EuSpRIG 2025: Spreadsheets, AI, and the Next Frontiers of Risk Management.
Posted on :: 1844 Words :: Tags: EuSpRIG, Excel, Risk Management, Python, GenAI, Data Governance, Spreadsheet Governance, AI

Exec Summary

The EuSpRIG 2025 conference underscored that spreadsheets remain essential yet risky tools at the heart of modern organisations. Despite advances in platforms and AI, Excel and similar tools continue to underpin critical business processes, bringing persistent challenges such as shadow IT, version chaos, data security, and compliance risks.

Risk management must adapt to user skill, workbook importance, and regulatory demands—especially as AI and new tools reshape the landscape. Next-generation platforms are introducing new and innovative features (including deep AI integration), however, the expansion of add-ins and extensions further increases both capabilities and risks, requiring vigilant oversight.

Last week I attended the EuSpRIG 2025 Annual Conference in London (via Zoom), a gathering of spreadsheet professionals, researchers, and enthusiasts focused on the future of spreadsheet productivity and risk. As someone deeply invested in the intersection of data, business, and risk, EuSpRIG offered a rare opportunity to hear from some of the world’s leading voices on spreadsheet governance, error prevention, and the impact of AI.

Why I Attended

The risks and challenges of Excel are not just academic—they’re a daily reality for most organisations, as highlighted in Appendix C: Excel Usage and End-User Computing in Organisations.

As discussed in my Excel Risk Assessment post, Excel remains the backbone of countless business processes, but its flexibility comes at a cost:

  • Shadow IT and lack of governance
  • Version control chaos
  • Data security and compliance concerns
  • Operational errors and lack of documentation

Despite new tools and platforms, most companies still rely on a vast, uncontrolled landscape of Excel workbooks. My goal in attending EuSpRIG was to see how the latest research, tools, and community thinking are addressing these challenges and to bring back practical insights for improving spreadsheet safety and productivity in real-world settings[1][3][5].

Conference Highlights

The conference featured a diverse line-up of thought leaders and practitioners, each exploring a unique facet of spreadsheet risk, productivity, and the evolving role of AI. For detailed speaker summaries and session insights, including both days’ talks, see Appendix B: EuSpRIG 2025 Speaker Summaries.

Risk Management and Compliance

For a detailed exploration of how spreadsheet risk management must adapt to user capability, workbook criticality, compliance obligations, and the evolving AI landscape, see Appendix A: Spreadsheet Risk Management—Personas, Criticality, and Compliance.

The Next Generation of Spreadsheet Tools

Next-generation spreadsheet tools are evolving to address longstanding issues such as version control, collaboration, and validation. Modern platforms—including Quadratic, Google Sheets, and emerging alternatives like PySheets, are introducing a blend of governance-focused features and advanced AI capabilities, such as:

  • Cell-level versioning for auditability and rollback
  • Collaboration-first design to reduce version chaos
  • Integrated testing and validation inspired by software engineering best practices
  • AI-assisted natural language coding and live database queries (as seen in platforms like Quadratic)
  • Generative AI functions embedded directly in spreadsheets (such as Google Sheets’ =AI() function) that enable users to generate, summarise, categorise, and analyse data through simple prompts

These innovations reflect a broader trend of embedding AI deeply within spreadsheet workflows, enhancing productivity while raising new governance considerations.

Add-ins and Extensions: Expanding Capabilities, Increasing Risks

While core platforms are evolving, Excel and Google Sheets also support a vast ecosystem of third-party add-ins and extensions. These tools can greatly expand functionality—from automation and analytics to workflow integration—but they also introduce new risks:

  • Add-ins often require broad permissions, including access to sensitive data and the ability to modify files or send emails.
  • Poorly vetted or unmanaged add-ins can create security, privacy, and compliance vulnerabilities.
  • Malicious add-ins and exploited vulnerabilities have been used as attack vectors in real-world incidents.
  • Organisations should balance productivity gains with robust governance, permission controls, and regular review of add-in usage.

This underscores the importance of not only evaluating core spreadsheet features, but also managing the broader ecosystem to maintain effective risk controls.

Takeaways

  • AI is a double-edged sword: It brings new efficiencies but also introduces fresh risks, especially in environments lacking strong governance.
  • Governance and transparency are non-negotiable: As spreadsheets underpin more critical business processes, robust oversight is essential.
  • Spreadsheets aren’t going anywhere: But the way we manage them must adapt to keep pace with evolving risks and technologies.

Bottom line:
Spreadsheet risk management is most effective when tailored to user skills, workbook criticality, and regulatory needs. As AI and new platforms reshape the landscape, risk and compliance strategies must evolve in parallel.

If your organisation is grappling with spreadsheet risk, governance, or productivity challenges, now is the time to act. Whether you’re looking to modernise your engineering calculations, automate legacy workflows, or simply want code you can trust, I’d love to chat. Proven solutions and expert guidance are available to help you take control of your Excel environment and reduce risk.

References

[1] Spreadsheet governance in practice
[2] Data governance solutions overview
[3] Spreadsheet risks and mitigation
[4] Data governance tools in 2025
[5] Spreadsheet governance use cases
[6] Data access governance solutions
[7] Best spreadsheet alternatives
[8] AI, spreadsheets, and information security governance

Appendix A: Spreadsheet Risk Management—Personas, Criticality, and Compliance

Spreadsheet risk management is not a one-size-fits-all discipline. The risks and necessary safeguards depend on two fundamental factors:

  • User Persona: The skills, habits, and experience of the person building or maintaining the spreadsheet.
  • Workbook Criticality: The importance of the spreadsheet to business operations, decision-making, and compliance.

