Organizations are increasingly aware of the risks user developed applications pose to their business. End user computing (EUC) tools, like spreadsheets, allow users to quickly develop and test business and financial scenarios. Organizations are often surprised by the sheer number of important business processes supported by these applications. They’re even more surprised to find that IT does not understand, track or monitor these applications.
The development and effective implementation of an “EUC policy” is the appropriate solution. However, the very EUC users, often called the 1st line, can cause them to fail for predictable reasons.
Here are five typical examples.
1. The Dreaded Inventory
Creating and maintaining an accurate inventory of user- developed applications is the obvious foundation of any successful EUC risk management program. Can developing a list be that difficult? Unfortunately, too many projects fail at this first step. Most organizations will have thousands and thousands of old spreadsheets sitting on their file shares.
Each user may develop and use dozens of spreadsheets and similar homegrown applications in any given year. Users will baulk at the extra work required to log all these applications and answer long questionnaires for each. Out of date inventories serve no one and will quickly undermine any well intentioned EUC program.
Apparity’s powerful desktop technology allows users to scan their own files to find EUCs created and modified since previous scans. This filters out noise and shows the user a shortlist to consider and assess directly in the tool. It also makes any auxiliary spreadsheets used to support the assessment process unnecessary.
If any are, in fact, important, users can quickly add descriptive color to explain its purpose. User friendly automation is proven to be effective in developing, and maintaining an EUC inventory
2. Too Many Alerts
EUC policies mandate high risk spreadsheets to be checked for modified formulas, macros, security settings, and so on. Older generation technologies struggle to discern between acceptable changes and those that present a risk. They resort to firing off warning emails and alerts to users and their management just to be sure.
Users will quickly tire of having to reassure management and audit that all is well. Users will also get mightily upset at not being given a chance to correct a fault before their bosses are notified.
Apparity’s 3rd generation technology is designed to prevent any false alerts. Users can easily check their work using our cutting edge review and comparison capabilities. All important changes are highlighted and summarized.
This gives the user a chance to change anything that is out of place or unintended. Once the user is confident in the quality of their spreadsheet, they submit a change log with commentary. The change log is passed to their manager for approval. Mistakes are caught, users are relieved, and managers do not need to confront their staff over work that is correct.
3. Too Many Software Programs to Learn
Users enjoy working in Excel. They know and understand the interface.
Oftentimes, the inventory is a separate technology used for version management or change histories. That’s three applications to learn already. Add a separate scanning tool as well and users will start to protest.
Apparity offers a complete end-to-end EUC lifecycle risk management capability that works inside Excel. Users do not need to leave their preferred interface. This means less training and more willingness to implement the needed controls.
4. Sand in the Gears
Users are busy making money for their organizations. Implementing spreadsheet controls and monitoring is often a new concept for many. Users will worry that these new procedures will slow them down, cause more work, risk crashing their spreadsheets and similar.
Apparity is developed from the ground up to ease those fears. Our desktop technology works inside Excel, providing a seamless and user friendly experience. Users are empowered to easily verify their inventory is complete. Apparity can also be used to ensure that errors have not slipped into the latest version of a critical workbook.
It even helps to identify and reduce bloat, i.e. Excel thinking a spreadsheet is far bigger than it is, resulting in slow downs and even crashes. Faster operation, familiar interface and helpful capabilities help to ensure users buy into your EUC program.
5. I Have to Do It Again?
Nobody enjoys completing the same task twice. But that is often the case with older generation EUC risk solutions.
These monitor changes to a file but the results are often housed in proprietary databases that are difficult to access. This means management and auditors cannot see the EUC program’s status. This can result in users having to manually summarize statistics into the company’s GRC platform.
Apparity’s powerful server-based technology aggregates audit trail data, which is accessible through out-of-the-box reports. Apparity can also pass summary data to other systems for downstream reporting (RSA Archer for example). This ensures accurate reports and removes need for redundant and duplicate work by the users.
Achieve EUC Program Success
Apparity’s 3rd generation EUC risk management suite is designed from the ground up to be user friendly. This includes everyone from 1st line business users, management, and audit to even regulators. This ensures adoption and usage by everyone across the organization. It also helps to ensure your EUC program becomes “business as usual” and self-sustaining.