Overview of End User Computing (EUC)

Riskpro India’s review of EUC(End User Computing):

1. Riskpro India develops EUC/ IPE Framework and Gap Assessment against best practices relating to EUC/IPE using Control policy.

2. We help with EUC Risk Assessment by testing of majors EUCs and preparing audit report with results and recommendations.

3. We develop critical risk reporting templates for various committees and senior management.

Audit of End User Computing (EUC)

What is EUC Risk? EUC risk is the risk of financial losses due to improper use of end-user systems. EUC refers to systems such as spreadsheets, databases, and end user-developed code and models. Spreadsheets are everywhere. Example: Consolidation Spreadsheet. One EUC or 10 EUC?

Auditing EUC 1. Evaluate the use of excel files and non-controlled data sources. 2. Inventory: How many and how complex are these sheets? 3. What are the significant risks of these EUCs?

European Spreadsheet Risks Interest Group (EuSpRIG) Uncontrolled and untested spreadsheet models, therefore, pose significant business risks. These risks include lost revenue and profits; mispricing and poor decision making due to prevalent but undetected errors; fraud due to malicious tampering; and difficulties in demonstrating fiduciary and regulatory compliance. "These risks are ignored due to a widespread failure to inventory (keep records of), test, document, backup, archive, and control the legions of spreadsheets that support critical corporate infrastructure," says the site.

EUC/IPE Project Methodology - What will be covered

Riskpro Methodology: 1. Develop EUC/IPE Framework- In this method, GAP Assessment against best practices relating to EUC/IPE. EUC and IPE control policy framework is developed. 2. EUC Risk Assessment- Inventory of EUC across the Company, Identification of owners, purpose, criticality, and linkages to overall business objectives and Testing of majors EUCs and preparing audit report with results, recommendations is covered in this methodology. 3. IPE Risk Assessment and Auditing- This methodology includes Inventory of critical IPE, both financial and operational. Auditing and testing of major IPE with respect to source data, the configuration of input filters, and parameters is another major task done in this methodology. After completing this Summary of Testing results are produced. 4. Reporting and Training- In this method Critical Risk Templates is created for Senior Management and Various Committees. Half-Day training on best practices related to EUC and IPE is done.

EUC Project Components

Minimum Standards:

• Version control
• Change control
• Access control
• Business Recovery
• Documentation and Testing

Automation Of EUC:

• Criticality
• Scope for error
• Impact on Financial Reporting

How Riskpro can help?

Riskpro can assist you with any of the above services. For more details, please email info@riskpro.in