Industrial flow management: 4 billion-dollar Excel errors

Introduction: when Excel creates financial risks—and how to take back control

In 1994, a single missing minus sign led Fidelity to distribute $2.6 billion based on an incorrect calculation, according to accounts widely cited in the literature on spreadsheet-related risks. This is not an office anecdote: it shows how manually handled data ends up driving cash decisions. On the shop floor, the same mechanism turns a “roughly right” assumption into inventory, then customer lead time, then WCR (Working Capital Requirement). Managing industrial flows therefore starts with a blunt choice: tolerate digital craftwork, or demand verifiable models.

An industrial flow links three realities that require rigor: material flow, information flow, and financial flow. A loss of synchronization between procurement, production, and shipping becomes an extra cost, then a margin loss, then a cash-flow gap. And Excel is not a “neutral tool”: it embeds a way of working with no native safeguards for traceability, testing, and version control. When a plant manages its WIP (Work In Progress) and output rates through copy-paste, it accepts a systemic risk.

The real cost of “handmade” models: errors, blind spots, and biased investment decisions

Excel scandals reveal three classes of damage—always the same: input error, structural error, governance error. The input error flips a result and changes a decision, the structural error silently distorts reality, and the governance error prevents any audit. In industry, these errors directly bias CAPEX (Capital Expenditure) and project phasing. A bad assumption on scrap rate, cycle time, or machine availability skews capacity—therefore staffing and inventory sizing.

The main trap comes from feedback loops: a poorly tuned flow degrades service level, triggers expedites, increases variability, and breaks the plan. The spreadsheet does not see this dynamic because it freezes a linear world. The outcome then shows up in metrics: OEE (Overall Equipment Effectiveness) goes down, throughput time increases, WIP explodes. Finance watches the WCR, the shop floor suffers queues, and everyone blames everyone else.

Takeaway: managing flows requires auditable models, not copy-paste

What is flow management? It is the set of rules and decisions that organize the circulation of materials, information, and money—from supplier to customer. What is an industrial flow? It is that circulation, constrained by machines, changeover times, disruptions, and finite resources. What is industrial flow management?

It is the steering of these flows within the plant and its near supply chain, with explicit rules for releasing production orders, lot sizes, buffer stocks, and bottleneck priorities.

What objectives and challenges does this discipline address? Reduce customer lead time without inflating inventory, increase output per square meter without degrading quality, and turn variability into operational robustness.

In practice, good steering arbitrates between three levers: capacity, variability, and inventory. Without an auditable model, these trade-offs rest on beliefs, then harden into “official” files. The result is not only operational: it becomes financial, then reputational.

I- Fidelity (1994): one “minus” sign and $2.6 billion going up in smoke

The cost of a data-entry error: when one cell dictates a decision

The Fidelity case is often summarized like this: a missing minus sign turned a loss into a fictitious gain, then triggered an erroneous distribution of $2.6 billion. This kind of incident appears in spreadsheet-risk summaries documented and aggregated by EuSpRIG (European Spreadsheet Risks Interest Group). The issue is not “who clicked where”: the issue is that the system allowed a critical error without control. At an industrial scale, flipping the sign on a scrap rate or a material consumption changes the net requirements calculation—then the purchase order—then the inventory.

Mini plant case,

What: an assembly line runs its supply plan based on a scrap rate manually entered by product family in a spreadsheet.

How: a value moves from 2% to -2% during an update, then a production order (PO) (Production Order) calculation “corrects” the error by under-sizing requirements.

Impact: shortage on a critical component during ramp-up (production ramp-up), overtime, late shipments, and WCR increase driven by crisis management.

What this says about industrial flow management: control, traceability, and auditability of calculations

The message is simple: if the calculation cannot be traced, it cannot be governed. A flow model must expose its assumptions, sources, versions, and tests—otherwise it creates a local truth that cannot be verified. In a plant, the decision to size a buffer stock or release a production order depends on a chain of calculations that must withstand an audit. This goes beyond IT: it affects the reliability of investment decisions and the credibility of performance indicators.

On the shop floor, the discipline is to explicitly link material flow and information flow. An ERP (Enterprise Resource Planning – integrated management software) carries master data and calculation rules, an MES (Manufacturing Execution System – production execution system) reports actuals, and a WMS (Warehouse Management System – warehouse management system) describes stocks and moves. Excel, on the other hand, behaves “as if” everything were consistent, while guaranteeing neither integrity nor uniqueness. Robust steering favors models that version and test, then systematically compare “planned” versus “actual.”

