Why have an EUC Health Check?

Many of your enterprise’s most important business processes rely on spreadsheets, but they also can create serious risk.

The hidden EUC risk you need to reveal

Many of your enterprise’s vital business processes depend on key applications developed and maintained by your business users, but hidden outside of IT’s control.

These include models, tools, calculators, and spreadsheets, the last usually making up 70-80% of an End User Computing (EUC) estate. Other highly used application types include Python®, R®, MatLab®, SAS®, Access DB and RPAs, and more.

Errors within these spreadsheets and other EUC assets create risk for your enterprise. By running a comprehensive Health Check using the ClusterSeven Shadow IT Manager, you can automate the discovery of those assets, learn how to risk-assess them, and then store them in an active inventory as part of your ongoing business-as-usual continuity process.

6 benefits of an EUC Health Check

Uncovering the full extent and risk associated with these key EUCs within an organization is practically impossible if done manually, devouring huge amounts of labor and time. With our Health Check, you’ll automate the process and save time and costs while eliminating error.

PRA's CP6/22 Model Risk Management - Principle 1

Automate discovery

By automating the discovery process, you’ll quickly uncover the “shadow IT” assets across your enterprise, which can run into the hundreds or even thousands.

PRA's CP6/22 Model Risk Management - Principle 2

Risk assess spreadsheets and files

Assess them for risk level and technical complexity and flag any to monitor as part of your Operational Resilience or CCPA program, for example.

PRA's CP6/22 Model Risk Management - Principle 3

Discover connections

Learn how your EUCs connect with other EUCs and IT applications so you’re able to fully map the network of End User Computing assets and applications.

Number 4

Rank and sort by risk level

Health Check automatically ranks and sorts your high-risk files for further triage in your initial inventory, based on the filters you put in place.

Number 5

Automate version control

Automate version control processes when it comes to key EUC applications, eliminating duplications and errors.

Number 6

Assess your inventory

Prepare your initial inventory for BAU (Business as Usual) review, so the company can decide which assets to archive, remediate, monitor or replace going forward.

ClusterSeven will nondisruptively scan your network to locate all your Excel® spreadsheets and other EUCs, including Access® databases, in three main process steps:

  1. The ClusterSeven Light Scan rapidly records basic file properties across a large volume of files for a a high-level understanding of the EUC estate.
  2. The ClusterSeven Consolidation process detects files that are previous versions of other files, showing where a file is being routinely used and likely important.
  3. The ClusterSeven Deep Scan records a richer portfolio of file properties such as data link analyses requested by the USA OCC.

We’ll build an EUC inventory, with additional configuration for initial client-specific requirements and metadata.

Your Health Check will assess files for two types of risk: Technical and Materiality.

  • The Technical Risk Assessment will cover a high volume of files and is automatically calculated based on your risk appetite, using over 60 risk rules for risk profiles you can customize to your requirements, such as for security policies.  We’ll also report on the Access Control Lists and protection settings associated with the files to highlight potential vulnerabilities.
  • The Materiality Risk Assessment is based on the business significance of the file (using criteria for operational, financial and regulatory importance), with a Materiality Risk Score for each file based on the firm’s risk appetite/rules.

A small number of EUC files will be registered for active management by ClusterSeven to assess the integrity of associated operational processes over a set time. Active management will detect, record, and report on changes to these files in terms of security, structure (formulas, macros, et cetera) and data. You’ll be shown how these changes may be filtered to promote the detection of anomalous changes – or lack of changes – that might corrupt the purpose of a business process.

Health Check will also produce a selection of control reports that have been developed in line with published auditor standards and common internal EUC policies to assist stakeholders in assessing their conformance against these requirements.

Who’s using ClusterSeven to manage their spreadsheet risk?

Click on the client logos below to see each Case Study.

jh-logo-white
armour risk logo white
ASI-Stacked-Logo-Positive-mono_white-1-e1520348894114
SMBC
Blackrock-small
rabobank-logo-black-and-white

Uncover your Shadow IT risk with a ClusterSeven Health Check

A comprehensive ClusterSeven Health Check will automate EUC discovery, risk-assess them, and store them in an active inventory as part of your ongoing business-as-usual continuity process.

Related resources
White papers, ebooks, blogposts and more that explore EUC risk management and MRM.

View all

Want to manage hidden EUC risks?  Start here.

With ClusterSeven, take control of the End User Computing assets hidden across your enterprise that can create hidden risk.