Why is EUC Data Governance Important?
Global Regulatory Focus
Regulators worldwide have recognized EUC data governance as a key gap in many companies and have placed increased scrutiny in this area. This is especially true in financial services. Regulators are continually levying fines or building end user computing (EUC) specific regulations.
In the past 12 months alone, these regulators have issued fines or new data governance requirements for financial services firms.
OSFI-BSIF
OCC
BaFin
FDIC
High profile failures have led to major consequences, including fines and reputational damage for some of the world’s largest institutions. For example, Citibank was fined $400M and served a cease & desist order. Failure with Citibank’s EUC data governance program was explicitly stated as one of the major reasons for the action.
View OCC Cease & Desist for Citibank
(Data governance findings start on page 8)
Increased Risk Exposure
EUC data governance requires continuous focus given the shifting user environment and regulatory landscape. Data governance program gaps can leave companies exposed to failure with major financial and reputational impacts. For example, JP Morgan’s $6B loss in the London Whale incident was in part due to:
- Spreadsheet mismanagement
- Manual processing reliance
- Inadequate reviews
How Can Technology Help with EUC Governance?
Critical Areas for Technology Enablement
Applying automation to an EUC data governance program provides enhanced controls for two areas with the highest risk exposure.
- EUC Profiling:
Ensuring an accurate and ‘noise free’ EUC Inventory by profiling and ranking each EUC based their inherent risk characteristics. - Spreadsheet Controls:
Automating change management, version control, error identification, and approval workflows increases efficiency and accuracy.
Staying One Step Ahead
The rapidly changing landscape demands companies to stay up-to-date in their internal policies and enabling technologies.
- New EUC Applications/ File Types
Applications like R, Python, MATLAB, Alteryx, and data analysis tools (e.g. Power BI) are increasingly utilized across business for critical processes. These all fall under the scope of EUC programs. - Focus on EUC Retirement & Alternatives
Regulators are focused on migration of EUCs into IT-manage alternatives. This means the EUC program must adapt to incorporate identification of alternatives and EUC retirement frameworks. - Data Lineage and Process Risk: EUC risk is no longer simply a product of a file’s internal structure and complexity. Risk assessment must incorporate data lineage and involvement in high- risk company processes to gain a holistic view of the program.
EUC Data Governance Solutions
Reduce Risk, Increase Efficiency & Program Auditability
Using technology to manage an EUC data governance program decreases risk. It also results in saving time for end users and having a program that stands up to regulatory scrutiny.
- Automates tracking of critical changes
- Ensures comprehensive and accurate EUC inventory and controls
- Increases efficiency by saving time and resources
Systematic vs. Manual EUC Data Governance
Applying automation provides greater ROI vs. reliance on manual processes that are inefficient and more prone to error.
Taking Control
Take the first step in controlling spreadsheet risk by defining a comprehensive spreadsheet policy. Apparity’s team of experts have developed a best practice spreadsheet policy guide to get started.
