The Ultimate End-User Computing (EUC) Checklist

Do you have the right EUC controls (and evidence of those controls) in place heading into 2024?

In a world where employees leverage user-centered applications (like Excel, Access, Python, and other democratized tools), IT departments worry about encroaching risks — and for good reason. It’s time to create a more flexible, informed, and efficient EUC  management framework. Our comprehensive checklist can help with:

• Defining and categorizing your company’s end-user computing controls and risks based on business impact
• Establishing the necessary controls needed to manage and monitor those EUCs
• Evidencing that your controls, monitoring, and reporting are in place and effective

Why do you need The Ultimate End-User Computing (EUC) Audit Checklist?

End-user computing (EUC) refers to any application supporting a critical process that is developed or managed by end users rather than an IT department or professional software engineering team.

And though they can be wildly useful in helping teams boost efficiency in their everyday work, they are seldom managed with the same governance protocols or security checks that IT departments maintain in their custom applications. Because of their financial, operational, regulatory, and reputational impact, it’s highly likely you’ll be asked about your EUC management program in today’s business environment. But which answers do you need to have at the ready to confidently say, “I have an effective EUC policy in place?”

This checklist helps you prepare to answer every question.

What You Will Learn

In The Ultimate End-User Computing (EUC) Checklist, you will gain a comprehensive understanding of the key questions and strategies you should be using to evaluate your current EUC risk management framework. You can expect to learn every step and consideration you’ll need to:

Managing EUCs controls is not just good practice – it is regulated.

From the perspective of the financial services industry, three pieces of regulation in particular – BCBS 239, Model Risk Management Principles for Banks (SS1/23) Model Risk Management Comptroller’s Handbook, and Solvency II – have set the stage both for specific EUC control issues and for the wider expectations on data quality.

What kind of EUC controls and objectives should you have on your radar?

This checklist gives real-life examples of some of the EUC controls you may need to have in place, inspired by PwC’s early list of requirements to demonstrate spreadsheet control to meet the need for compliance with Sarbanes-Oxley legislation. The objectives defined during this intensive period of controls implementation have now become standard elements for later spreadsheet control projects initiated under many later regimes, such as MIFID1 &2, Dodd Frank, CCAR, OCC Model Risk, COSO 2013, PCAOB Alert 11, UK PRA, Basel II, Solvency 2 and NAIC model audit rules. Some of the controls covered include:

The average enterprise contains 4-10 times as many shadow IT applications as corporate-managed apps

(Which means EUC risk is hiding in more places than you think) 

Flexible, customizable technology can help you automate governance, scan files according to your EUC risk criteria in near real-time, and give your executives and stakeholders greater insights simultaneously. Take the first steps towards conquering Shadow IT and End-User Computing (EUC) management today.

Download the Checklist