In today’s fast-paced business environment, companies often rely on a single system or process to ensure quality oversight and control. However, this can lead to significant risks and problems, as demonstrated by the JP Morgan incident in 2012.
The JP Morgan incident involved the bank’s use of a single system, used by its trading operations in London known as the ‘London Whale’, to compute VaR (Value at Risk). This system, contained in a single Excel file, failed to accurately identify and assess the VaR associated with the bank’s portfolio of complex financial instruments, leading to a multi-billion dollar loss. A task force report noted ‘Spreadsheet-based calculations were conducted with insufficient controls and frequent formula and code changes were made.’
The incident highlights the dangers of relying on a single system or process for quality oversight and control. When a company relies on a single system, it can become overly dependent on that system and may not have adequate backup or contingency plans in place. This can lead to serious problems if the system fails or is compromised.
Data input into a system can easily compromise the system’s output. Unless that data is verified and able to be traced once entered, analysis of ‘what went wrong’ becomes impossible after the fact.
Additionally, a single system or process may not be able to accurately identify or assess all the risks associated with a particular activity or operation. This can lead to significant financial losses, as well as reputational damage and regulatory penalties.
To mitigate these risks, companies should adopt a more comprehensive and robust approach to quality oversight and control. This may include implementing multiple systems or processes to ensure quality control, and regularly testing and monitoring these systems to ensure they are working as intended and having processes in place to ensure the integrity of data entered into the system.
Additionally, companies should have a contingency plan in place in case of failure of one of these systems. This can include, backup systems, manual procedures, and regular testing of those procedures.
Moreover, companies should also ensure that they have adequate resources and personnel in place to manage and maintain these systems, and to respond quickly and effectively in case of failure or compromise.
In summary, the incident at JP Morgan serves as a reminder of the risks of relying on a single system or process for quality oversight and control. Companies should take a more comprehensive and robust approach to quality control and regularly test and monitor their systems to ensure they are working as intended and have appropriate contingency plans in place.
