What is End User Computing?

End user computing (EUC) is the environment and applications leveraged by the people who actually use them. It includes software and programming languages where end users create/maintain applications and models of varying complexity.

End User Computing Risks

Microsoft Excel spreadsheets, Access databases, and Python scripts are just some examples of end user applications. They are heavily used in accounting and financial reporting processes but also have reach in HR and marketing functions, among many others.

These platforms and languages have inherent risk because their lack of oversight and native controls are overlooked. They are also prone to accidental human errors and malicious manipulation by bad actors.

Over the past few decades, errors and fraud in critical EUC applications have led to monumental fines and other corrective actions by regulators.

Errors within a value at risk (VaR) spreadsheet contributes to a $6B+ loss.

Material spreadsheet arithmetic error leads to profits being exaggerated by over $5M. Conviviality collapses after losing over 60% of its stock value.

Double counting in a spreadsheet leads Marks & Spencer to issue a correction in its quarterly trading statement after misreporting group sales figures.

EUC Regulatory Compliance

Lawmakers and regulatory agencies around the world are enacting mandates targeting governance of EUC tools. These regulations impact both public and private companies across industries. Most regulations are around financial reporting and accounting processes but also expand into data privacy.

Prevalent examples include SOX 404, CECL, SR 11-7 (MRM), GDPR and many more.

Common End User Software

Originally, EUC encompassed primarily Excel spreadsheets and Access databases. It was then extended to other Microsoft Office products and comparable products from other vendors, such as Adobe Acrobat or Google Sheets.

However it has evolved to encompass programming languages such as Python, R and MATLAB, and business intelligence (BI) and data science platforms such as Tableau and Alteryx.

EUC Control Framework

The first step in managing your EUCs is to create an EUC control framework or policy. The EUC policy should define roles and responsibilities of everyone involved in the management of an EUC application. It should also define how to identify EUCs, criteria on whether they should be managed and need additional controls.

The EUC policy should also define metrics and reporting to track the efficacy of the policy and evidence controls to auditors.

EUC Controls

While it’s beneficial to create an end user computing control framework, it shouldn’t be done in isolation. Enabling an EUC policy through manual methods is often ineffective. This is compounded depending on the total EUC population. Instead, technology should be used to enable and automate the process.

Ideally EUC governance software should help you identify, inventory, control and report on your organization’s EUCs.

End User Computing Application Policy Guide

Get Started

Create or enhance an existing technology-enabled EUC policy with our best practice guide.

Apparity Cloud

Discovery Module

Active Capture Module

Registration Module

Active Management Module

EUC Risk Management

Regulatory Compliance

End User Computing Risk Management

Spreadsheet Risk Management

Model Risk Management

Shadow IT

Become a Partner

Demo

Trial Offer

Market Analyst Research

Reviews & Accolades

About Us

Leadership

Newsroom

Why Apparity?

Reach Apparity