II- TransAlta (2003): a misaligned copy-paste, $24 million lost in one day

The risk of the “model that works”: silent error propagation

In 2003, TransAlta lost $24 million in a single day due to a misaligned copy-paste in Excel, according to cases recorded by the spreadsheet-risk research community, including EuSpRIG. The topic is not energy—it is the error mechanism: a tiny shift produces a massive decision. The spreadsheet allows this shift because it does not “know what the data means.” Once the file becomes a production system, the company turns a calculation tool into an uncontrolled critical system.

Mini plant case

What: a site manages replenishment parameters by part number in a master file, then used by the procurement team.

How: a sort and copy-paste shifts supplier lead times by one row, then triggers early orders for high-value components.

Impact: overstocking, warehouse saturation, higher handling costs, and cash tied up—while service level does not increase.

The factory parallel: same mechanisms, same blind spots, different consequences (inventory, lead times, cash)

The direct consequence of a bad alignment is not only inventory too high or too low. It hits plan stability and flow quality—therefore throughput time—therefore customer promise dates. In a plant, the error propagates through repeated decisions: lot size, release priority, material allocation, bottleneck sequencing. A file that “has worked for years” accumulates patches, then becomes technical debt that gets paid back in crisis.

The real question then becomes: what are the 4 types of flows?

We distinguish internal flows and external flows, then pull flows and push flows.

Internal flows cover movements and transformations within the site; external flows link suppliers, subcontractors, and customers. Pull flows trigger production from real demand, for example via kanban, while push flows trigger from forecasts and plans. Each type can work—but each can also break if the choice does not follow an explicit criterion and an accepted risk.

III- JPMorgan (2012): a non-audited formula and $6 billion in losses (“London Whale”)

When complexity outgrows the tool: formulas, versions, and missing governance

In 2012, JPMorgan's “London Whale” episode highlighted model weaknesses, including the use of spreadsheets and uncontrolled formulas, in the context of losses of about $6 billion, as reported by many media outlets and analyses. The hard point is not finance: it is the drift of a model that is too complex for its support. Once multiple versions coexist, no one knows which calculation “counts.” The organization then loses the ability to explain its own decisions.

In a plant, complexity explodes just as fast: product mix, cycle-time variability, quality disruptions, changeovers, staffing constraints, logistical unavailability. A spreadsheet treats all that in columns—therefore without dynamics or simulation. Teams compensate with macros, “homegrown” formulas, and tabs, then lose all auditability. A non-verifiable model produces a number—but it does not produce a robust decision.

The lesson for flows: if the model isn't verifiable, neither is the decision

There are flows of different natures: material flows, information flows, financial flows, and resource flows such as labor and equipment. But beyond their nature, they can also take different forms depending on the steering logic: pull or push, then internal or external. A pull flow often reduces WIP, but it requires process stability and controlled throughput times. A push flow can better utilize capacity in unstable contexts, but it can inflate inventory and make planning nervous.

The choice should not come from a debate of opinions. It should come from a bottleneck and variability analysis inspired by the Theory of Constraints, which identifies the limiting resource and aligns the rest to it. This approach then sets decoupling points, buffers, and explicit priority rules. Without that, the plant “optimizes everywhere” and improves nowhere. The result shows up in stagnant OEE and lengthening lead times.

IV- The orphan model: the Single Point of Failure (single point of failure) when the expert leaves the company

EuSpRIG: documented incidents, a known pattern, and yet repeated

The Single Point of Failure (single point of failure) occurs when a file and its author become indispensable for operations, with no documentation and no alternative. EuSpRIG documents these situations, where organizations discover too late that the “master file” contains a fragile logic no one really understands. The risk is not theoretical: it materializes after a departure, file corruption, or a failed update. The day the spreadsheet won't open, steering stops.

In an industrial environment, this stop does not look like a classic IT outage. It destabilizes releases, replenishment, bottleneck priorities, and shipping. It then creates contradictory decisions taken in parallel because everyone rebuilds “their” file. Data fragments, and the plant loses any flow coherence. The final cost shows up in useless inventory, delays, and social tension.

Breaking the dependency: standardize, version, test, and share steering rules

The way out is method. It starts with a production flow mapping using a VSM (Value Stream Mapping – value stream mapping) and, on the shop floor, a spaghetti diagram to trace movements. It continues with bottleneck identification, then WIP calculation and the definition of decoupling points. It then requires safety stock sizing, synchronizing procurement–production–shipping, and an improvement loop.

