Not all Excel spreadsheets, databases, scripts or BI tools are end user computing (EUC) applications. Creating a clear definition is necessary to accurately determine those that are. EUC program owners work tirelessly to build policies and procedures, including the EUC definition. Users, auditors and regulatory/supervisory authorities alike will scrutinize this definition— getting it right is crucial.
When determining an EUC definition, common criteria include:
- The file is sufficiently complex, making errors more likely
- The impact the file has to the organization (if there are any material issues) is high
- Iterative use of the file
- IT does not maintain the file
Furthermore, program owners often face policy awareness challenges. End users often do not stay up to date on the EUC policy. Even if they do, they are typically uncertain how to scope their files against the criteria. Additionally, the definition creates significant risks if applied differently across the organization.
Program owners can mitigate these risks by:
- Utilizing decision trees
- Providing examples of an end user application
- Having direct conversations and training with business users
Additionally, leveraging technology-enabled questionnaires helps automate this process and address the next concern.
No User Engagement After Discovery Scans
For a company to include a file in its EUC inventory, the file must be sufficiently complex AND impactful.
Systematic calculations help determine file complexity. However, for file impact, the file’s users must provide an assessment. Where many companies go wrong is failing to include these user impact assessments in their program. The individual or teams who perform impact assessments must have a deep understanding of the file, namely:
- The file’s usage (month close, regulatory reporting, etc.)
- The file’s impact on the org (low to high; financial, regulatory impact, etc.)
After completing EUC discovery scans, governance and compliance teams have no way of ensuring the right users scoped the returned files. This results in highly manual, time-consuming triaging and review processes that only serve to frustrate users.
EUC risk management software helps address these issues through several ways:
- Auto-assignment of results during discovery scan setup
- Intelligent assignment of results based on file parameters like ‘Last Modified By User’
- Engaging users in assessment while they’re using the file
Inventory Becomes Stale
Companies spend great amounts of time building their initial EUC inventory, often through manual, one-time processes. Unfortunately, that inventory quickly becomes out-of-date in just six, twelve or twenty-four months.
Keeping a well-maintained inventory involves ensuring:
- Existing EUC data is accurate
- Capture of new EUCs
Additionally, regulators are more frequently requiring organizations to show consistent declines in the overall population of end user applications.
Without well-defined processes enabled by technology, users will forget to keep their EUC data maintained or register new EUCs. This leads to lower confidence in the inventory. It also causes both internal and external stakeholders to go through additional time-consuming, manual processes to refresh the data.
Technology like EUC risk management software helps address these issues via:
- Recurring scans
- Automated user engagement
- Configurable workflows
- Attestation functionality
Learn how companies should re-think their approach to EUC discovery in our upcoming webinar.
EUC Discovery Webinar
This webinar has concluded. Sign-up to be notified for future webinars.