Thursday, July 11, 2024

End User Computing Governance Framework

Don't Miss

Guided Implementation : Understand And Match Your Corporate Prioritiesproposed Time To Completion: 1 Week

DAMA International Presents: Data Governance for End User Computing

Step 2.1: Understand and match your corporate priorities

Review findings with analyst:

  • Develop a list of corporate priorities

Then complete these activities

  • Use the corporate priorities questionnaire to determine your organizations focus
  • Brainstorm corporate priorities as a group
  • Interpret the results of the corporate priorities questionnaire
  • Develop a list of key performance indicators that track to your identified priorities

With these tools & templates:

Phase 2 Results & Insights:

  • Different kinds of risk require different responses, but not necessarily from the end-user computing manager.
  • If you do not bother to track your end-user computing improvements, it will be like they never happened.

Euc Remediation For Financial Services Companies

End-user computing applications such as Microsoft Excel and Access have been an essential part of many operations in the financial-services industry, allowing end users to manage, control, and manipulate data quickly and efficiently. These applications features make end-user computing appealing and critical to business structures, but also pose various challenges and risks, including:

Large financial institutions depend on many thousands of EUC applications, and more than a trillion dollars worth of computations are done using Excel each year. Any application that leaves system-based processes in the hands of an average user poses huge risks in key functional areas such as:

  • Month-end processes and adjustments: Converting local book balances to U.S. GAAP, tax adjustments, suspense clearing, custody fees, and P& L attributions
  • Accounting: Recording business expenses, rewards, purchase orders, and interest payments
  • Analytics: Analyzing profitability, FINRA, Basel, cost of credit, etc.
  • Accrued expense adjustments: Handling fee computations, invoicing, etc.
  • Regulatory reporting: Documenting 10K/10Q, FFIEC, FRY, liquidity updates, 4G/5G reporting, LCR, NSFR, borrowing capacity, and cashflow
  • Taxation: Managing sales tax estimation, 1042 tax reporting of taxable corporate action events, and withholding totals

A Traditional It Persona Analysis Has Its Strengths It Is Useful For The End

Application Persona
  • Delivers immediate value
  • Addresses the end-user computing managers duties at the most basic level providing support to IT for specific applications
  • Relatively scalable, easier to conduct in larger organizations
  • IT is typically more familiar with the applications they have to support than with employee roles
  • Difficult to conduct at scale
  • It can be difficult to shoehorn users into personae especially at the more senior level, single-member personas can emerge

Applications will be dictating policy, and not the other way around. Kirk Schell, SVP Commercial Client Solutions, Dell

You May Like: Federal Jobs Kansas City

Enterprise Versions Of Vdi Have Been Around For Years And Vendors Are Quick To Extoll Their Products Various Virtues

There is more to VDI than the marketing pitch, however. In many cases, its a complicated and expensive transition, and, like all business decisions, it needs to be carefully examined from a value perspective.

  • Is VDI a solution to a non-existent problem?
  • If your problem is real, is VDI the best, most economical way to deal with it?
  • This is the year of VDI! Every analyst/vendor ever each year since VDI was invented

    Info-Tech Insight

    It doesnt matter if its the year of VDI. Dispassionately review the business case for VDI adoption. If it makes sense for you, go ahead and ignore media naysayers. If not, its not VDIs annual status that made it that way.

    Corporately Owned Personally Enabled: Radar Diagram

    Cost containmentAdditional employee usage could drive up costs and reduce lifecycles for COPE devices, though this is highly dependent on organizational context. Risk mitigationCOPE is a relatively safe choice from a risk mitigation perspective, the only additional risk coming from additional use by employees on their own time. ProductivityEmployees are bound to be more comfortable with their devices if they double as personal, but this is the extent of the productivity benefits.

    Read Also: What Does The Government Pay For Mileage

    Leverage A List Of Sample Key Performance Indicator Metrics

    Cost Containment
    • Cost per user to support
    • Cost per user to deploy
    • Number of support calls
    • Average time to problem/incident resolution
    • Speed of application deployment
    • Time to deploy a new PC
    • Number of endpoints in compliance with:
    • IT governance
  • Number of security incidents
  • Info-Tech Insight

    Successfully communicating the results of your project is almost as important as achieving those results, especially for your career prospects.

