Why you should be taking End User Computing (EUCs) more seriously | Kinaesis

Why you should be taking End User Computing (EUCs) more seriously

By Simon Trewin ·

Why you should be taking End User Computing (EUCs) more seriously

End User Computing tools and systems are used very successfully within all organisations to help collate, organise and orchestrate information and to fill gaps in strategic systems. They include Spreadsheets, Access Databases, Python code, SAS programmes and many more. EUCs that are critical to the business need to be identified, monitored, controlled and governed correctly especially when they are critical to regulatory reporting outputs. Both the regulators and auditors are keen for financial services organisations to govern and manage them effectively.

Recently the Prudential Regulation Authority (PRA) wrote a Dear CEO Letter. The letter focuses in on spreadsheets and other EUC applications utilised as part of the regulatory reporting process. The letter states that you need to have the proper regulatory reporting governance program in place to cover the full end to end controls over your Models, Spreadsheets, and Reconciliations, and be prepared to make the appropriate investment into the initiative.

From our extensive experience in working with large financial institutions, Kinaesis knows that a gap typically exists as to:

  • the EUCs that are known and registered for regulatory compliance purposes, with the actual EUCs that are being used.
  • how the EUC and core systems interact, often requiring detailed analysis
  • how selected EUCs can be decommissioned and hence de-risked

Kinaesis further assessed that the speed of change within organisations, resulted in EUCs being constantly created over the time. This renders a single annual attestation process for EUCs as obsolete and requires a fresh approach to the EUC attestation process.

To address these gaps, Kinaesis developed Acutect Map, and Migrate, in cooperation with a large bank to help to determine the accuracy of EUC registers and to run wide analysis across multiple departments.

Many organisations will be tempted to put EUCs into the “too hard” category and sweep the problem under the carpet. Firms need to be aware that the regulatory landscape is hardening to this approach and firms are now being made to account for their critical EUCs as part of the regulatory and audit reporting processes, by bringing accuracy to their registers and having a firm plan for addressing EUCs over their life cycle.