Do you have the right EUC controls (and evidence of those controls) in place heading into 2024?
In a world where employees leverage user-centered applications (like Excel, Access, Python, and other democratized tools), IT departments worry about encroaching risks — and for good reason. It’s time to create a more flexible, informed, and efficient EUC framework. Our comprehensive checklist can help with:
- Defining and categorizing your company’s end-user computing risks based on business impact
- Establishing the necessary controls needed to manage and monitor those EUCs
- Evidencing that your controls, monitoring, and reporting are in place and effective
Why do you need The Ultimate End-User Computing (EUC) Checklist?
End-user computing (EUC) refers to any application supporting a critical process that is developed or managed by end users rather than an IT department or professional software engineering team.
And though they can be wildly useful in helping teams boost efficiency in their everyday work, they are seldom managed with the same governance protocols or security checks that IT departments maintain in their custom applications.
Because of their financial, operational, regulatory, and reputational impact, it’s highly likely you’ll be asked about your EUC management program in today’s business environment. But which answers do you need to have at the ready to confidently say, “I have an effective EUC policy in place?”
This checklist helps you prepare to answer every question.
Creating a great EUC policy is only half of the battle – you also need evidence that it’s in place and effective.
Download The Ultimate End-User Computing (EUC) Checklist for a complete list of everything you need to elevate your end-user computing (EUC) risk management program heading into 2024.
What You Will Learn
In The Ultimate End-User Computing (EUC) Checklist, you will gain a comprehensive understanding of the key questions and strategies you should be using to evaluate your current EUC risk management framework. You can expect to learn every step and consideration you’ll need to:
Get the best practices for categorizing your company’s end-user computing risks based on business impact.
Discover whether it’s time to automate and streamline your EUC management, response, and reporting.
See which evidence of your controls, monitoring, and reporting you should have in place in case someone comes asking questions about your EUC management program.
Explore examples of the appropriate controls you may need to have in place (based on the risk level) to document changes, maintain quality control, ensure continuous updates, etc.
Managing EUCs with controls is not just good practice – it is regulated.
From the perspective of the financial services industry, three pieces of regulation in particular – BCBS 239, Model Risk Management Principles for Banks (SS1/23) Model Risk Management Comptroller’s Handbook, and Solvency II – have set the stage both for specific EUC control issues and for the wider expectations on data quality.
What kind of EUC controls and objectives should you have on your radar?
This checklist gives real-life examples of some of the EUC controls you may need to have in place, inspired by PwC’s early list of requirements to demonstrate spreadsheet control to meet the need for compliance with Sarbanes-Oxley legislation. The objectives defined during this intensive period of controls implementation have now become standard elements for later spreadsheet control projects initiated under many later regimes, such as MIFID1 &2, Dodd Frank, CCAR, OCC Model Risk, COSO 2013, PCAOB Alert 11, UK PRA, Basel II, Solvency 2 and NAIC model audit rules. Some of the controls covered include:
- Change control
- Version control
- Access control
- Input control
- Development lifecycle
- Security and Integrity of Data
- Logic inspection & more
“As the requirement of regulatory reporting has grown, so has the use of EUC applications in the organization. An understanding, visibility and control of our EUC landscape is vital. ”
Keith Haylock, Director, Risk Management, SMBC Europe
The average enterprise contains 4-10 times as many shadow IT applications as corporate-managed apps
(Which means risk is hiding in more places than you think)
Flexible, customizable technology can help you automate governance, scan files according to your EUC risk criteria in near real-time, and give your executives and stakeholders greater insights simultaneously. Take the first steps towards conquering Shadow IT and End-User Computing (EUC) risk today.