    Corporate Ownership: Radar Diagram

    Cost containmentUltimately, there is a device for every budget. Corporate ownership allows the organization to select its preferred devices and make that choice uniform. Risk mitigationComplete ownership allows for complete control. If risk is your number one concern, corporate ownership is an effective mitigation strategy. ProductivityCorporate ownership means no choice. While some staff will be happy with their devices, others will not. Inherently, then, there is no productivity benefit.

    Also Check: Enhanced Relief Mortgage Program For The Middle Class

    Linux Certainly Has Its Use Cases The Amount Of Control It Offers Is Unprecedented But The Work Involved Makes It Difficult To Justify

    Portability is for people who cannot write new programs. Linus Torvalds, Linux creator


    • If you want to keep your outlay costs down and have exceptional software expertise in-house, Linux can offer an extreme degree of control.
    • Linux can run on cheaper commodity hardware.
    • Linux allows exceptional control and privacy. Windows and macOS come with features that may not be relevant to every organization.
    • With Linux, if you like a feature of another OS, you can program it in yourself a sort of cafeteria approach.

    Euc Use Cases & Advantages

    The Weolcan Cloud Governance Framework

    Microsoft Excel® is one of the most common examples of End User Computing platforms readily accessible, fast, flexible, and familiar. Over time, EUCs have become essential to many financial operations, allowing users to manage and manipulate data quickly and efficiently. As such, End User Computing can be beneficial when faced with fast-changing regulations.

    With the working environment in the midst of change, EUC is also becoming particularly prevalent in organizations with remote offices and BYOD users, ensuring business continuity even when organizations have to shift operations outside of their offices.

    These features make End User Computing appealing and critical to business structures, but also make them difficult to manage and control. EUC applications arent subject to the same monitoring as traditional applications, and frequently management lacks visibility into how integral EUCs are within the company. So the advantages of EUCs have actually begun presenting risks to the businesses relying on them.

    You May Like: Federal Grants For Dentures

    Alternative Solution For Euc

    The first solution for reclaiming control is to provide a better option than office automation tools for those who work with personal data. Approximately twelve percent of employees in an organization engage in self-service data preparation using various spreadsheets, with operations and forecasting as their most frequent use case .

    Talend Data Preparation provides a more effective approach to data preparation for business users, including those that involve personal data. It tracks and traces related activities by automatically capturing personally identifiable information attributes within a data source, together with the actions taken on them by business users .

    Figure 1: Talend Data Preparation provides better self-service options than Microsoft Excel and other office applications for data preparation and for the capture of business user activities for safer control and reuse.

    Track Your Projects Overall Progress By Recording Specific Measurable Attainable Realistic And Time

    Metric Story
    Percentage of end-user computing devices purchased that are covered by the EUC. The goal of the end-user computing strategy is to bring all devices that are used to conduct corporate business under one broad strategy. Better device coverage means more success.
    Number of tools required to manage your entire EUC portfolio Planning should result in fewer tools required to manage a less diverse but equally effective array of end-user computing devices.
    Number of unmanaged devices A more comprehensive end-user computing strategy will result in more managed devices, which will help to limit risk.
    Percentage of applications that are acknowledged as part of the EUC. As you march towards EUC maturity, the proportion of your applications that will be covered by your strategy will approach 100%. Track this.

    Info-Tech Insight

    If youre not tracking your success, you might as well not be succeeding. Metrics tell a story. Make sure youre tracking the right metrics, and ensure that the story that emerges is the one you want to tell your stakeholders.

    Recommended Reading: Cash Grants For Single Moms

    Euc Management: Assessing & Controlling Potential Risk

    End User Computing risk has been an issue for as long as Excel® Spreadsheets and Access® databases have existed. Any application that leaves system-based processes in the hands of an average user poses EUC risk.