To avoid abstract debates, you need simple, actionable indicators.

Lead time measures total time from order to delivery, WIP measures work-in-process accumulation, and service level measures the kept promise. Inventory turns measure cash tied up, schedule adherence measures execution stability, and OEE measures equipment effectiveness.

The ratio of throughput time to value-added time exposes queueing waste, often dominant.

Conclusion: put industrial flow management back under control—without depending on a file or a person

The spreadsheet is not the problem—using it as a decision system is. The Fidelity, TransAlta, and JPMorgan cases remind us of a simple rule: an organization always pays the price of non-audited models, sooner or later. In industry, that price takes the form of misdirected CAPEX, inflated WCR, and unstable customer lead times. Taking back control requires explicit steering rules, traceable data, and testable models.

The comparison of levers boils down to this: if customer lead time drifts because the bottleneck is saturated, adding capacity at the bottleneck has a direct effect. If lead time drifts because variability explodes, reducing variability and stabilizing flow improves performance without over-investing. If lead time drifts because decoupling points are poorly placed, repositioning buffer stocks reduces nervousness without inflating inventory everywhere. These verdicts become reliable when they rest on a dynamic model, not a fragile sheet.

Here is a “5 deadly traps + countermeasures” checklist for the plant:

1. Optimize locally: enforce bottleneck-based steering and shared priorities.

2. Ignore the bottleneck: measure, protect, and feed the constrained resource with sized buffers.

3. Over-size inventory: define decoupling points and safety levels by variability and criticality.

4. Automate without stabilizing: reduce sources of variability, then automate moves and decisions.

5. Steer without reliable data: version, test, and audit rules and calculations—then close the door on “orphan” files.

Dillygence helps industrial companies test these trade-offs through a digital twin, to evaluate capacity, inventory, layout, and steering-rule scenarios before deployment.

FAQ — Industrial flow management

1. Why has Excel become a danger for the modern factory?

Excel is not a production tool, but a personal calculation tool. It has no native safeguards for traceability or versioning. In industry, that turns a “roughly right” assumption into real inventory, missed customer dates, and ultimately an explosion of WCR (Working Capital Requirement). Human error (a reversed sign, a misaligned copy-paste) stays invisible until the operational crash.

2. What lessons can industry learn from financial crashes (Fidelity, JPMorgan)?

• Fidelity (Reversed sign): A data-entry error can completely distort net component requirements, causing shortages and overtime.

• TransAlta (Copy-paste): A row shift can trigger orders too early, saturating the warehouse and tying up cash unnecessarily.

• JPMorgan (Complexity): When a model becomes too complex for Excel, no one can audit the decision. The plant “optimizes everywhere” but improves nothing.

3. What are the key indicators for robust steering?

To move away from digital craftwork, the plant must rely on factual, shared data:

• Lead Time: Total time between order and delivery.

• WIP (Work In Progress): Measures the accumulation of work in process.

• OEE (Overall Equipment Effectiveness): Actual equipment effectiveness.

• Inventory turns: Measures financial immobilization.

4. Push flow vs pull flow: how to choose without getting it wrong?

The choice should not be opinion-based, but driven by a bottleneck analysis:

• Pull flow: Ideal to reduce WIP, but requires a very stable process.

• Push flow: Useful in unstable contexts to load capacity, but can create planning nervousness and dormant inventory.

5. What is the “Orphan Model” risk?

It is the Single Point of Failure: the plant depends on an Excel file that only one person (the expert) can operate. If that person leaves, the steering logic disappears. The plant loses coherence, functions rebuild their own files in silos, and the flow fragments.

6. How do you stabilize a flow without over-investing?

Before buying a new machine (CAPEX), act on structure:

• Identify the bottleneck: Align all production to the pace of the limiting resource.

• Place buffers (buffer stocks): Protect the bottleneck from upstream/downstream disruptions.

• Reduce variability: Stabilize cycle times before trying to increase speed.

7. What are the 5 deadly traps to avoid?

1. Optimize locally: Improve a machine that is not the bottleneck (wasted effort).

2. Ignore the bottleneck: Fail to protect the resource that dictates revenue.

3. Over-size inventory: Stock “just in case” without measuring real variability.

4. Automate without stabilizing: Speeding up chaos only creates faster chaos.

5. Steer with orphan files: Leave cash decisions in the hands of non-audited spreadsheets.