Matching Controls to Context

Persona/Skill LevelFeatures UsedSuitable Workbook Criticality
BasicSUM, IF, AVERAGELow
IntermediatePivotTables, VLOOKUP/XLOOKUPModerate
AdvancedLET, LAMBDA, PythonHigh
  • Basic users working on low-risk tasks should use simple formulas and minimal controls, treating Excel as a scratchpad.
  • Intermediate users handling moderately important workbooks can benefit from features like PivotTables and lookup functions, with some validation and peer review.
  • Advanced users developing high-criticality models should leverage advanced features (LET, LAMBDA, Python) and adhere to rigorous controls, documentation, and governance.

Regulated Environments: Compliance is Non-Negotiable

In sectors such as finance and healthcare, spreadsheet risk management is not just about best practice—it is a compliance imperative. Regulatory frameworks may require:

  • Audit trails
  • Access controls
  • Formal validation and documentation
  • Regular review and attestation

These requirements mean even highly skilled users must operate within strict governance frameworks, and organisations must be able to demonstrate control over critical spreadsheets at all times.

The Evolving Landscape: AI and Next-Gen Tools

As AI capabilities and Excel-compatible solutions (like Quadratic) evolve, they introduce both new opportunities and risks:

  • AI-powered features can automate validation, error detection, and even formula generation, but also increase the risk of opaque logic and unintended consequences.
  • Modern platforms such as Quadratic offer granular versioning, integrated testing, and better collaboration, aligning with emerging requirements for AI governance and risk management.
  • Organisations must ensure that as they adopt new tools and AI-driven workflows, they update their risk and compliance frameworks accordingly.

Appendix B: EuSpRIG 2025 Speaker Summaries

The EuSpRIG 2025 conference featured a diverse range of experts presenting on spreadsheet risk, governance, AI, and education. Below is a summary of key speakers and their sessions, ordered alphabetically by surname:

  • Peter Bartholomew – “Excel … a Replacement for the Spreadsheet”
    Examined whether modern Excel, with its new features and integrations, is evolving beyond the traditional spreadsheet paradigm, and what this means for users and organisations.

  • David Benaim – “10+ New Excel Features Which Reduce Spreadsheet Risk”
    Showcased over ten recent Excel features designed to reduce spreadsheet risk and improve productivity, demonstrating practical examples and their impact on real-world spreadsheet use.

  • Dr Mária Csernoch & Dr Ádám Gulács – “The Essence of Sprego: A Programming Oriented Method for Teaching”
    Introduced “Sprego,” a structured, programming-oriented method for spreadsheet education aimed at reducing errors and enhancing computational thinking.

  • Angela Collins & Dr Simon Thorne – “Spreadsheet Nightmares: Lessons from the EuSpRIG Horror Stories Corpus”
    Presented a series of real-world spreadsheet “horror stories” collected by EuSpRIG, extracting key lessons and recommendations for avoiding similar pitfalls in practice.

  • Prof. Tom Grossman – “AI Spreadsheets and the Wall”
    Discussed challenges at the intersection of AI and spreadsheet modelling, focusing on the tension between AI-generated solutions and business logic, regulation, and trust.

  • David Lyford-Tilley

    • “Making the Magic Bracket Happen” — Delved into advanced Excel techniques and the “magic bracket,” exploring innovative ways to streamline complex calculations and reduce errors.
    • “The Wizard of ORs? Or ‘Excel and its many languages’” — Explored Excel’s expanding ecosystem of languages and extensions, highlighting both innovation opportunities and risks of fragmentation as users adopt new tools.

  • Matt Parker – “A Misguided User’s Adventures in Spreadsheets and Terrible Python Code”
    Renowned mathematician and author whose comedic take on computation was both entertaining and a stark reminder of the human factor in (bad) coding / spreadsheet risk. He also explored the mathematics behind the Dobble game, providing an engaging illustration of how complexity can creep into even the simplest systems.

  • John Yeldham – “Making up with language and models: bringing together financiers and modellers”
    Emphasised the need for shared language and standards to bridge gaps between finance professionals and technical modellers, ensuring models are both sound and practical.

  • Dr Simon Thorne – “Generative AI tools for spreadsheets – a critical review”
    Critically examined the promises and pitfalls of generative AI in spreadsheets, stressing the importance of transparency and user education as AI features become more widespread.

  • Dr Simon Thorne & Dr Advait Sarkar – “Combining Test-Driven Development and Large Language Models for Reliable Code”
    Demonstrated how applying test-driven development alongside large language models can improve spreadsheet reliability and mitigate risks.

These presentations collectively highlighted the conference’s core themes: the necessity of strong governance, the evolving role of AI, and bridging gaps across disciplines and user expertise.

Note: Due to time zone differences, I was unable to attend the last two talks and the panel discussion.

Appendix C: Excel Usage and End-User Computing in Organisations

  • Microsoft Excel has 1.1–1.5 billion users worldwide as of 2025, representing over half of all spreadsheet users.
  • A 2019 study found that 54% of businesses globally use Excel for core business functions.
  • Excel is deeply embedded across a wide range of industries—including finance, engineering, sales, education, and more—serving as a critical tool for analysis, reporting, and decision-making.
  • Microsoft 365, which includes Excel, is adopted by over two million companies globally.
  • Excel’s ubiquity highlights both its power and the significant risks associated with end-user computing in organisations.