    Because of EUC risk and its potential for loss, theres a real need for End User Computing management. Effective operational risk management means being aware of the potential for risk before it even occurs. To do this, its essential for organizations to have a structure to do the following:

    • Define and establish what End User Computing risk is for the business
    • Define what constitute high-risk EUCs
    • Define additional EUC controls needed to manage the high risk
    • Establish necessary reporting and monitoring processes for oversight
    • Establish protocols for action in the case of rising risk levels or monitoring exposing exceptions
    • Establish an appropriate response

    This is a rough framework for managing EUC risk. All of it, though, must support the larger operational risk management framework. What are among the safest ways to manage and mitigate the risks of EUC applications? Taking a system-based approach to supporting the control framework, since a manual approach is inefficient and troublesome in cost-benefit and risk-reward.

    What Can Happen When You Ignore These Risks

    Governance in Hospital Base on COBIT Framework

    There are many real world examples which illustrate the quantifiable consequences that can arise from the uncontrolled use of spreadsheets. The consequences of poor spreadsheet control and management can result in:

    • Financial loss
    • Loss of reputation and/or market share
    • Vulnerability to fraud
    • Increased cost of auditing and compliance
    • Regulatory fines and penalties for non-compliance
    • Increased capital adequacy requirements

    Recommended Reading: Federal Government Jobs Las Vegas Nv

    Potential Device/os Combinations Actually Served

    • Windows 10/Desktop
    • iOS/Smartphone
    • Web App/Chromebook

    Part of our end-user computing strategy, our endpoint strategy, is also in looking at an opportunity to consolidate assets. Gina Anderson, Supervisor, IT Customer Support, City of Arlington

    Info-Tech Best Practice

    Fewer device/OS buckets are better. When IT is tasked with providing and supporting a wide array of buckets, it is more difficult to take advantage of economies of scale, more breadth of expertise is required, and, in some cases, more tools are needed.

    K Refer To Tab 7 Of The End

    Once you know how your potential device options stack up, review tab 7 of the tool to see how many applications each device/OS combination can effectively serve.

    • In this example, a hybrid or laptop running Windows 10 could meet both PowerPoint and needs, while a Chromebook, tablet, smartphone, laptop, or kiosk could only serve one of the two applications.
    • Note: the graph simply indicates what is possible, not what is recommended. Look to the next tab of the tool for details on how each device stacks up.

    You May Like: Dental Grants For Implants

    Module : Select Device/os Combinations

    The Purpose

    • Reduce the number of device/OS combinations in order to maximize efficiency.

    Key Benefits Achieved

    • Fewer device/OS combinations simplifies administration, makes work easier, and can save money.


    Collate a current app list.

    • Inventory of business applications

    Collate a future app list.

    • List of prospective applications

    Create a list of device/OS buckets.

    • Comprehensive list of supported device/OS combinations

    How To Manage End

    Establish cloud governance and compliance | Cloud Adoption Framework Series

    Most organizations fail to recognize that EUC apps fall under the purview of data governance. However, with the GDPR, any organization that deals with EU data has to take note of such apps and act immediately to ensure compliance.

    Here are a few steps to managing EUC applications:

  • Draft policies Data governance, along with legal and compliance, needs to draft policies that include these apps under data protection standards. They should also recommend that EUC apps not contain sensitive personal data in the future.
  • Take stock EUC application management is challenging because most of these apps are standalone and often hidden. Compliance teams may not even know that such apps exist. Data governance needs to create an inventory of these apps to enforce data protection.
  • Analyze data After EUC apps are identified, it is important to analyze data to see if there is any sensitive information in use. For example, using special categories such as race, age, etc., are direct violations of the GDPR. Appropriate remediation needs to be taken.
  • Establish data protection standards After identifying the EUC apps and understanding the manner in which they use data, organizations need to establish data protection mechanisms, such as masking fields to conceal identity, when required.
  • Bring EUC to IT The long-term goal for organizations should be to avoid using standalone EUC apps, and eventually bring them under the IT head so better monitoring and support is available.
  • Also Check: Las Vegas Gov Jobs

    End User Computing Risk

    End User Computing risk is more prevalent than many might admit. Since data produced by EUCs is trusted by management and other end-users as a basis for integral business decisions and reporting, its essential that these EUC assets are effectively monitored and managed.

