When the Defense Information Systems Agency sought a new satellite services acquisition on behalf of the Navy, it included a spreadsheet so bidders could fill in their prices. But the spreadsheet included the prices from the current contract, which were supposed to be inaccessible. For how things turned out, Smith Pachter McWhorter procurement attorney Joe Petrillo joined Federal Drive with Tom Temin.
Joe Petrillo: Sure. This is another excel spreadsheet disaster, and we talked about one a few weeks ago. It involved an acquisition of satellite telecom services for the Navy’s Military Sealift Command. It was an acquisition of commercial satellite telecommunications services. And they were divided into both bandwidth and non-bandwidth services. And the contract would be able to run to for up to 10 years in duration. Part of the contract, as you said, was an excel spreadsheet of the various different line items with blanks for offers to include their price. Unfortunately, this spreadsheet had hidden tabs, 19 hidden tabs, and those included, among other things, historical pricing information from the current contract. So Inmarsat, which was the incumbent contractor, holding that contract, notified the government and said, look you’ve disclosed our pricing information, do something about it. So the government deleted the offending spreadsheet from the SAM.gov website. But they understood and this was the case, third party aggregators had already downloaded it, and it was out there, it was available.
When spreadsheets are created ad-hoc, the usage of time steps tends to be inconsistent: advancing by rows in one sheet, columns in another, and even a mix of the two in the same sheet. Sometimes steps will be weeks, other times months, quarters, or years. This is confusing for users and reviewers, leads to low trust, increases the time for updates and audits, and adds to the risks of the spreadsheet.
A better way is to make all calculations follow a consistent layout, either across rows or columns, and use that layout for all calculations, regardless if it requires a few more rows or columns. For example, one way to make calculations consistent is with time steps going across the columns and each individual calculation going down the rows:
Author(s): Stephan Mathys
Publication Date: June 2021
Publication Site: Small Talk at the Society of Actuaries
Somewhere in PHE’s data pipeline, someone had used the wrong Excel file format, XLS rather than the more recent XLSX. And XLS spreadsheets simply don’t have that many rows: 2 to the power of 16, about 64,000. This meant that during some automated process, cases had vanished off the bottom of the spreadsheet, and nobody had noticed.
The idea of simply running out of space to put the numbers was darkly amusing. A few weeks after the data-loss scandal, I found myself able to ask Bill Gates himself about what had happened. Gates no longer runs Microsoft, and I was interviewing him about vaccines for a BBC program called How to Vaccinate The World. But the opportunity to have a bit of fun quizzing him about XLS and XLSX was too good to pass up.
I expressed the question in the nerdiest way possible, and Gates’s response was so strait-laced I had to smile: “I guess… they overran the 64,000 limit, which is not there in the new format, so…” Well, indeed. Gates then added, “It’s good to have people double-check things, and I’m sorry that happened.”
Exactly how the outdated XLS format came to be used is unclear. PHE sent me an explanation, but it was rather vague. I didn’t understand it, so I showed it to some members of Eusprig, the European Spreadsheet Risks Group. They spend their lives analyzing what happens when spreadsheets go rogue. They’re my kind of people. But they didn’t understand what PHE had told me, either. It was all a little light on detail.
Jørgen Schøler Kristensen, Medical Director at Aarhus University Hospital, explains the error as follows:
– When patients with a civil registration number beginning with 0 had to be entered, the civil registration number was declared invalid if a hyphen was missing. So 26 percent of the civil registration numbers we have reported have not been entered correctly, so they have not received the invitation in their e-box to be vaccinated as they should have had, says Jørgen Schøler Kristensen.
Patients born the first nine days of any month and having been unlucky with a hyphen were forgotten.
You might recall the “London Whale” incident in 2012, when notorious trader Bruno Iksil — whose other monikers include the White Whale and even Voldemort — conducted a series of credit default swaps that cost JPMorgan Chase $6.2 billion.
What you might not know, however, is that half the loss was incurred by a simple Excel spreadsheet error.
Bloomberg reports that the Excel model, which relied heavily on copy and pasting of information, accidentally “underestimated risk by half.”
he Securities and Exchange Commission today filed a civil action alleging that former credit ratings agency Morningstar Credit Ratings LLC violated disclosure and internal controls provisions of the federal securities laws in rating commercial mortgage-backed securities (CMBS).
Credit ratings are used by market participants to help evaluate credit risk, price certain securities, and guide the investment decisions of individuals and institutional investors alike. To promote transparency in the process, the federal securities laws require credit rating agencies to publicly and accurately describe the procedures and methodologies used to determine credit ratings, and to implement effective internal controls to ensure that they follow those procedures and methodologies.
According to the complaint, in 30 CMBS transactions totaling $30 billion that Morningstar rated from 2015 to 2016, the credit rating agency permitted analysts to make undisclosed adjustments to key stresses in the model that it used in determining the rating for that transaction. The complaint also alleges that Morningstar failed to establish and enforce an effective internal control structure governing the adjustments for a total of 31 transactions.