Let's talk about how ClusterSeven can increase transparency and control around your spreadsheets. Build confidence in your business critical processes and the accuracy of your data, empowering you to make informed business decisions.Contact Us