    As End User Computing applications become more complex, the potential for EUC risk also increases. But as weve grown more accustomed to using spreadsheets to house confidential data, weve also become less aware of how these EUC tools come with risk.

    When EUCs are critical to financial operations, if a spreadsheet or database has thousands of lines of code, receives data from other systems, uses multiple macros, or is not regularly reviewed, then youre being exposed to EUC risk. You may not know if a change has taken place or data has been altered, regardless of whether that change is genuine, unintentional, or malicious.

    Euc End User Computing

    Volume 9, Issue 1 November 2018
    In This Issue:End User Computing
    Uncontrolled End User Computing can be both a boon and a bane to your business.The following overview describes the benefits and challenges of End User Computing and how Adeptyx can help create an enterprise EUC process that incorporates the benefits of governance, support and mentoring, with the appropriate levels of security while continuing to enable innovation and bottom-line benefits.

    You May Like: Government Jobs Redstone Arsenal

    D Refer To Tab 3 Of The End

    Equilateral:If your output resembles this equilateral triangle, you have not identified any clear corporate priorities. This does not preclude an end-user computing strategy. It does, however, mean that corporate priorities will not figure into your deployment decision.

    Scalene:If your result is a scalene triangle, you have identified a particular priority that should clearly inform your deployment model. The vertex at the meeting of the two longest sides of the triangle represents the clear priority.

    Isosceles:An isosceles result indicates that the organization has two competing priorities. This means that recommendations will focus on the weaknesses of particular deployment models as opposed to their strengths.

    Euc Risk Is A Key Component Of Operational Risk

    Infrastructure Management Defining Enterprise System And ...

    EUC risk is one of the key components of operational risk. While many of the factors impacting operational risk are often outside of the control of organizations, EUC risk is manageable. In fact, EUC management not only mitigates risk, but delivers business value. Knowledge of the landscape can drive improvements in operational efficiency and improve internal standards, which is fundamental for todays cost-conscious, customer-focused businesses.

    Recommended Reading: Dispensary Silver City Nm

    Compliance And Governance Of An Euc Policy

    Asset management organizations looking to institute End User Computing policies as part of their overall operational risk management strategy will do well to bear the following in mind:

    Scope Ensure that the policy applies to and covers all business critical EUCs. Each must also be compliant with the firms broader data and model EUC governance standards and vice versa.

    Define Its imperative that the definition of an EUC is clearly understood. For instance, what type of business applications fall under the category of an EUC, what software programmes they are built in and such? Subsequently, articulating the criteria to determine what makes an EUC business-critical is key. As an example, if the output of the EUC is shared with clients, it would be deemed business-critical. Similarly, if the output of the application is fed into databases and models in other business areas, it would be considered business-critical.

    Inventory Full visibility of the business application landscape is vital. Establish where the inventory of business critical EUCs will be logged and under which individual in the organization. For example, should it be with the application owner or should the responsibility sit with Department or Team Heads?

    Annual assessment Assign responsibility of at least an annual assessment of the EUC landscape to the Heads of Departments. A simultaneous review of controls will also help confirm that the EUC policy has been satisfactorily adhered to.

    Dont Let Its Age Fool You Windows 7 Is Still A Powerhouse In The Enterprise Os Space With A Market Share Near 50%

    Unlike its predecessor, Windows Vista, Windows 7 was widely praised, with at least one critic calling it the best Windows operating system ever. What makes Windows 7 so great?


    • Windows 7 has significant market penetration because of its ease of use, and its optimization for traditional office desktop and laptop computers .
    • The wide availability of essential applications, including Microsofts Office Suite, makes Windows 7 a safe choice for enterprise.

    You may have noticed that Windows 8 is absent from this rundown. Windows 8 was an innovative, touch-focused OS that never managed to penetrate the PC market in the same way that its predecessor did. That focus on touch has survived into Windows 10, where it has found more success.

    You May Like: Entry Level Government Jobs Sacramento

    More articles

    Popular Articles